pvp icon indicating copy to clipboard operation
pvp copied to clipboard

Published 20 hours ago verified publisher icon haskell

Is the PVP transitive?

Open sol opened this issue 6 years ago • 1 comments

Question

Can a package that adheres to the PVP depend on a package that violates the PVP?

Assumption

My assumption so far has been that the answer to this question is "no".

Rational

Looking at the following sentence:

Note that modifying imports or depending on a newer version of another package may cause extra orphan instances to be exported and thus force a major version change.

This suggests that a package a is "responsible" for orphan instances from transitive dependencies. Now if there is a package c in the transitive dependency graph of a and c is not constrained with a valid upper bound then package a does not honor the PVP as it is not guarded against possible additions of orphan instances to c in the future.

For completeness, the scenario here is:

  • package a depends on package b, specifying a valid upper bound
  • package b depends on package c, violating the PVP by not specifying a valid upper bound
  • package c adheres to the PVP

Does this make sense or do I miss something?

sol avatar Feb 24 '18 19:02 sol

I think you're right. To be strictly compliant a would need to directly depend on all of b's dependencies so that it can take this responsibility instead.

bergmark avatar Feb 26 '18 19:02 bergmark