Re: Dependence on specific versions
On Feb 10, 2011, at 2:49 PM, Thomas Koch wrote:
> Hi Stefane,
>
> in another thread you write:
>
>>> and that it is possible for projects to accumulate
>>> technical debt by depending on strict version numbers.
>>
>> OTOH, this is a HUGE source of instability and hard to debug bugs (as we've
> found to our expense) to depend on loose version numbers.
>
> I totaly disagree with this. One day or another you need to update to newer
> versions of your dependencies. If you're specifying strict version numbers
> then you're just procrasinating the update.
>
> Instead, you (as in all java projects) should include the expected behaviour
> of the dependencies in your test cases. How should you update them otherwise?
>
> If your test cases work with any versions of the dependencies provided, then
> your product should work.
>
> You may say that "business realities" are different. But then you tell me that
> business software just means: Software that happens to work today, but who
> knows about tomorrow?
>
> Or am I totally wrong?
Definitevely.
Only by fixing version numbers of third-party libraries can you be sure that the same build that works today will still work next week, if you redo the build on the exact same version of the sources (and Maven, and Java, of course), any operating system.
Yes, we do upgrade third-party lib versions from time to time, but only when there is a good reason to ("if it ain't broke, don't fix it").
BTW: I used to think like you 3-4 years ago when I discovered Maven, but had to change my mind due to the reality.
S.
--
Stefane Fermigier, Founder and Chairman, Nuxeo
Open Source, Java EE based, Enterprise Content Management (ECM)
http://www.nuxeo.com/ - +33 1 40 33 79 87 - http://twitter.com/sfermigier
Join the Nuxeo Group on LinkedIn: http://linkedin.com/groups?gid=43314
New Nuxeo release: http://nuxeo.com/dm54
"There's no such thing as can't. You always have a choice."
Reply to: