[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: What about dependency resolution à la apt?

From: Tobias Geerinckx-Rice
Subject: Re: What about dependency resolution à la apt?
Date: Thu, 16 Mar 2017 21:28:18 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0


On 16/03/17 19:52, Amirouche wrote:
> Héllo,


I'm not the most technically qualified person to answer this, nor the
most articulate, but I'm mainly curious and slightly puzzled as to why
this question keeps popping up. I hope others will join in, since I fear
this hints at some fundamental misunderstandings about Guix that might
hurt world d^W^W adoption.

> AFAIU guix does hardcode the dependencies so that to know the
> dependencies one has onlytocrawl the dependency DAG using a BFS or
> something. I don't know what is the exact part in guix that does
> that. It's only my understanding.

This doesn't happen.[1]

It takes some getting used to when you're used to old-school package
managers where the resolver is A Big Deal, or even The Biggest Deal:
Gentoo, anyone?

But one of the many great things about functional package management à
la Nix/Guix is that you don't need — or want — a dependency resolver. At
all. That eliminates a lot of nasty problems, and makes others much
easier to solve.

Huge Deal.

> What about having apt-like dependency resolution, also like npm
> where version are specified in terms of "superior to", "equal to"
> taking advantage of semantic versionning?[2]

Guix already does ‘equal to’ better than anyone. Bit-identical, even.

What does ‘superior to’ mean? Why not just specify the latest version
that works? What's to gain by throwing uncertainty back into the game?

Kind regards,


[1]: In Guix. Correct me if I'm wrong.

I'm ignoring the importer, which may eventually need to ‘solve’ things
like npm version constraints when first importing npm packages. *shrugs*

[2]: Side rant: the myth of semantic versioning needs to die.

It tries to solve the problem of downstream machines playing a guessing
game that's doomed to break (i.e. ‘apt-like dependency resolution’), by
making upstream humans play a different guessing game.

There is simply nothing there to take advantage of.

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]