-1

Originally https://stackoverflow.com/q/58816567/369489

  1. There are tow separate projects within the same organization: P (product, at version p) which depends on L (library, at version l). p lists l in its dependencies and all is well.
  2. The new feature X requires changes to both P (->p+1) and L (->l+1). The changes are such that p would not work with l+1.
  3. For some reason (don't ask) the changes in L are approved but the changes in P are not: latest version of L is now l+1 but P is still at p. No problem (yet) because p points to l and not l+1 so although the latest version of L is indeed l+1 but since P(which is still at p) is not using it (yet) , no problem (for now).
  4. A serious bug in L is fixed (->l+2) and P is updated (->p+1) to use this new version of L (-> p+1 depends on l+2) but l+2 has X in it (since it was branched off of l+1, the latest L at the time) -> p+1 does not compile because the X parts of P are not approved yet (step 3 above) !

Question 1: what is the best way to proceed in such a situation ? at the moment the solution is to revert the X in l+2 to create a l+3 which is: (l + bug fix) - X.

Question 2: how can we come up with a release process that avoids such situations altogether ?

Improve this question
2
  • 3
    Generally, in the semver world, one would have called l+1 l 2.0. Then, if a bug is found and 1.0 still supported it would have been backported to 1.1. Obviously this imposes some maintenance overhead on the library developers but this is inevitable. TL;DR: semver, used properly, is specifically designed to solve this exact problem. Commented Nov 14, 2019 at 7:03
  • @BoristheSpider Perhaps you should turn that excellent comment into an answer ? Commented Nov 14, 2019 at 12:47

1 Answer 1

Reset to default
1

It all comes down to what the developers of library L support. If they (in this case, your organization) only support the latest version, then all consumers of L (namely, P) have to update to the latest version (l+1 and then l+2) in order to get the bugfixes - by doing so, they must take the new features along with it.

If support is provided for multiple versions, then the bugfix is applied to all supported versions. As @BoristheSpider mentioned in a comment, Semantic Versioning (semver) is designed for this exact situation. If the original version l was called v1.0 then l+1 would have been denoted v2.0 since introducing X was not a backwards-compatible change. Support could be provided for both v1.0 and v2.0, and bugfixes would be applied to both at the same time, leading to v1.1 and v2.1. Consumers of the library could choose which major version to use, confident that they'll continue to get bugfixes with either.

Providing support for multiple versions does entail additional overhead, of course, but can lead to smoother consumption of the library, especially when there are several projects using the library. Not all products update at the same pace, and so having multiple versions available accommodates those different schedules.

At some point, it may become necessary to discontinue support for an older version (e.g., you only support 3 major versions), or it may become necessary for consumers to update to a newer major version in order to get a critical bugfix (e.g., fixing something requires making a breaking change) - at that point, consumers of the library using those discontinued version have a few choices:

  • Update to a newer version and continue to get bugfixes and feature updates
  • Keep using the version they have but get no bugfixes or feature updates, and keep the vulnerabilities
  • Find or develop a different library to do the same thing.

Your product owner should be aware of the effort and consequences involved with each of the options so they can prioritize the backlog appropriately.

Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.