Is Gradle Dynamic resolution strategy safe?

Gradle Dynamic Resolution strategy a.k.a use a + on the dependency is a usable feature. This is handy because you can do something like spring:spring-core:4.0.+ and gradle will always get the latest snapshop for you - but them to make this work fine you need people have discipline to do proper major/minor versioning. 

Its easy to mess with this. In paper this is good in practice it creates lots of Configuration Management problems like: 
  • Breaking Changes: It`s easy to people break your code with because they could easy introduce breaking changes and you will get automatically.
  • CM HELL: You dont know with version your code works and with version your code do not work since you dont know with exactly version your are using and when people introduced problems.
  • No Control: When you put something like 1.0.0 you know what you are doing and if you update to 1.1.0 and does not work is easy to roll it back but since you dont know what exactly you are using is harder to know what made the change and create the issue.
Maybe Snapshot Dynamic Version is evil maybe not - but it required lots of maturity and discipline to use it right, in DevOps we have immutable infrastructure and everything you do is a new version - a new EXPLICIT version, so i think explicit versioning it the right thing todo, so people have release notes and proper communication to know when there are changes and pick when and if yes or not change thats give you more control and more 
flexibility with you dont have with the +. 
Diego Pacheco

Popular posts from this blog

Kafka Streams with Java 15

Rust and Java Interoperability

HMAC in Java