[rust-dev] Deprecating rustpkg
leebraid at gmail.com
Fri Jan 31 16:03:17 PST 2014
On 31/01/14 23:03, Tony Arcieri wrote:
> Can anyone point to a real-world example of a dependency resolver
> which can produce solutions which may-or-may-not contain multiple
> versions of the same library?
This would be counterproductive. If a library cannot be upgraded to
1.9, or even 2.2, because some app REQUIRES 1.4, then that causes
SERIOUS, SECURITY issues.
The ONLY realistic way I can see to solve this, is to have all higher
version numbers of the same package be backwards compatible, and have
incompatible packages be DIFFERENT packages, as I mentioned before.
Really, there is a contract here: an API contract. To break
compatibility is to break that contract. This is a bug, and shouldn't
happen. If you want to make something incompatible, you simply
shouldn't call it the same name as the thing it's incompatible with. No
more than you should sell a knife as a bottle-opener. They do not
fulfill the same contract, and to say they do is false advertising.
More information about the Rust-dev