On 2020-07-24, Torsten Curdt wrote: > It still needs a person to decide to merge a PR for a new version. > So this indeed is just about the dependency upgrade policies.
Right. > But isn't that what the version definition is for? > I'd argue that 1.12.4 <-> 1.12.6 should be a compatible upgrade AND > downgrade, > 1.12.4 -> 1.20.0 not so much. As Gary pointed out else-thread most of the time we do not know how strict the team developing our dependency adheres to SemVer. Even if it was completely API compatible, we'd replace a version that worked for our users with a different version that may introduce problems. No matter how small the risk is, what is the benefit of upgrading if we don't need the new version ourselves? > But to avoid all this is why I usually try to inline dependencies for > libraries as much as possible. Basically pretending to not have any. Agreed, this is a different strategy that makes the whole question moot. > Also a point I made many times. > Just wanted to mention it - again :) ;-) Stefan --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
