Additional branch to maintain v0.0.6

gfngfn / SATySFi

A statically-typed, functional typesetting system

GNU Lesser General Public License v3.0

1.16k stars 82 forks source link

Additional branch to maintain v0.0.6 #307

Open yasuo-ozu opened 2 years ago

yasuo-ozu commented 2 years ago

Since satysfi.opam does not fix versions of dependencies, the source tree of v0.0.6 tag is not build-able today.

Now, the following change is needed:

-   "depext"
-   "omd"
+  "omd" {< "2.0.0~"}

I think there will be some needs to use old SATySFi to workaround breaking changes in 0.1.0. Suggestion: creating new branch to support v0.0.6

yasuo-ozu commented 2 years ago

Or (ad hoc) change tag v0.6.0 to 07e6132b546db4b57e5ada65694fde468b338d43 ?

na4zagin3 commented 2 years ago

IMO, it's responsibility of repository owners to make it possible to build packages in the repo (e.g., https://github.com/na4zagin3/satyrographos-repo/pull/314).

If we want to maintain 0.0.6 series rather than the release 0.0.6, a new version (e.g., 0.0.6.1) should be released.

Anyway, I'm against updating tags, which should be immutable.

puripuri2100 commented 2 years ago

Note There is a plan to release v0.0.7 before the release of v0.1.0. https://twitter.com/bd_gfngfn/status/1452800014145646592?s=20

yasuo-ozu commented 2 years ago

@na4zagin3

If we want to maintain 0.0.6 series rather than the release 0.0.6, a new version (e.g., 0.0.6.1) should be released. Anyway, I'm against updating tags, which should be immutable.

Thanks for comment. I think so, too.

Anyway, is there any opinion against fixing up all dependencies? Is there any possibility of security risks or other problem?

na4zagin3 commented 2 years ago

Anyway, is there any opinion against fixing up all dependencies?

Can you elaborate it?

To be clear, I'm against updating tags for whatever reason, not just for fixing dependencies, which will break all the third party packages that verify file validity with precomputed hashes.

gfngfn commented 2 years ago

Probably just releasing v0.0.7 immediately (after fixing dependencies and performing some check about backward compatibility) and letting v0.0.8 be the last release of v0.0.z would suffice.

yasuo-ozu commented 2 years ago

Can you elaborate it?

Sorry for poor explanation.

Anyway, is there any opinion against fixing up all dependencies?

I mean here that I suggest fixing up all versions of dependencies in when releasing later versions (e.g., 0.0.7 ) in satysfi.opam and this does not give any solution to existing versions (e.g., 0.0.6).

IMO, it's responsibility of repository owners to make it possible to build packages in the repo (e.g., na4zagin3/satyrographos-repo#314).

I think, this is the best approach to the existing versions. (Thank you for maintaining satyrographos-repo.)