Hi, @michaelmaguire,

Answering your questions (the typo is already reported, thanks):

• def package_id(self) modifies the values of a member variable, it is not returning anything and the default implementation is empty (maybe we should clarify it in the docs) so, there is no need to call super() unless your recipe inherits from a custom ConanFile and you have some code already implemented there.

• Setting the non-semver compatibility in the package itself instead of doing it in the consumers: IMO it is the responsibility of the consumer package to declare how its package_id is being affected by the changes of its dependencies, the ABI of a dependency might not affect my ABI or API so I could keep the same package_id... but Conan has a default implementation and maybe it is not the right one (not the default behavior based in SemVer, but the implementation itself) I'll try to explain myself:

  Right now it is implemented something like this by default: _"all my dependencies uses SemVer and then the consumer can override some of them"_.

  The same default behavior could be achieved in a different way: _"I will ask all my dependencies about the ABI compatibility model they are using (and by default every library responds with a SemVer mode)"_, the user can declare a different compatibility model for his library, and of course the consumer can override it.

  We can add this flexibility without breaking current behavior, but this can have collateral effects I'm not aware of, I need here the expert opinion of more people, maybe I'm missing something else (ping @conan-io/barbarians).

I'll keep this issue in the triagge stage to discuss about this second point.

Thanks for the feedback!

• The same default behavior could be achieved in a different way: _"I will ask all my dependencies about the ABI compatibility model they are using (and by default every library responds with a SemVer mode)"_

I don't know if this would all be obsoleted by upcoming features, but this seems a more natural way to scale -- each library reports what versioning mechanism it respects.

I'll keep this issue in the triagge stage to discuss about this second point.

Thanks!

The main problem with how packages affect binary compatibility is that packages cannot define how they affect their consumers. Let me put some example:

• A package "LibraryA" builds a static library, and lets say they adhere exactly to the semver model. In theory they should be able to declare "I am following semver".
• Another package "LibraryB" is building another static library and depends on "LibraryA". This is ok, if "LibraryA" don't break something over the headers that make it break semver, "LibraryB" should be able to not re-build, as it is not necessary (changes are isolated in LibraryA implementation details)
• But now we have another "LibraryC" package that is building a shared library which completely embeds and hides "LibraryA". Nothing of "LibraryA" will be exposed in the package API, but it will be used internally as implementation detail. Now, "LibraryC" might not be ok with the semver mode, because even implementation detail changes will be linked inside the shared library. If consumers of "LibraryC" want to get the latest bug fixes of "LibraryA", we should re-build "LibraryC" for every change of "LibraryA", and that means: self.info.requires["LibraryA"].full_package_mode().

So in summary, ABI depends both on the producer, and if they actually respect the contract of defined versioning, but also on the consumer, and how the consumers use the dependencies packages.

@memsharded I agree with the decision that a consumer needs the full flexibility to define how it views changes to the producer, but I think today by default, with no changes or package_id() in a consumer, the assumption is that any package it consumes respects semver.

As I've learned the hard way, this is actually a pretty strong assumption.

I think it might be very useful if a package could publish the default consumers should assume, which could be overriden (or not) by the consumer's package_id() method as today.

For reference, exactly the same issue was just recently raised in https://github.com/conan-io/conan/issues/4071#issuecomment-464361928 and last year in #3318.

Thanks for linking to those issues, @niosHD, I wasn't aware of them. I think that this one can be resumed in #3318 (#4017 is about a global configuration, which can also be implemented unrelated to this one). So I'm closing this one, linking there some comments and I will add that one to the triagging stage, an alternative should be easy to implement, but we need to agree on what to do.

Let's continue there. Thanks again.

So in summary, ABI depends both on the producer, and if they actually respect the contract of defined versioning, but also on the consumer, and how the consumers use the dependencies packages.

I think we are conflating here the ABI with the desire to pick a new version. In the description you gave "LibraryC" should not have self.info.requires["LibraryA"].full_package_mode(). If it is hiding "LibraryA" completely from the user, it does not matter which version of "LibraryA" is statically linked _for the purpose of ABI compatibility_.

The purpose of hiding "LibraryA" inside "LibraryC" is allowing the client to run with a different, even incompatible, version. The purpose is ensuring that "LibraryA" is not part of the ABI of "LibraryC". Making the "LibraryA" part of the package id for "LibraryC" breaks this, as it enforces that the application and "LibraryC" agree on a version of "LibraryA".

Managing breaking versions of "LibraryA" inside "LibraryC" can be done in other ways that do not force the coordinating the version of "LibraryA" with the application.

My team manages a "LibraryC" implementation, and we have done this for over 10 years, our solution to broken versions of our dependencies is creating a new version of "LibraryC". A bug in "LibraryA" is not different than a bug in our own code —if we had chosen to just reimplement the functionality internally.