Loomio

allow tiny version differences unless there is a specific bug fix we want

PP Pirate Praveen Public Seen by 42

Currently Gemfile specifies requirements as exact versions up to tiny version/bug fix version. Can this be changed to ~> x.y.z like most other gems do?

If there is a specific bug fix we need, then only we should bump the minimum tiny version.

Since Gemfile.lock can specify exact version, this will not affect any bundler/gem users but can help with debian package/possible other distro packages from patching Gemfile.

Summary: normal minor version bumps should be done via Gemfile.lock only and Gemfile should keep minimum known working version.

For minor and major version updates, it can be done in both Gemfile and Gemfile.lock.

See https://poddery.com/posts/1981852

PP

Poll Created Wed 24 Feb 2016 4:52PM

allow newer patch releases unless we know about a known issue Closed Sun 6 Mar 2016 4:37PM

Outcome
by Pirate Praveen Tue 25 Apr 2017 5:15AM

failed to get consensus

Currently Gemfile specifies exact versions of the dependencies up to hotfix releases (like nokogiri 1.6.7.2).

Allow newer patch releases by changing "x.y.z" requirement to "~> x.y.z" for stable libraries (x > 1) unless we know a newer patch release introduced a bug that affects us. In case of hotfix releases, we can add "~> x.y.z", ">= x.y.z.hotfix" so we ensure hotfix releases are covered.

Results

Results Option % of points Voters
Agree 50.0% 2 PP BC
Abstain 0.0% 0  
Disagree 50.0% 2 JH DS
Block 0.0% 0  
Undecided 0% 48 ST FS MS TS AA S CB HF BO DM GC JH JR F M EG G AX BB T

4 of 52 people have participated (7%)

PP

Pirate Praveen
Agree
Wed 24 Feb 2016 4:54PM

I should be able to update nokogiri to 1.6.7.2 from 1.6.7.1 without breaking diaspora 0.5.5.1

BC

Balasankar C
Agree
Thu 25 Feb 2016 8:04AM

Gemfile.lock for specific tiny requirements and Gemfile for major and minor seems to be a good balance.

Efforts to make installation of Diaspora easier for end users should be appreciated and supported as possible.

DS

Dennis Schubert
Disagree
Thu 25 Feb 2016 8:44AM

There are complex inter-dependencies between some Gems, even using exact hotfix releases. Some gems do not even follow semver so installations would break nonetheless. In addition, I remember some setup issues by slightly off gem versions.

JH

Jonne Haß
Disagree
Fri 26 Feb 2016 12:07PM

Users run bundle update out of confusion and we can't support the rapidly exploding variants of dependency tree's wen we're liberal about the versions required. Installing as many dependencies as diaspora has via a package manager is still utopia.

JH

Jonne Haß
Disagree
Fri 26 Feb 2016 12:08PM

Users run bundle update out of confusion and we can't support the rapidly exploding variants of dependency trees wen we're liberal about the versions required. Installing as many dependencies as diaspora has via a package manager is still utopia.

PP

Pirate Praveen Fri 26 Feb 2016 2:27AM

@dennisschubert can we do this for gems that advertize SemVer compliance and have a stable version (>= 1.0)?

PP

Poll Created Mon 7 Mar 2016 4:56PM

allow newer patch releases for stable libraries following semantic versioning Closed Mon 28 Mar 2016 4:37PM

If a gem complies with SemVer (usually declared in README) and it is a stable release (>= 1.0), allow newer patch releases to match Gemfile requirement.

ie, make it '~> x.y.z', instead of 'x.y.z'. If we need a specific patch release, we can use '~> x.y.z', '>= x.y.z.hotfix'

Results

Results Option % of points Voters
Agree 25.0% 1 PP
Abstain 0.0% 0  
Disagree 75.0% 3 JH DS SVB
Block 0.0% 0  
Undecided 0% 49 ST FS MS TS AA S CB HF BO DM GC JH JR F M EG G AX BB T

4 of 53 people have participated (7%)