FOSDEM event "Lost in Zero Space"

Tom Mens

Type devroom

Can we trust depending on packages with major version zero?

Starts on day 2 (2021-02-07) at 11:30 (Brussels time, UTC+1) in room Dependency (duration 00:45)

Matrix room #dependency:fosdem.org

When developing open source software end-user applications or reusable software packages, developers depend on software packages distributed through package managers such as npm, Packagist, Cargo, RubyGems. In addition to this, empirical evidence has shown that these package managers adhere to a large extent to semantic versioning principles. Packages that are still in major version zero are considered unstable according to semantic versioning, as some developers consider such packages as immature, still being under initial development.

This presentation reports on large-scale empirical evidence on the use of dependencies towards 0.y.z versions in four different software package distributions: Cargo, npm, Packagist and RubyGems. We study to which extent packages get stuck in the zero version space, never crossing the psychological barrier of major version zero. We compare the effect of the policies and practices of package managers on this phenomenon. We do not reveal the results of our findings in this abstract yet, as it would spoil the fun of the presentation.

=> FOSDEM schedule page

Proxy Information
Original URL
gemini://gemini.bortzmeyer.org/fosdem/event-10967.gmi
Status Code
Success (20)
Meta
text/gemini; lang=en
Capsule Response Time
165.215286 milliseconds
Gemini-to-HTML Time
0.195857 milliseconds

This content has been proxied by September (ba2dc).