Attila Lendvai <att...@lendvai.name> writes: >> > IOW, if you don't want changes in your dependencies, then just don't >> update them. >> >> This does not work. >> >> You often have to update dependencies for security reasons. Got a new >> gnutls or openssl or openssh with new cyphers you need to have a working >> program — will Guile 3 get updated to support them or will you be forced >> to migrate to Guile 4 to keep your tool working? > > > fork off guile 3 into a branch, and backport those precious few > security issues that you are suggesting will pop up.
Add modern formats you have to interact with. Websockets. HTTP3. That’s why it does not work that way. What you’re suggesting is the path to automatically turn working software into legacy software by creating a constant upkeep cost to avoid becoming stale and unusable. There are sometimes actually good reasons to break backwards compatibility, but they are very, very few, and if you have an issue where you think it is an actual reason to break backwards compatibility, it most likely is not. > it's about keeping engineering debt low, so that the invested human > effort continues to give good yields. You can take the easy route for that when creating a product people do not build upon. But Guile has the official mission to be a foundation for people to build upon: „Guile is the GNU Ubiquitous Intelligent Language for Extensions, and the official extension language of the GNU project.“ — https://www.gnu.org/software/guile/ If you break backwards compatibility, you break extensions. One of the promises of Guile is: “Using any of the supported scripting languages, users can customize and extend applications while they are running and see the changes take place live! Users can easily trade and share features by uploading and downloading the scripts, instead of trading complex patches and recompiling their applications.” This only works if those scripts keep working. That’s one reason why we have to think twice how to preserve backwards compatibility. You *can* usually keep engineering debt low without breaking existing tools. Shim stuff. Build compatibility layers. And the few special exceptions where that doesn’t work usually aren’t special enough to break compatibility. Best wishes, Arne -- Unpolitisch sein heißt politisch sein, ohne es zu merken. draketo.de
signature.asc
Description: PGP signature
