On 01/02/14 19:32, Vladimir Matveev wrote:
When this API is used directly by the package, then the user *should* know about it. He's using it, after all.
There are developers (direct library users), and then distro maintainers/admins/users who need to manage libraries installed on their system. The former should know, but the others shouldn't have to think about it, yet should (must) be able to override the defaults if they need to, at least for shared libraries. Presumably we want shared libraries and static libraries to function similarly, except for whether the user chooses static or dynamic linkage.
If this API belongs to a transitive dependency, then I don't think there is an ideal solution. Either the version is pinned (like in Java world), or it is chosen by the dependency resolver.
If we're talking about pinning to an absolute version (no upgrades), then I think that's a security / bugfix issue, unless we're also talking about static linkage in that case (which is reasonable because then the bug is essentially part of the black box that is the software the user is installing, and in that case, the software maintainer is also responsible for releasing updates to fix bugs within the statically linked code.
In the former case all transitive dependencies are guaranteed to be intercompatible
Are they? What if the statically pinned version of a scanner library doesn't support the user's new scanner, there's an update to support his scanner, but it's ignored because the software allows only an absolute version number?
because these pinned versions were deliberately chosen by libraries developers.
Who are not infallible, and do/should not get to choose everything about the target system's libraries. There is also a freedom issue, regarding someone's right to implement a new version of the library, say, to port it to a new GUI toolkit.
In the latter case there is always a possibility of compatibility problems, because it is impossible to guarantee complete compatibility - libraries are written by people, after all.
Yes, but we can encourage it, just like we encourage immutability, even though we can't force everyone to use it.
Then it is the user's responsibility to resolve these problems, no one else will be able to do this.
But the user can't do this, if new libraries break old programs, or old programs won't allow upgrading.
-- Lee _______________________________________________ Rust-dev mailing list [email protected] https://mail.mozilla.org/listinfo/rust-dev
