Use-cases for version ranges?

[Dalibor Topic]

On 11/18/11 12:52 AM, cowwoc wrote:
> I question whether such a mechanism is better or worse
> than depending on individual versions which may be overridden at a later
> time (a la Maven). On the one hand, you don't need to release a new version
> of the application each time a dependency is updated. On the other hand, no
> one is actually running tests to ensure that the versions are really
> compatible.

I think that it's better. Consider a directed dependency graph with N nodes. One 
of the nodes has a security issue, which gets fixed in a new release with a new 
version, so it needs to be updated to some later version. Typically, the ABI 
doesn't change in a security fix.

If you depend on the individual version, you in addition need to update all nodes 
with an edge going to the updated node, potentially recursively (since you may need 
to update the metadata to point to the updated metadata, at least). In other words,
you have a domino effect. Consider a large N, where security updates for various third 
party components don't happen on a synchronized schedule, and you potentially have 
multiple domino effects happily cascading with each other ...
https://www.youtube.com/watch?v=qybUFnY7Y8w .

cheers,
dalibor topic
-- 
Oracle <http://www.oracle.com>
Dalibor Topic | Java F/OSS Ambassador
Phone: +494023646738 <tel:+494023646738> | Mobile: +491772664192 <tel:+491772664192>
Oracle Java Platform Group

ORACLE Deutschland B.V. & Co. KG | Nagelsweg 55 | 20097 Hamburg

ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstr. 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603

Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Jürgen Kunz, Marcel van de Molen, Alexander van der Ven

Green Oracle <http://www.oracle.com/commitment> Oracle is committed to developing practices and products that help protect the environment