On 11/12/2020 16.24, Joachim Durchholz wrote:
Am 11.12.20 um 10:50 schrieb Bardur Arantsson:
FWIW, I do try to do this for my packages, but I'm very confident that all of my packages probably have misleading lower bounds.
It seems to me that some automated tooling is needed here, e.g. to try building/testing with e.g. all deps at the lower bound, all deps at the highest bound, etc.
With indirect dependencies, you can run into combinatorial explosion problems (number of combinations is roughly exponential with dependency chain length, give or take a few orders of magnitude).
Just something to keep in mind when discussing design alternatives. (I don't know what designs would even make sense, or what kinds of metadata would be available to help guide version selection.)
Indeed, it's a difficult problem with no obvious solution, but given the combinatorial explosion issue, it's probably better to (somehow) leave it up to a computer to explore that space rather than humans. :) Regards,