On Fri, Jan 31, 2014 at 1:05 PM, Tony Arcieri <[email protected]> wrote:
> IMO, a system that respects semantic versioning, allows you to constrain > the dependency to a particular *major* version without requiring pinning > to a *specific* version. > > I would call anything that requires pinning to a specific version an > antipattern. Among other things, pinning to specific versions precludes > software updates which may be security-critical. > > It's perfectly reasonable to require a certain *minor* version, since minor versions (in semver) can include API additions that you may depend on. Also, nodejs and npm supposedly support semver, but it's impossible to enforce library authors actually do this, so you'll get libraries with breaking changes going from 1.1.2 to 1.1.3 because reasons.
_______________________________________________ Rust-dev mailing list [email protected] https://mail.mozilla.org/listinfo/rust-dev
