To be precise: fixing http-conduit's bounds for aeson-2.2.0.0 necessitated revisions to 25 releases, which I made in my capacity as Hackage Trustee. This is why I support the current recommendation of “have upper bounds and raise them in response to new releases”: it is my experience that omitting upper bounds not only amplifies the amount of work required to respond to breakage, it tends to push that work onto people other than the package maintainers.
4 Likes