Hello Praveen, On Wed, Nov 30, 2016 at 03:46:04PM +0530, Pirate Praveen wrote: > Hi Lucas, > > Last upload of ruby-grape-entity broke gitlab[1][2]. Your last update of > ruby-grape also broke gitlab [3]. Please run build-and-upload script > from pkg-ruby-extras before uploading new version. If it was a stable > library with SemVer compliance we could declare more relaxed dependency > on it. But being a development version (0.x), any minor update should be > treated like a major update of a stable library. > > I already patch the Gemfile relaxing requirement for all stable > libraries. It is already very hard to maintain such a long dependency > chain. Please don't make it even more harder. > > If you are really sure that there are no breaking changes, please update > gitlab relaxing the dependency or at least inform me so we can > coordinate the upload. I support your request, and urge people uploading libraries (or anything with reverse dependencies, really) to test their reverse dependencies. *However*, looking at the diff between the latest ruby-grape-entity and the one before that, I can easily see that there are not API changes. Additionally, the only change documented as part of 0.6.0 itself is a test suite refactoring, all other changes are bug fixes released in 0.5.x releases. This tells us a few things: - SemVer, despite being a nice idea, should not to be taken to the extreme. - As I already said previously, you *cannot* assume all upstreams that do not explicitly abide to follow SemVer are insane and will just break their reverse dependencies at will. - The only reason why gitlab is "broken" by this, is because the dependencies are declared too strictly. I strongly suggest leaving breakage detection to actual functional tests. Our upstreams can get away with such strict dependencies, because they are able to pull whatrever version they want via bundler/rubygems.org, and they have full central control on what versions will be pulled. We in Debain can't get awayw with that without severely sacrificing our sanity.
Attachment:
signature.asc
Description: PGP signature