Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 20:40
    jeremydmiller edited #1848
  • 20:40
    jeremydmiller edited #1848
  • 16:00
    jeremydmiller edited #1848
  • 16:00
    jeremydmiller edited #1848
  • 15:56
    jeremydmiller edited #1848
  • 15:56
    jeremydmiller edited #1848
  • 15:55
    jeremydmiller edited #1848
  • 15:55
    jeremydmiller edited #1848
  • 15:53
    jeremydmiller commented #1848
  • 15:53
    jeremydmiller commented #1848
  • 15:21
    jeremydmiller edited #1848
  • 15:21
    jeremydmiller edited #1848
  • 15:15
    jeremydmiller edited #1848
  • 15:15
    jeremydmiller edited #1848
  • 15:15
    jeremydmiller milestoned #2061
  • 15:15
    jeremydmiller milestoned #2061
  • 12:29
    Hawxy opened #100
  • 08:17
    Rob89 commented #1848
  • 08:17
    Rob89 commented #1848
  • 02:31
    brucesun opened #2061
Oskar Dudycz
@oskardudycz
might be, but that's cool - you're more than welcome here :)
Shay Rojansky
@roji
Jeremy D. Miller
@jeremydmiller
@roji Since you’re here, do y’all use any kind of automated tooling to check for SemVer violations in your API surface? The NServiceBus guys have something for that, but I’ve never used that. Or I’m guess that I’m asking, could you start doing that?
Shay Rojansky
@roji
Yeah, this release made me think about that more
In general things have been a bit too lax on that front
Jeremy D. Miller
@jeremydmiller
With Newtonsoft you might be able to get away with setting a pretty permissive version range. Newtonsoft is always a risk for diamond dependency issues
Shay Rojansky
@roji
We really don't plan for another minor release before 5 so I wouldn't say it's urgent. Also, this mess was a result of us not planning to have a 4.1 originally, and deciding to do one after breaking changes were already introduced
So there are some "justifications" for why this happened
Re Newtonsoft, I don't really have any specific dependency (or feelings) about a specific version. It's true that up to now we generally target the highest version to make sure we're compatible with that
Users can always override though if necessary
Jeremy D. Miller
@jeremydmiller
Dude, I’ve got plenty of sympathy here, but y’all are a foundational library
Shay Rojansky
@roji
Yeah, I dropped the ball on this, no excuses really.
Jeremy D. Miller
@jeremydmiller
Again, I’m sympathetic as a 15 year OSS author:)
Shay Rojansky
@roji
Thanks for saying that...
Oskar Dudycz
@oskardudycz
btw. there is a nice discussion on the "Maturity Ladder" that was mentioned on the channel. https://github.com/dotnet-foundation/project-maturity-model/issues/32#issuecomment-536282845 I've also put my few cents there.
Oskar Dudycz
@oskardudycz
3.8.1 version with locked Npgsql version released
Barry Hagan
@barryhagan
Was there a reason to set the range start back at npgsql 4.0.4? Seems a little odd because 3.8.0 used npgsql 4.0.9 and nuget restore will use the lowest in range by default. People are going to get npgsql 4.0.4 if they do a clean restore with 3.8.1 now.
Oskar Dudycz
@oskardudycz
Hm, I took the lowest possible, but that's valid point
Fred
@wastaz
Tbh isnt it in general better to choose lower versions if possible. That adds more leeway for getting a good combination of versions if many things depend on the same libs.
Also, the nuget clients "take the lowest possible"-default is imho a bad default and a good reason to switch to paket who does the opposite ;)
Oskar Dudycz
@oskardudycz
Ok, I can send 3.8.2, you’re right
@mysticmind thought?
Oskar Dudycz
@oskardudycz
Barry Hagan
@barryhagan

@wastaz - taking lowest is the safest approach because you will always get that version on restore, and presumably that is the version that was tested/certified. This was the design choice by nuget probably because they don't trust anyone to follow semver correctly. We could change the spec to [4.0.*,4.1) if we want it to float to latest, but that requires trust that the dependency will not introduce breaking changes in say, 4.0.11.

That is a risk I wouldn't take. I personally don't like the idea that the npgsql version I deploy might change each time I build my app due to the transitive dependency via Marten. I want sign-off from Marten that a patch release is good by bumping the dependency version.

Shay Rojansky
@roji
Guys, PR npgsql/npgsql#2658 is out, which should bring Npgsql 4.1 back to full backwards compat
Once the build goes through you'll have a CI nuget which you can fully test
Oskar Dudycz
@oskardudycz
Ok, great! thank you
Shay Rojansky
@roji
Would appreciate it if you could test quickly, I'd really like to release this ASAP
Oskar Dudycz
@oskardudycz
I planned to make the test today afternoon
Shay Rojansky
@roji
Great!
That would be perfect
Oskar Dudycz
@oskardudycz
Sure, ping me when it's ready and I'll try to do it asap
Shay Rojansky
@roji
Will do
Oskar Dudycz
@oskardudycz
:+1:
Shay Rojansky
@roji
@barryhagan and others, your dependency version strategy is obviously up to you. However, IMHO you should definitely consider floating to latest patch release - these are quite important and extremely low-risk. I'd say there's more risk in floating those than in not.
Similarly, if not floating, in general you should be depending on the latest patch of the latest tested major/minor.
On the other hand, for minor versions it could be healthier not to float, i.e. do a full test cycle and release a new version explicitly supporting the new minor version.
Oskar Dudycz
@oskardudycz
I'm fine with floating on patch versions
with minor, historically it's safer to not allow floating
(by historically I mean my overall experience)
Shay Rojansky
@roji
Sure thing
Technically it's supposed to be OK (semver-wise) but we know how life goes
Oskar Dudycz
@oskardudycz
Although I had few times when eg. Angular Material provided breaking changes in patch version
@roji yes, exactly
Shay Rojansky
@roji
It's always possible for this to happen inadvertently. At the end of the day it's also not your fault if your underlying DB driver introduces a breaking change in a patch version...
Oskar Dudycz
@oskardudycz
Eg. MS is not following semver
Shay Rojansky
@roji
On almost all .NET stuff they do now
AFAIK
Oskar Dudycz
@oskardudycz
Ok, so maybe it is, but some weird type (like skipping the numbers etc.)
In general it's a matter of trust