[swift-evolution] [Review] SE-0145: Package Manager Version Pinning

Daniel Dunbar daniel_dunbar at apple.com
Wed Nov 9 12:00:51 CST 2016 

> On Nov 4, 2016, at 5:28 AM, Max Desiatov via swift-evolution <swift-evolution at swift.org> wrote:
> 
> Hi all,
> 
>> On 31 Oct 2016, at 21:23, Anders Bertelrud via swift-evolution <swift-evolution at swift.org <mailto:swift-evolution at swift.org>> wrote:
>> 
>> 	* What is your evaluation of the proposal?
> 
> -1
> 
>> 	* Is the problem being addressed significant enough to warrant a change to Swift?
> 
> Yes, this is significant problem that basically prevents SwiftPM from being used in production environment due to making builds not consistently reproducible without committing source code of the compiled dependencies.
> 
>> 	* Does this proposal fit well with the feel and direction of Swift?
> 
> No, it doesn't feel right, as it breaks existing conventions and disregards the experience with other package managers that provide .lock files by default and those that don't (npm) now have replacements that do lock by default (yarn, https://code.facebook.com/posts/1840075619545360 <https://code.facebook.com/posts/1840075619545360>).

Yarn, however, can include multiple versions of a package. We cannot, and your response doesn't acknowledge the impact of that.

Note I'm not saying I disagree with you, but this argument isn't compelling unless you acknowledge the problems particular to Swift.

 - Daniel

> 
> I also disagree with the naming of the feature (pinning) as it breaks existing conventions and makes it confusing to people coming from other environments and ecosystems. I use lockfiles (as also most of the developers I know) much more frequently (almost every day) than POSIX locks (almost never, many thanks to GCD and other high-level concurrency features in other languages for that). I'm afraid the argument about overloading doesn't convince me at all, as many terms are overloaded, but that never was a problem as an established context and conventions matter more.
> 
>> 	* If you have used other languages or libraries with a similar feature, how do you feel that this proposal compares to those?
> 
> Yes, I use yarn, CocoaPods and Carthage on daily basis, and locking dependencies by default was never a problem with those. On the contrary, I had a lot of bad experience with npm, which doesn't lock by default.
> 
>> 	* How much effort did you put into your review? A glance, a quick reading, or an in-depth study?
> 
> I tracked this proposal from the draft version and did and studied how package managers for other ecosystems has evolved. 
> 
>> More information about the Swift evolution process is available at
>> 
>> 	https://github.com/apple/swift-evolution/blob/master/process.md <https://github.com/apple/swift-evolution/blob/master/process.md>
>> 
>> Thank you,
>> 
>> Anders Bertelrud
>> Review Manager
>> _______________________________________________
>> swift-evolution mailing list
>> swift-evolution at swift.org <mailto:swift-evolution at swift.org>
>> https://lists.swift.org/mailman/listinfo/swift-evolution
> 
> _______________________________________________
> swift-evolution mailing list
> swift-evolution at swift.org
> https://lists.swift.org/mailman/listinfo/swift-evolution

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.swift.org/pipermail/swift-evolution/attachments/20161109/ada73d48/attachment.html>

More information about the swift-evolution mailing list