Semantic Versioning Will Not Save You

Talking through why choosing a versioning scheme is of vital importance and why SemVer is the best option for most.

Python Learning materials HSF training curriculum (Python, bash, git, docker, and more) Topical articles CPython core developers Brett Cannon is a CPython core developer, and is very interested in standardizing packaging. https://snarky.ca Why I don’t like SemVer anymore: A great resource to make you think about what SemVer means and where it falls short. What the heck is pyproject.toml: A intro to modern Python packaging A quick-and-dirty guide on how to install packages for Python: This showw the “correct” way to throw together packages (pre-pipx). Paul Ganssle is CPython core developer, and maintains zoneinfo. https://blog.ganssle.io

This PEP proposes updating the versioning scheme for Python to include the calendar year.

In the previous post, I made a case for why programming languages should have a utility library that provides small-but-commonly-needed functions. Today I’m introducing a Raku package that I hope w…

One of the most important lessons I’ve learned in security, is that it’s always better to push security problems back to the source as much as possible. For example, a small number of experts (hope…

Version numbers are hard to get right. Semantic Versioning (SemVer) communicates backward compatibility via version numbers which often lead to a false sense of security and broken promises. Calendar Versioning (CalVer) sits at the other extreme of communicating almost no useful information at all.

Bound version constraints (upper caps) are starting to show up in the Python ecosystem. This is causing real world problems with libraries following this recommendation, and is likely to continue to get worse; this practice does not scale to large numbers of libraries or large numbers of users. In this discussion I would like to explain why always providing an upper limit causes far more harm than good even for true SemVer libraries, why libraries that pin upper limits require more frequent updates rather than less, and why it is not scalable. After reading this, hopefully you will always consider every cap you add, you will know the (few) places where pinning an upper limit is reasonable, and will possibly even avoid using libraries that pin upper limits needlessly until the author updates them to remove these pins. If this 10,000 word behemoth is a bit long for you, then skip around using the table of contents, or see the TL;DR section at the end, or read version numbers by Bernát Gábor, which is shorter but is a fantastic read with good examples and cute dog pictures. Or Hynek’s Semantic Versioning Will Not Save You Be sure to check at least the JavaScript project analysis before you leave! Also be warned, I pick on Poetry quite a bit. The rising popularity of Poetry is likely due to the simplicity of having one tool vs. many for packaging, but it happens to also have a special dependency solver, a new upper bound syntax, and a strong recommendation to always limit upper versions - in direct opposition to members of the Python core developer team and PyPA developers. Not all libraries with excessive version capping are Poetry projects (like TensorFlow), but many, many of them are. To be clear, Poetry doesn’t force version pinning on you, but it does push you really, really hard to always version cap, and it’s targeting new Python users that don’t know any better yet than to accept bad recommendations. And these affect the whole ecosystem, including users who do n

Version numbering is hard, and there are lots of popular schemes out there for how to do it. Today I …

In this step-by-step tutorial, you’ll learn how to create a Python package for your project and how to publish it to PyPI, the Python Package Repository. Quickly get up to speed on everything from naming your package to configuring it using setup.cfg.