On Jun 5, 2007, at 8:00 PM, Andy Lester wrote:
On Jun 5, 2007, at 7:42 PM, James E Keenan wrote:
Is there any reason *not* to do so?
Yes. Second-order dependencies are beyond your control. You will
have false dependencies when an underlying module changes.
Say that Mech has dependency on HTML::Wango, which in turn has a
dependency on Test::Tango. So my dependencies are listed as
HTML::Wango => 1.00,
Test::Tango => 1.00,
SCENARIO 1: The maintainer of Foo::Wango decides that Test::Tango
is unnecessary, and does without it. He released HTML::Wango
1.02. Someone installing Mech must now install HTML::Wango and
Test::Tango, although NOTHING in the chain requires Test::Tango.
SCENARIO 2: HTML::Wango uses some new feature of Test::Tango 2.00,
and thus requires it. Your helpful list of dependencies is out of
date, because although you say that you are requiring 1.00,
HTML::Wango requires 2.00.
I think scenario 2 is quite harmless. If the user has...
... no Test::Tango version installed, then they will be properly
upgraded to the latest CPAN Test::Tango 2.00+ at the first level
... Test::Tango < 1.00, then they will be properly upgraded to the
latest CPAN Test::Tango 2.00+ at the first level
... 2.00 > Test::Tango >= 1.00 then they will pass the first-level
dependency but get prompted and then properly upgraded at the second
level
... Test::Tango >= 2.00 then they're already all set at both levels
So, at worst Jim's dependency flattening doesn't hurt in scenario 2
and would help most users.
Still, scenario 1 is the killer.
SCENARIO 3: Combine 1 & 2.
The real solution is either: 1) for the CPAN shell to use the
META.yml files to determine the chain of dependencies ahead of
time. Also, you don't always have to have the "ask" option on
prereqs. I think most people DON'T have it set to "ask".
xoxo,
Andy
I suspect this last point is wrong. The CPAN.pm default is "ask" and
we know that most of the time most people just take defaults. But,
beside that point, I think Andy is on the right track with his "real
solution".
Chris
