Updating Ledger's dependencies regularly
26 views
Skip to first unread message
Alexis
Feb 14, 2023, 5:02:36 AMFeb 14
to ledge...@googlegroups.com
Hello all,
occasionally there are build issues¹ with third-party dependencies.
Some of these can be attested to the fact that Ledger has infrequently
updated the minimum required version of its dependencies.
According to the README Ledger specifies the following version
requirements for its dependencies (I took the liberty to add columns
for age, release date, latest version, and latest release date
for comparison):
Required | Version | | Release || Latest | Release
Dependency | (or greater) | Age | Date || Version | Date
------------|--------------|----------|--------- ||-------- |---------
[CMake] | 3.0.0 | 4 years | Dec 2018 || 3.5.2 | Jan 2023
[Boost] | 1.49 | 11 years | Feb 2012 || 1.81.0 | Dec 2022
[GMP] | 4.2.2 | 16 years | Sep 2007 || 6.2.1 | Nov 2020
[MPFR] | 2.4.0 | 14 years | Jan 2009 || 4.2.0 | Jan 2023
[utfcpp] | 2.3.4 | 8 years | Sep 2015 || 3.2.3 | Dec 2022
Optional | Version | | Release || Latest | Release
Dependency | (or greater) | Age | Date || Version | Date
------------|--------------|----------|----------||---------|----------
[Python] | 3.9 | ~3 years | Oct 2020 || 3.11 | Oct 2022
[gettext] | 0.17 | 16 years | Nov 2007 || | Jul 2020
[libedit] | 20090111-3.0 | 14 years | Sep 2009 || 20221030-3.1. | Oct 2022
[doxygen] | 1.5.7.1 |>13 years | Unknown || 1.9.6 | Dec 2022
[graphviz] | 2.20.3 | >2 years | Unknown || 7.1.0 | Jan 2023
[texinfo] | 4.13 | 15 years | Sep 2008 || 7.0.2 | Jan 2023
[lcov] | 1.6 | ? years | Uknown || 1.16 | Jun 2022
[sloccount] | 2.26 | ? years | Uknown || Same | Same
I believe there is value in deciding how old the minimum required
version for a dependency should be, so that dependencies can be updated
regularly and code handling compatibility for outdated dependencies
is removed and does not accumulate over time.
This allows to gradually adapt to dependencies deprecating API
rather than last minute when breaking change is (about to be) introduced
by one of Ledger's dependencies.
A conservative approach—possibly maintaining overly high backwards
compatibility—could be to decide that once a year Ledger's dependencies
are updated to the latest version of each dependency that is 4 years old.
A more progressive approach—likely to still maintain a high backwards
compatibility—is to update each dependency to the latest version that
is 2 years old
My very first take on this is #2194² which changes CMake's minimum
required version to 3.12.0 (released over 4 years ago in Nov 2018).
If the more progressive approach would be taken for the #2194 PR
CMake could be upgraded to version 3.19.
This would break support for Debian stable³ as it offers version
3.18, hence it seems CMake 3.18 is a better option as it is a
good compromise between recency and backwards compatibility.
I'd love to hear your thoughts, especially if you contribute to
Ledger or maintain a distribution port.
Best
Alexis
¹ https://github.com/ledger/ledger/issues?q=is%3Aissue+boost+is%3Aclosed
² https://github.com/ledger/ledger/pull/2194
³ https://packages.debian.org/bullseye/cmake)
Release Pages:
CMake https://github.com/Kitware/CMake/releases/
Boost https://sourceforge.net/projects/boost/files/boost-binaries/
GMP https://gmplib.org/download/gmp/
MPFR https://www.mpfr.org/history.html
utfcpp https://github.com/nemtrif/utfcpp/releases
Python https://www.python.org/downloads/
gettext https://ftp.gnu.org/pub/gnu/gettext
doxygen https://github.com/doxygen/doxygen/releases
https://sourceforge.net/projects/doxygen/files/
graphviz https://www.graphviz.org/download/source/
lcov https://github.com/linux-test-project/lcov.git
libedit https://thrysoee.dk/editline/
Texinfo https://ftp.gnu.org/gnu/texinfo/
occasionally there are build issues¹ with third-party dependencies.
Some of these can be attested to the fact that Ledger has infrequently
updated the minimum required version of its dependencies.
According to the README Ledger specifies the following version
requirements for its dependencies (I took the liberty to add columns
for age, release date, latest version, and latest release date
for comparison):
Required | Version | | Release || Latest | Release
Dependency | (or greater) | Age | Date || Version | Date
------------|--------------|----------|--------- ||-------- |---------
[CMake] | 3.0.0 | 4 years | Dec 2018 || 3.5.2 | Jan 2023
[Boost] | 1.49 | 11 years | Feb 2012 || 1.81.0 | Dec 2022
[GMP] | 4.2.2 | 16 years | Sep 2007 || 6.2.1 | Nov 2020
[MPFR] | 2.4.0 | 14 years | Jan 2009 || 4.2.0 | Jan 2023
[utfcpp] | 2.3.4 | 8 years | Sep 2015 || 3.2.3 | Dec 2022
Optional | Version | | Release || Latest | Release
Dependency | (or greater) | Age | Date || Version | Date
------------|--------------|----------|----------||---------|----------
[Python] | 3.9 | ~3 years | Oct 2020 || 3.11 | Oct 2022
[gettext] | 0.17 | 16 years | Nov 2007 || | Jul 2020
[libedit] | 20090111-3.0 | 14 years | Sep 2009 || 20221030-3.1. | Oct 2022
[doxygen] | 1.5.7.1 |>13 years | Unknown || 1.9.6 | Dec 2022
[graphviz] | 2.20.3 | >2 years | Unknown || 7.1.0 | Jan 2023
[texinfo] | 4.13 | 15 years | Sep 2008 || 7.0.2 | Jan 2023
[lcov] | 1.6 | ? years | Uknown || 1.16 | Jun 2022
[sloccount] | 2.26 | ? years | Uknown || Same | Same
I believe there is value in deciding how old the minimum required
version for a dependency should be, so that dependencies can be updated
regularly and code handling compatibility for outdated dependencies
is removed and does not accumulate over time.
This allows to gradually adapt to dependencies deprecating API
rather than last minute when breaking change is (about to be) introduced
by one of Ledger's dependencies.
A conservative approach—possibly maintaining overly high backwards
compatibility—could be to decide that once a year Ledger's dependencies
are updated to the latest version of each dependency that is 4 years old.
A more progressive approach—likely to still maintain a high backwards
compatibility—is to update each dependency to the latest version that
is 2 years old
My very first take on this is #2194² which changes CMake's minimum
required version to 3.12.0 (released over 4 years ago in Nov 2018).
If the more progressive approach would be taken for the #2194 PR
CMake could be upgraded to version 3.19.
This would break support for Debian stable³ as it offers version
3.18, hence it seems CMake 3.18 is a better option as it is a
good compromise between recency and backwards compatibility.
I'd love to hear your thoughts, especially if you contribute to
Ledger or maintain a distribution port.
Best
Alexis
¹ https://github.com/ledger/ledger/issues?q=is%3Aissue+boost+is%3Aclosed
² https://github.com/ledger/ledger/pull/2194
³ https://packages.debian.org/bullseye/cmake)
Release Pages:
CMake https://github.com/Kitware/CMake/releases/
Boost https://sourceforge.net/projects/boost/files/boost-binaries/
GMP https://gmplib.org/download/gmp/
MPFR https://www.mpfr.org/history.html
utfcpp https://github.com/nemtrif/utfcpp/releases
Python https://www.python.org/downloads/
gettext https://ftp.gnu.org/pub/gnu/gettext
doxygen https://github.com/doxygen/doxygen/releases
https://sourceforge.net/projects/doxygen/files/
graphviz https://www.graphviz.org/download/source/
lcov https://github.com/linux-test-project/lcov.git
libedit https://thrysoee.dk/editline/
Texinfo https://ftp.gnu.org/gnu/texinfo/
John Wiegley
Mar 22, 2023, 8:43:57 PMMar 22
to ledge...@googlegroups.com
>>>>> "A" == Alexis <surr...@gmail.com> writes:
A> A conservative approach—possibly maintaining overly high backwards
A> compatibility—could be to decide that once a year Ledger's dependencies are
A> updated to the latest version of each dependency that is 4 years old.
I think I definitely fall on the conservative side of the spectrum...
John
A> A conservative approach—possibly maintaining overly high backwards
A> compatibility—could be to decide that once a year Ledger's dependencies are
A> updated to the latest version of each dependency that is 4 years old.
I think I definitely fall on the conservative side of the spectrum...
John
Alexis
Mar 23, 2023, 10:07:32 AMMar 23
to ledge...@googlegroups.com
Thanks for your input on this John, much appreciated.
To move this conversation forward more specifically I went
ahead and created PR #2222¹ that bumps the versions of
ledger's major dependencies to a reasonable version that
is about 4 years old.
Alexis
¹ https://github.com/ledger/ledger/pull/2222
To move this conversation forward more specifically I went
ahead and created PR #2222¹ that bumps the versions of
ledger's major dependencies to a reasonable version that
is about 4 years old.
Alexis
¹ https://github.com/ledger/ledger/pull/2222
Reply all
Reply to author
Forward
0 new messages