concerns with the zip v1 update in version 0.6.1 #13
Comments
|
What's the plan for the future? I agree that 1.2.0 should be yanked immediately if it contains breaking changes and i share your concerns about handovers of popular crates to new people (i'd switch to a zip alternative maintained by well-known community members for sure), but maintaining compatibility with an unmaintained, dead version of a library for all rust libraries depending on zip package in fedora doesn't strike me as a viable alternative. |
|
It certainly is not a long-term alternative to be sure. I don't know what to do in the long-term, but at least for the time being, we are not comfortable pushing zip >= 1.0.0 to users. |
|
I'd accept a PR adding this, it needs a minimal-versions or direct-minimal-versions CI job. |
|
Thanks for merging + the new release! This will make my work a lot easier :) |
|
Hi @decathorpe Is there any concern for a zip v2 upgrade? |
|
As far as I can tell the situation has mostly cleared up and has quieted down. |
I am packaging this crate for Fedora Linux as a dependency of maturin, and I noticed that the latest release bumped the "zip" dependency to version 1. Currently we are wary of updating the "zip" crate past version 0.6 (and will hold off on doing so for now) due to concerns with how the "zip-rs" project is being handled:
All releases starting with v1.0.0 were developed and released by different people than the original crate, with the hand-off being handled in a kind of weird way. Additionally, releases 1.2.0+ of the "new" zip crate contain breaking API changes which are not going to be fixed.
Since there were no breaking API changes between version 0.6 and 1.0 that affected the python-pkginfo crate, would it be possible to relax the dependency from
1.0.0to something like>=0.6,<2.0to allow building with both zip v0.6 and v1, or to revert the v0.6 -> v1 update for now?The text was updated successfully, but these errors were encountered: