-
Notifications
You must be signed in to change notification settings - Fork 463
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix GaussianFilters dependency requirements #33273
Conversation
GaussianFilters had a compatibility entry for its distributions dependency that was NOT specified in the package itself, but ONLY in G/GaussianFilters/Compat.toml. AFAICT this had been automatically added. This needs to be removed so that GaussianFilters can coexist e.g. with Distributions@0.24.15
We don't generally encourage or allow unbounded compatibility. It doesn't make sense to say that GaussianFilters does not require any specific Distributions version: you can only say that for Distributions versions that have been released so far. If Distributions makes a breaking release tomorrow that breaks GaussianFilters then this will cause people to have a broken configuration. That said, Distributions is largely at fault here because it has not yet made a stable 1.0 release so every feature release is potentially broken according to semantic versioning, even if it doesn't break anything. |
So the correct version of this change is to bump the upper bounds on these dependencies rather than deleting them. |
I can see your point. IMO there is only one proper fix: To make all libraries >v1.0.0 (this does not affect applications/non-dependencies). Version 1.0.0 defines the public API So this is indirectly required by SemVer already anyway. This also makes a lot of sense regarding versioning semantics: I also wanted to stress how very unpleasant the "hidden version requirements by the package registry" is:
TL;DR: My goal is to achieve >v1.0.0 for every public (registered) library in the Julia ecosystem (by convention). Easter holidays are coming; I'm going on a crusade.
Sorry for the long rant; feedback/discussion is always very welcome. Please don't read this in an accusatory tone-- I have just been bitten by this a few times already but I'm otherwise deliriously happy with Julia, its package system and the whole ecosystem in general (y'all did excellent work 👍); I'm just trying to help. |
There was a longish discussion about this on the JuliaLang Slack yesterday if you care to check it out. Forcing everyone to go to 1.0 was discussed, but seems pretty disruptive. Urging packages to go to 1.0 is good, of course. If they won't do that, then they should use |
GaussianFilters had a compatibility entry for its "Distributions" dependency that was NOT specified in the package itself,
but ONLY in G/GaussianFilters/Compat.toml.
AFAICT this had been automatically added.
This needs to be removed so that GaussianFilters can coexist e.g. with Distributions@0.24.15
On a sidenote:
This was incredibly frustrating to hunt down because GaussianFilters itself DOES not require any specific "Distributions" version.
It took forever to trace this back to the registry itself.
/rant
Dependency requirement management is just fundamentally broken (by concept) whenever packages use pre-1.0.0 versions, because it becomes impossible to express forward compatibility ("we need Distributions@v0.X, with X >= 23"), and thus requires ALL dependents to change with EVERY minor release of EVERY dependency (or to not specify dependency requirements at all).
I realise that this is how semantic versioning semantics are, but the resulting workflow is just broken.