Hi,
Background: recent update of ruby-addressable broke gitlab.
https://ci.debian.net/data/packages/unstable/amd64/g/gitlab/latest-autopkgtest/log.gz
Could not find gem 'addressable (~> 2.3.8)' in any of the gem sources
listed in your Gemfile or available on this machine.
Reason: Declaring tight dependency by gitlab and diaspora.
Root cause: There is no guarantee that minor updates won't introduce
breaking changes.
Solution: Semantic Versioning.
Way out: We should follow these steps when either gitlab or diaspora
appears in the reverse dependency of any update.
If it is a major version update, then it should be uploaded to
experimental first. Once compatibility with gitlab and diaspora is
tested, it can be uploaded to unstable after relaxing gem dependency in
their Gemfiles.
If it is a minor version update and it is development version (>=
1.0), follow step 1 as there is no guarantee that minor versions will
not introduce breaking changes.
If the gem follows SemVer.org, the upstream guarantees to not
introduce breaking changes in minor updates. Check list of upstreams
committed to semver first. If an upstream has not pledged SemVer
complaince, we should ask them to follow it and add it to the list.
Check if the gitlab and diaspora versions in unstable allows the
minor update from "Packaging Progress Statistics" at
http://debian.fosscommunity.in/. If it allows the minor update (~> x.y),
upload the new version to unstable.
If it does not allow, relax the dependency in Gemfile and request
upstream to relax the dependency so we don't have to maintain a patch.
gitlab has been responsive to such requests, but diaspora has not been.
I have documented these steps here
https://wiki.debian.org/Diaspora/Packaging/UpdateUpstream
Attachment:
signature.asc
Description: OpenPGP digital signature