[英]How do you decide when to upgrade a library in your project?
I work on a project that uses multiple open source Java libraries. 我在一个使用多个开源Java库的项目上工作。 When upgrades to those libraries come out, we tend to follow a conservative strategy:
当升级到这些库时,我们倾向于遵循保守的策略:
We follow this strategy because we usually don't have time to put in the new library and thoroughly test the overall application. 我们遵循这一策略是因为我们通常没有时间放入新库并彻底测试整个应用程序。 (Like many software development teams we're always behind schedule on features we promised months ago.)
(像许多软件开发团队一样,我们总是落后于几个月前承诺的功能。)
But, I sometimes wonder if this strategy is wise given that some performance improvements and a large number of bug fixes usually come with library upgrades. 但是,我有时想知道这种策略是否明智,因为一些性能改进和大量的bug修复通常伴随着库升级。 (ie "Who knows, maybe things will work better in a way we don't foresee...")
(即“谁知道,也许事情会以我们无法预见的方式更好地运作......”)
What criteria do you use when you make these types of decisions in your project? 在项目中做出这些类型的决策时,您使用什么标准?
Important: Avoid Technical Debt . 重要:避免技术债务 。
"If it ain't broke, don't upgrade" is a crazy policy that leads to software so broken that no one can fix it. “如果它没有破产,不要升级”是一个疯狂的政策,导致软件如此破碎,没有人可以解决它。
Rash, untested changes are a bad idea, but not as bad as accumulating technical debt because it appears cheaper in the short run. 皮疹,未经测试的改变是一个坏主意,但不像累积技术债务那么糟糕,因为它在短期内看起来更便宜。
Get a "nightly build" process going so you can continuously test all changes -- yours as well as the packages on which you depend. 获得“夜间构建”过程,以便您可以持续测试所有更改 - 您的更改以及您依赖的包。
Until you have a continuous integration process, you can do quarterly major releases that include infrastructure upgrades. 在您进行持续集成过程之前,您可以执行包含基础架构升级的季度主要版本。
Avoid Technical Debt. 避免技术债务。
I've learned enough lessons to do the following: 我已经吸取了足够的教训来完成以下工作:
EDIT: I wanted to add one more item which is at least as important, and maybe more so than the others. 编辑:我想添加一个至少同样重要的项目,也许比其他项目更重要。
One approach is to bring the open source libraries that you use under your own source code control. 一种方法是在您自己的源代码控制下使用您使用的开源库。 Then periodically merge the upstream changes into your next release branch, or sooner if they are security fixes, and run your automated tests.
然后定期将上游更改合并到下一个发布分支中,或者如果它们是安全修复程序,则会更快,并运行自动化测试。
In other words, use the same criteria to decide whether to use upstream changes as you do for release cycles on code you write in house. 换句话说,使用相同的标准来决定是否像在内部编写的代码一样使用上游更改。 Consider the open source developers to be part of your virtual development team.
考虑开源开发人员加入虚拟开发团队。 This is really the case anyway, it's just a matter of whether you choose to recognise it as part of your development practices.
无论如何,情况确实如此,只是您是否选择将其视为开发实践的一部分。
While you don't want to upgrade just because there's a new version, there's another consideration, which is availability of the old version. 虽然您不想仅因为有新版本而升级,但还有另一个考虑因素,即旧版本的可用性。 I've run into that problem trying to build open source projects.
我遇到了试图构建开源项目的问题。
I usually assume that ignoring a new version of a library (coz' it doesn't have any interesting features or improvements) is a mistake, because one day you'll find out that this version is necessary for the migration to the next version which you might want to upgrade to. 我通常认为忽略一个新版本的库(因为它没有任何有趣的功能或改进)是一个错误,因为有一天你会发现这个版本是迁移到下一个版本所必需的。你可能想要升级到。
So my advice is to review carefully what has changed in the new version, and consider whether the changes requires a lot of testing, or little. 所以我的建议是仔细审查新版本中的变化,并考虑变更是否需要大量测试,或者很少。
If a lot of testing are required, it is best to upgrade to the newer library at the next release (major version) of your software (like when moving from v8.0 to v8.5). 如果需要进行大量测试,最好在软件的下一个版本(主要版本)升级到更新的库(例如从v8.0升级到v8.5时)。 When this happens, I guess there are other major modifications as well, so a lot of testing is done.
当发生这种情况时,我猜还有其他重大修改,因此进行了大量测试。
I prefer not to let the versions lag too far behind on dependant libraries. 我不想让版本在依赖库上落后太多。 Up to a year is ok for most libraries unless security or performance issues are known.
除非知道安全性或性能问题,否则大多数库可以使用长达一年的时间。 Libraries with known security issues are a must for refreshing.
具有已知安全问题的库是必须刷新的。
I periodically download the latest version of each library and run my apps unit tests using them. 我定期下载每个库的最新版本并使用它们运行我的应用程序单元测试。 If they pass, I use them in our development and integration environments for a while and push to QA when I'm satisfied they don't suck.
如果它们通过,我会在我们的开发和集成环境中使用它们一段时间,并在我满意它们不吸吮时推送到QA。
The above procedure assumes the API hasn't changed significantly. 上述过程假设API没有显着变化。 All bets are off if I need to refactor existing code just to use a newer library version.
如果我需要重构现有代码只是为了使用更新的库版本,所有的赌注都是关闭的。 (eg Axis 1x vs. 2x) Then I would need to get management involved to make the decision to allocate resources.
(例如Axis 1x vs. 2x)然后我需要让管理层参与决定分配资源。 Such a change would typically be differed until a major revision of the legacy code is planned.
在计划对遗留代码进行重大修订之前,这种更改通常会有所不同。
Some important questions: 一些重要问题:
Unless the upgrade looks bad according to the above criteria, it's better to go with it, and if you have any problems, revert to the old version. 除非根据上述标准升级看起来不好,否则最好使用它,如果您有任何问题,请恢复旧版本。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.