Overview
Up front, I'll say that I'm for adding features for version checking.
That being said, I'm concerned that we need to be clear about what version compatibility checks provide and what they do not provide. I'm also thinking we should perhaps set intricate version checking as a relatively low priority for now.
Framing
To frame the discussion, it's important to distinguish between two kinds of versions:
-
source version: the version of the project source code as published; this will typically have a 1-1 mapping to some commit identifier in the upstream version control system
-
binary version: the identifier of the package as installed; there will be a 1-N mapping from a given commit in the upstream version control system to this binary
Note that sometimes binary versions can be compatible with other binary versions. This is common to see in libraries that provide stable ABIs. These are often libraries like language runtimes installed in system directories.
Confusingly, the source version is a pretty good determinant of API changes for a given library. That is, what changed in relevant header files for C and C++. But it's a pretty bad determinant of overall backwards compatibility for a given release.
Also note that binary versions are sensitive to and can be invalidated if downstream users choose incompatible:
- Preprocessor definitions
- Language versions
- Versions of transitive dependencies
That is, it's very uncommon for a dependency to bump a major version because one of its dependencies also bumped a major version. But logically in many respects, major version bumps should require this. To pick a silly example, if boost deleted boost::string_ref (it won't), any libraries that use string_ref in their interfaces would have immediate API breaks as well. Any libraries that use string_ref in their implementations might additionally have ABI breaks.
So Why Check Versions?
I do think checking versions is a very helpful "shift left" activity for end users, though. If there is a real break, I would rather see "you need a new version of the jabberwocky library" than "undefined reference to jabberwocky::internal::EventListener::snickersnack".
Aside: I'm not sure "cannot find the jabberwocky library" on its own is a whole lot better, for the record, especially if the package manager reports that jabberwocky-devel is in fact installed. But I'll assume we can work on excellent error messages once we decide what we're supporting.
If a library maintainer is breaking something, it would be excellent to allow that to be annotated. Same if a package maintainer is breaking something. And it's frequent enough that the library maintainer accidentally breaks something (see above) and the package maintainer makes some annotations to help everyone else cope with reality.
So my current thinking is versions are annotations by project maintainers to provide good diagnostics. They are not going to provide correctness. Other tools, especially tools that manage and build dependencies, are responsible for that step. And those tools will be opaque to CPS since CPS files are an output of that dependency management and build process, not an input.
On Version Ordering
So I'm OK with versions. Especially build identifiers of some sort make a lot of sense. For very few projects like header-only projects with no preprocessor tricks and no dependencies, semantic versioning can be fairly high quality as well, though that's a very niche use case. Very stable libraries with intentionally stable ABIs would also benefit. There are a lot of usage of those, but fairly few of them in number, however.
When Is This Issue Done?
I'm thinking we should mostly deprioritize version support in getting cps-config to a minimum-viable-product except to the extent that we have practical adoption hurdles for sufficiently interesting ecosystems. If there's a champion semver that wants to do nothing but work on this, I won't be especially upset, but I think the priority needs to start at more fundamental activities like modelling graphs well, perhaps adding some pkg-config interop, and things like that. I also expect that any sufficiently advanced needs by end users can be served by being able to pin specific dependencies to specific CPS files.
So I think this issue is done if we get consensus about the priority of version ordering features in an initial release. My current thinking is versioning is a "nice-to-have" but it is not especially urgent.
We'll probably need a "forget all the version info" mode anyway, at least for troubleshooting workflows for package maintainers. We can start out developing that and explicit CPS file selection as the only supported initial modes.
Overview
Up front, I'll say that I'm for adding features for version checking.
That being said, I'm concerned that we need to be clear about what version compatibility checks provide and what they do not provide. I'm also thinking we should perhaps set intricate version checking as a relatively low priority for now.
Framing
To frame the discussion, it's important to distinguish between two kinds of versions:
source version: the version of the project source code as published; this will typically have a 1-1 mapping to some commit identifier in the upstream version control system
binary version: the identifier of the package as installed; there will be a 1-N mapping from a given commit in the upstream version control system to this binary
Note that sometimes binary versions can be compatible with other binary versions. This is common to see in libraries that provide stable ABIs. These are often libraries like language runtimes installed in system directories.
Confusingly, the source version is a pretty good determinant of API changes for a given library. That is, what changed in relevant header files for C and C++. But it's a pretty bad determinant of overall backwards compatibility for a given release.
Also note that binary versions are sensitive to and can be invalidated if downstream users choose incompatible:
That is, it's very uncommon for a dependency to bump a major version because one of its dependencies also bumped a major version. But logically in many respects, major version bumps should require this. To pick a silly example, if
boostdeletedboost::string_ref(it won't), any libraries that usestring_refin their interfaces would have immediate API breaks as well. Any libraries that usestring_refin their implementations might additionally have ABI breaks.So Why Check Versions?
I do think checking versions is a very helpful "shift left" activity for end users, though. If there is a real break, I would rather see "you need a new version of the jabberwocky library" than "undefined reference to
jabberwocky::internal::EventListener::snickersnack".Aside: I'm not sure "cannot find the
jabberwockylibrary" on its own is a whole lot better, for the record, especially if the package manager reports thatjabberwocky-develis in fact installed. But I'll assume we can work on excellent error messages once we decide what we're supporting.If a library maintainer is breaking something, it would be excellent to allow that to be annotated. Same if a package maintainer is breaking something. And it's frequent enough that the library maintainer accidentally breaks something (see above) and the package maintainer makes some annotations to help everyone else cope with reality.
So my current thinking is versions are annotations by project maintainers to provide good diagnostics. They are not going to provide correctness. Other tools, especially tools that manage and build dependencies, are responsible for that step. And those tools will be opaque to CPS since CPS files are an output of that dependency management and build process, not an input.
On Version Ordering
So I'm OK with versions. Especially build identifiers of some sort make a lot of sense. For very few projects like header-only projects with no preprocessor tricks and no dependencies, semantic versioning can be fairly high quality as well, though that's a very niche use case. Very stable libraries with intentionally stable ABIs would also benefit. There are a lot of usage of those, but fairly few of them in number, however.
When Is This Issue Done?
I'm thinking we should mostly deprioritize version support in getting cps-config to a minimum-viable-product except to the extent that we have practical adoption hurdles for sufficiently interesting ecosystems. If there's a champion semver that wants to do nothing but work on this, I won't be especially upset, but I think the priority needs to start at more fundamental activities like modelling graphs well, perhaps adding some pkg-config interop, and things like that. I also expect that any sufficiently advanced needs by end users can be served by being able to pin specific dependencies to specific CPS files.
So I think this issue is done if we get consensus about the priority of version ordering features in an initial release. My current thinking is versioning is a "nice-to-have" but it is not especially urgent.
We'll probably need a "forget all the version info" mode anyway, at least for troubleshooting workflows for package maintainers. We can start out developing that and explicit CPS file selection as the only supported initial modes.