Re: Please test reverse dependencies before uploading new versions (ruby-grape-entity broke gitlab)

To: debian-ruby@lists.debian.org
Subject: Re: Please test reverse dependencies before uploading new versions (ruby-grape-entity broke gitlab)
From: Antonio Terceiro <terceiro@debian.org>
Date: Wed, 30 Nov 2016 10:31:51 -0200
Message-id: <[🔎] 20161130123151.b5psq2nxk74tlbfn@debian.org>
Mail-followup-to: debian-ruby@lists.debian.org
In-reply-to: <[🔎] 103447d3-6719-cee5-5dcf-6295bd7dac66@onenetbeyond.org>
References: <[🔎] 103447d3-6719-cee5-5dcf-6295bd7dac66@onenetbeyond.org>

Hello Praveen,

On Wed, Nov 30, 2016 at 03:46:04PM +0530, Pirate Praveen wrote:
> Hi Lucas,
> 
> Last upload of ruby-grape-entity broke gitlab[1][2]. Your last update of
> ruby-grape also broke gitlab [3]. Please run build-and-upload script
> from pkg-ruby-extras before uploading new version. If it was a stable
> library with SemVer compliance we could declare more relaxed dependency
> on it. But being a development version (0.x), any minor update should be
> treated like a major update of a stable library.
> 
> I already patch the Gemfile relaxing requirement for all stable
> libraries. It is already very hard to maintain such a long dependency
> chain. Please don't make it even more harder.
> 
> If you are really sure that there are no breaking changes, please update
> gitlab relaxing the dependency or at least inform me so we can
> coordinate the upload.

I support your request, and urge people uploading libraries (or anything
with reverse dependencies, really) to test their reverse dependencies.

*However*, looking at the diff between the latest ruby-grape-entity and
the one before that, I can easily see that there are not API changes.
Additionally, the only change documented as part of 0.6.0 itself is a
test suite refactoring, all other changes are bug fixes released in
0.5.x releases. This tells us a few things:

- SemVer, despite being a nice idea, should not to be taken to the extreme.

- As I already said previously, you *cannot* assume all upstreams that
  do not explicitly abide to follow SemVer are insane and will just
  break their reverse dependencies at will.

- The only reason why gitlab is "broken" by this, is because the
  dependencies are declared too strictly. I strongly suggest leaving
  breakage detection to actual functional tests.

  Our upstreams can get away with such strict dependencies, because they
  are able to pull whatrever version they want via bundler/rubygems.org,
  and they have full central control on what versions will be pulled. We
  in Debain can't get awayw with that without severely sacrificing our
  sanity.

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Please test reverse dependencies before uploading new versions (ruby-grape-entity broke gitlab)
  - From: Pirate Praveen <praveen@onenetbeyond.org>

References:
- Please test reverse dependencies before uploading new versions (ruby-grape-entity broke gitlab)
  - From: Pirate Praveen <praveen@onenetbeyond.org>

Prev by Date: Re: Please test reverse dependencies before uploading new versions (ruby-grape-entity broke gitlab)
Next by Date: Re: ruby-stud_0.0.22-1
Previous by thread: Re: Please test reverse dependencies before uploading new versions (ruby-grape-entity broke gitlab)
Next by thread: Re: Please test reverse dependencies before uploading new versions (ruby-grape-entity broke gitlab)
Index(es):
- Date
- Thread