Hacker News new | past | comments | ask | show | jobs | submit login

One question. If you reference a package by hash. Is there semantic versioning? Can you get security updates?



I'm currently planning non-semantic versioning (next versions just increment by 1), but I'm open to changing if I can figure out how to make semver efficient.

I mention it here[1], but security updates can be performed by both authors and consumers.

[1] https://news.ycombinator.com/item?id=35739161


I am not a super fan of semantic versioning (but it is "OK").

What I like is you can flag "breaking" vs "enhancement" vs "no api change". And "no api change" is usually always what you get with a security patch.

Really you only need 2 versions in semantic version (my opinion): breaking.non-braking

"next versions just increment by 1" might be good where you have a non-breaking change, and that would allow security patches to flow down.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: