|
|
|
|
|
|
by camgunz
1438 days ago
|
|
|
I've experienced multiple minor and patch (according to semver) updates that broke APIs and behavior, and I'd guess most devs have as well. I think semver makes sense to humans. I can derive a lot of meaning from it when I see n.n.n. But when it comes to the software supply chain, it's just too rickety. Frankly, when you lose customers after a new deploy broke one of your dependencies, "but the dependency author didn't respect semver" isn't an excuse. I say this as someone who strongly pushed `dependency>=1.3.2,<1.4` until that happened to me. My argument was "security updates", and now I just don't care. The software supply chain is too chaotic, and you have to be defensive against it. |
|
|