Is the PVP transitive?

[sol]

Question

Can a package that adheres to the PVP depend on a package that violates the PVP?

Assumption

My assumption so far has been that the answer to this question is "no".

Rational

Looking at the following sentence:

Note that modifying imports or depending on a newer version of another package may cause extra orphan instances to be exported and thus force a major version change.

This suggests that a package a is "responsible" for orphan instances from transitive dependencies. Now if there is a package c in the transitive dependency graph of a and c is not constrained with a valid upper bound then package a does not honor the PVP as it is not guarded against possible additions of orphan instances to c in the future.

For completeness, the scenario here is:

• package a depends on package b, specifying a valid upper bound
• package b depends on package c, violating the PVP by not specifying a valid upper bound
• package c adheres to the PVP

Does this make sense or do I miss something?

[bergmark]

I think you're right. To be strictly compliant a would need to directly depend on all of b's dependencies so that it can take this responsibility instead.