From mboxrd@z Thu Jan 1 00:00:00 1970 From: Pjotr Prins Subject: Re: Guix & IPFS Date: Mon, 15 Oct 2018 16:07:20 +0200 Message-ID: <20181015140720.kwn32ygw55rfyyll@thebird.nl> References: <87r2grk5dj.fsf@ambrevar.xyz> <87lg6zfr20.fsf@gnu.org> <87lg6zjxwt.fsf@ambrevar.xyz> <87ftx7jv42.fsf@ambrevar.xyz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:46554) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gC3X1-0006Si-TT for guix-devel@gnu.org; Mon, 15 Oct 2018 10:07:40 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gC3Wy-0002Vb-QG for guix-devel@gnu.org; Mon, 15 Oct 2018 10:07:39 -0400 Received: from mail.thebird.nl ([94.142.245.5]:56928) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gC3Wy-00028V-11 for guix-devel@gnu.org; Mon, 15 Oct 2018 10:07:36 -0400 Content-Disposition: inline In-Reply-To: <87ftx7jv42.fsf@ambrevar.xyz> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Pierre Neidhardt Cc: Guix-devel On Mon, Oct 15, 2018 at 01:40:45PM +0200, Pierre Neidhardt wrote: > > I'm not much into go, but it seems, that most of the times it is safe > > to use another version of dependencies. > > This is unrelated to Go: it's safe as long as there is no API breakage. My > understanding of the IPFS project is that they don't want to make that kind of > assumptions. The real issue is that we can not assume APIs are safe. It is actually a wider problem. Every dependency is a new dimension and any combination thereof may or may not work as expected. Things break. This is why running tests is so important. If tests pass you can make an assumption that at least the tested stuff works. To be best theoretical approach is to use the exact same version developers are using. But that is not even realistic because dependencies themselves may be developed on different versions ;). I.e., these are different teams of developers. We can just hope the combination of dependencies we have works. This is why distributions like Debian have such a long testing cycle. They want to test the combinations of dependencies through and through. Users of unstable and testing are the actual testers. Stable API's? Hmmm. Some are better than others. For deployment, to fixate dependencies, guix channels offer a great solution. GUIX_PACKAGE_PATH with a fixated guix tree also works. Guix as a rolling distribution generally works, but we are using untested combinations of software. And once in a while you hit a problem. The GO people have their own solution for fixating dependencies to avoid this problem. I don't think it is a bad one, only problem it is that they created their own ecosystem. Pj.