libc VS semver

> I absolutely don't see how this is a problem with semver,

Strange to not see it. Semver promises to solve dependency hell. In the example everyone correctly followed the sevmver and the app is broken by a dependency hell issue.

> it is not the responsibility of semver to tell a language how packages should be isolated and loaded. That is a problem of a) the language and b) dependency resolution in the package manager.

So semver only works for "good" languages?

> Bundler, by design, does not allow the above, instead having a flat, consistent vision of dependencies.

Ok, so what happens with the app when packages managed by Bundler get fragmented by depending on an incompatible version of sub-dependency (commons-logging 1.1.1 vs 2.0.1 as in the example)?

Also note, even for languages and tooling supporting multiple library versions loaded side by side, there are scenarios where things break.

For example, the "libc apocalypse" situation in Rust https://github.com/rust-lang/libc/issues/547

Here after the "libc" module released a major version, the definition for the `void` C type in two versions of the lib are considered by the compiler as two different types, resulting in breakages everywhere around the library ecosystem.

There are also scenarios for dynamic languages / runtime errors.

> None of this is the responsibility of semver. In fact, semver would help the language provide tooling to detect that kind of "hey this instance is from foo-1.0 but you're trying to consume it in foo-2.0".

And what's next after it detected the dependency hell? It's too late and the person suffering is not in the position to fix it. You have to upgrade to "authentication 1.1.2" for security compliance, because the version 1.1.1 has known vulnerabilities. But that breaks the application, because the maintainer of the lower level dependency "commons-logging" follows semantic versioning.

The promise was to prevent dependency hell, not to detect it.

Quoting the ticket and reiterating the point of my first comment above:

Once again, the point of this ticket is to:

    Remove the false promise that SemVer solves dependency hell by simply increasing major version.

Even if coexistence of multiple library versions is supported, there are scenarios where things break.

For example, the "libc apocalypse" situation in Rust https://github.com/rust-lang/libc/issues/547

Here after the "libc" module released a major version, the definition for the `void` C type in two versions of the lib are considered by the compiler as two different types, resulting in breakages everywhere around the library ecosystem.

There are also scenarios for dynamic languages / runtime errors in statically typed languages.

My main problem with the current SemVer spec, is that it does not mention multiple lib versions problem, and promises the dependency hell issues can be solved simply by updating major version number. Thus encouraging to break backward compatibility freely.

Also note, it's not the case that SemVer is intended only for languages supporting multiple library versions. The SemVer is a product of Ruby community, and Ruby has a global namespace for classes and unable to have several versions of a lib simultaneously.

In 2000s they were breaking compatibility left and right, neglecting elementary compatibility practices. If you were working on an application, practically every time when you update dependencies, something would break.

So (in 2011 ?) they came out with this "manifesto" (Why such a big name? This scheme of versioning was well established in linkers and sonames of all Unix-like systems for decades - it goes back to at least 1987 paper "Shared Libraries in SunOS").

It's a good thing SemVer acknowledges finally that compatibility is a serious matter. Only that it's better to discourage compatibility breakages. An in cases when it's really needed (I agree such cases exists), there are things to take care of in addition to simply increase major version num.

The libc crate exposes system C APIs in Rust code, and is used by the compiler and standard library. It also does not contain any C code. See for yourself.

Ok, what if we are sure that our C code would use a given version of malloc/free only to allocate memory (are we ever sure about anything like that is out of the scope of the article)? Well, in this case we are brave enough to use libc crate in our rust code:

Port libc. I recommend using bindgen for this.

While looking at the libc crate and its build script, I don’t quite understand when or how the crate’s libc definitions link to the build target’s actual libc.

For what it's worth, there's been discussion of this not only for glibc on Linux but also for BSDs which take many more liberties with API and ABI compatibility to keep their technical debt low. I can't summarise the years of discussion here but I encourage anyone interested to read through https://github.com/rust-lang/libc/issues/570

In answer to what appears to be a misunderstanding about Rust:

> Its foreign function interface seems particularly poorly implemented. The official Rust documentation suggests the use of the external third-party libc library (called a 'crate' in Rust parlance) to provide the type definitions necessary to interface with C programs. As of the time of writing, this crate has had 95 releases. Contrast this with Ada’s Interfaces.C package, which was added the language in Ada 95 and hasn’t needed to change in any fundamental way since.

Rust's libc crate isn't third-party, it's first-party, developed by the Rust project itself: https://github.com/rust-lang/libc/ . It's also not just for "type definitions necessary to interface with C programs"; here's the first heading and first paragraph of its README:

"libc - Raw FFI bindings to platforms' system libraries"

libc provides all of the definitions necessary to easily interoperate with C code (or "C-like" code) on each of the platforms that Rust supports. This includes type definitions (e.g. c_int), constants (e.g. EINVAL) as well as function headers (e.g. malloc).

The fact that this library contains low-level type definitions for every platform that Rust supports explains why it's had more than one release: new platforms get added, platforms add new interfaces, and platforms change the definitions of existing interfaces.

> It lacks basic features necessary for the task, like bitfields, and data structure packing.

The latter is achieved via the built-in `repr(packed)` attribute (https://doc.rust-lang.org/nomicon/other-reprs.html#reprpacke...) and the former is provided by the bitflags crate: https://crates.io/crates/bitflags (while unlike libc this does not live under the rust-lang org on Github, it does live under its own org which appears to be populated exclusively by Rust project team members).

It came up in this issue in the libc crate. The initializer for a static has to be const, which is why the issue submitter wanted it. He couldn't use lazy_static or once_cell, common patterns in Rust, since he was later using the static in a unix signal handler (which must be async signal safe).

We are pleased to introduce Semantic Versioning and release channels to Snyk CLI from v.1.1291.0 onwards. In this blog post, we will share why we are introducing these changes, what problems these changes solve for our customers, and how our customers can opt-in according to their needs.

Following the Semantic Versioning rules, you should raise the version number every time you need to publish your library. In your "package.json" file, you need to change the version number to reflect whether the changes are major, minor, or patch updates.

Semantic Versioning: An established convention for version numbers following the pattern MAJOR.MINOR.PATCH

Increases the major of the latest tag and prints it As per the Semver spec, it'll also clear the pre-release…

The reason for this is that software libraries and package managers, in general, but specifically here, rely on semantic versioning. Semantic versioning is really useful for distributing packages in a predictable way. What does this look like for our project?

For a more detailed and comprehensive guide on semantic versioning, visit https://semver.org

I believe neovim follows semantic versioning. https://semver.org/

Semver has been 2.0.0 for 10 years, look at the date of the assets. Multiple releases created today where none existed before. Not sure why someone is creating releases now, perhaps just some housekeeping/cleanup.

https://github.com/semver/semver/releases

All ELRS hardware will talk to all other ELRS hardware, including Radiomaster's ELRS transmitters and receivers. There are one or two exceptions from scummy companies that have been pilloried by the community, and you probably won't find them anymore. So long as the ELRS firmware running on both devices has the same major version number, you're good to go. ie. 3.3.1 will still talk to 3.0.1, but won't talk to 2.0.0. (The "major version" is the 1st number, the "minor version" is the 2nd number, and the "patch version" is the 3rd number. See Semantic Versioning for more info.)

If you're using semver, read the spec it's not overly long or hard to understand.