Git, the D package manager
Joseph Rushton Wakeling via Digitalmars-d
digitalmars-d at puremagic.com
Mon Feb 2 02:08:58 PST 2015
On Monday, 2 February 2015 at 09:03:56 UTC, Vladimir Panteleev
wrote:
> On Monday, 2 February 2015 at 08:58:38 UTC, Joseph Rushton
> Wakeling wrote:
>> Scenario: a dependency has a security hole that gets patched.
>> If the dub package is updated, all applications using that dub
>> package will automatically have that update available next
>> time they are built.
>
> Is that so? Won't a security fix entail a version bump,
> requiring a change in the requirements file of the parent
> project? Also, does Dub really check for updated versions of
> libraries online, every time a project is built?
Well, as long as the requirements are expressed in the form,
"package-name": ">=1.2.3"
then there shouldn't be any problem with a version bump from the
upstream application. Whether dub actually does check for
updates I'm not sure, but it _could_. Whereas with git
submodules, you really are stuck with one version and one only.
>>> - When cloning repositories, dub does not preserve the
>>> repository's directory
>>> name (so e.g. fruit will be cloned to ~/.dub/fruit-1.0.0/).
>>
>> Necessary in order to maintain multiple versions of a package
>> in order to satisfy different applications' dependencies,
>> surely? You have a similar situation with different versions
>> of shared libraries installed on any UNIX system.
>
> No, it is not necessary. The directory layout could be
> ~/.dub/fruit-1.0.0/fruit/...
I don't follow your point here. What's the meaningful difference
between what dub does and what you suggest?
More information about the Digitalmars-d
mailing list