We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Lost in Zero Space

Logo von FOSDEM VZWFOSDEM VZW
 Mens, Tom

Formale Metadaten

Titel
Lost in Zero Space
Untertitel
Can we trust depending on packages with major version zero?
Serientitel
Anzahl der Teile
637
Autor
Lizenz
CC-Namensnennung 2.0 Belgien:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
Identifikatoren
Herausgeber
Erscheinungsjahr
Sprache

Inhaltliche Metadaten

Fachgebiet
Genre
Abstract
When developing open source software end-user applications or reusable software packages, developers depend on software packages distributed through package managers such as npm, Packagist, Cargo, RubyGems. In addition to this, empirical evidence has shown that these package managers adhere to a large extent to semantic versioning principles. Packages that are still in major version zero are considered unstable according to semantic versioning, as some developers consider such packages as immature, still being under initial development. This presentation reports on large-scale empirical evidence on the use of dependencies towards 0.y.z versions in four different software package distributions: Cargo, npm, Packagist and RubyGems. We study to which extent packages get stuck in the zero version space, never crossing the psychological barrier of major version zero. We compare the effect of the policies and practices of package managers on this phenomenon. We do not reveal the results of our findings in this abstract yet, as it would spoil the fun of the presentation. This empirical study builds further on our earlier work, in which we have studied different kinds of dependency management issues in software package distributions. The current empirical evolutionary study is based on recent package management metadata of 1.5 million packages, totaling 12 million package releases and 56 million package dependencies. We analyse dependency version constraints to determine: * to which extent packages depend on 0.y.z releases of other packages; * whether packages with major version zero ever cross the psychological barrier of 1.0.0; * whether there is any reluctance to depend on 0.y.z packages; * whether dependency constraints are more permissive than what semantic versioning dictates for packages in major version zero.