-
assigned issue to
Robert Reiz
Problem with SNAPSHOT version and Only runtime dependecies are condered
Issue #30
resolved
1) https://www.versioneye.com/java/com.puppycrawl.tools:checkstyle/6.3 is old version https://www.versioneye.com/java/com.puppycrawl.tools:checkstyle/6.4-SNAPSHOT is current but there no dependecies at that report but 6.4-snapshot has that dependecies and even one more https://github.com/checkstyle/checkstyle/blob/master/pom.xml#L164.
As I plan to use versioneye as additional badge for my page - https://github.com/checkstyle/checkstyle/blob/master/README.md
2) Not all dependencies are considered, example from build phase - https://github.com/checkstyle/checkstyle/blob/master/pom.xml#L217 example from reporting phase - https://github.com/checkstyle/checkstyle/blob/master/pom.xml#L537
It will be good to scan all dependecies and not only runtime dependencies, as outdated dependencies are mostly intersted to engineers of that project, all users jsut need project to work on certain version and old version of one dependency does not mean anything.
Please spit issues if you think that is required.
Comments (6)
-
-
@r_ivanov Thanks for opening this ticket and for using the dependency badge :-)
In the mean while the current version of checkstyle is 6.5 and it's listed here: https://www.versioneye.com/java/com.puppycrawl.tools:checkstyle/6.5VersionEye is not tracking SNAPSHOTS! We track only stable versions. We don't track SNAPSHOT repositories.
Currently we don't track plugins and dependencies under build/pluginManagement. Thats has to be changed! I leave this ticket open as a reminder for myself. I hope I can fix it during easter :)
-
reporter
yes , for now version is 6.5, but we do not use that URL , we use https://www.versioneye.com/user/projects/5504ca834a1064774400049a (see https://github.com/checkstyle/checkstyle/blob/master/README.md)
VersionEye is not tracking SNAPSHOTS! We track only stable versions. We don't track SNAPSHOT repositories.
yes, I see that, but please think what for you did your service ? for end users of library or for developers. answer "for users" - users do not really care of what is inside of my dependecies, they are ok if I am sitting on old version that works 100% perfectly. Or I have legacy code that require old version- but it works for them.
answer "for developers" - I do believe that that a real reason ,a really your target. Only developers care about latest version of labriary, it is kind of cool state to be on latest versions. But do developers care about old releases ? even just released ... no , they do not care. Latest code status is what they need. They did update for some libraries , on next day or two (does not matter as soon as all know that period) it will be good to refresh your service statistics.
One more example: look at your README page, and image for a second that "build status" and "coverage%" are for our stable 6.5 version :) - it is useless.
Please do not treat that post as demand. Your service is good that that banner "dependency out of date" that hang infront of us for a month , helped as to find time and make it GREEN. And I always want to open github page and be sure that all that banners (quality metrics) are green.
-
@r_ivanov Just deployed an Update to the Cloud. Now the server will parse plugins as well. See an example here:
https://www.versioneye.com/user/projects/55264178c4b71d7001000002#tab-dependencies
Well we don't track SNAPSHOT versions because most of our cloud users are interested in stable versions. If we would send out emails every time somebody releases a SNAPSHOT version than we would be an email bomber. Some projects release every day several SNAPSHOTS. However if you want to have more options you can run VersionEye Enterprise on your own hardware: https://www.versioneye.com/enterprise
There are several reasons for updating to new versions. Mostly this here:
- BugFixes
- Security Fixes
- New Features
- Performance Improvements.
Beside the version notification VersionEye offers license notifications as well. For some of our customers the license notifications are more important: http://blog.versioneye.com/2014/09/15/license-whitelist/
Your feedback is highly appreciated.
-
@r_ivanov Yes. Parsing the plugins is still experimental. At first I wanted to wait for your feedback and feedback from other users. Everything under
/user/projects/PROJECT_IDare custom user projects. They are not included in public search results! Everything under
/ LANGUAGE / PROD_KEY / VERSIONis crawled data. That's why they are treated differently. The crawling framework will be updated soon to crawl plugin information as well.
Now you make me think about SNAPSHOT versions again! I will rethink it.
-
- changed status to resolved
I close this ticket because nobody else complained about SNAPSHOT versions.
- Log in to comment
