Empirical Software Engineering

, Volume 20, Issue 5, pp 1275–1317 | Cite as

How the Apache community upgrades dependencies: an evolutionary study

  • Gabriele BavotaEmail author
  • Gerardo Canfora
  • Massimiliano Di Penta
  • Rocco Oliveto
  • Sebastiano Panichella


Software ecosystems consist of multiple software projects, often interrelated by means of dependency relations. When one project undergoes changes, other projects may decide to upgrade their dependency. For example, a project could use a new version of a component from another project because the latter has been enhanced or subject to some bug-fixing activities. In this paper we study the evolution of dependencies between projects in the Java subset of the Apache ecosystem, consisting of 147 projects, for a period of 14 years, resulting in 1,964 releases. Specifically, we investigate (i) how dependencies between projects evolve over time when the ecosystem grows, (ii) what are the product and process factors that can likely trigger dependency upgrades, (iii) how developers discuss the needs and risks of such upgrades, and (iv) what is the likely impact of upgrades on client projects. The study results—qualitatively confirmed by observations made by analyzing the developers’ discussion—indicate that when a new release of a project is issued, it triggers an upgrade when the new release includes major changes (e.g., new features/services) as well as large amount of bug fixes. Instead, developers are reluctant to perform an upgrade when some APIs are removed. The impact of upgrades is generally low, unless it is related to frameworks/libraries used in crosscutting concerns. Results of this study can support the understanding of the of library/component upgrade phenomenon, and provide the basis for a new family of recommenders aimed at supporting developers in the complex (and risky) activity of managing library/component upgrade within their software projects.


Software ecosystems Project dependency upgrades Mining software repositories 



Gabriele Bavota, Gerardo Canfora, Massimiliano Di Penta, and Sebastiano Panichella are partially funded by the EU FP7-ICT-2011-8 project Markos, contract no. 317743. Any opinions, findings, and conclusions expressed herein are the authors’ and do not necessarily reflect those of the sponsors.


  1. Annosi M, Di Penta M, Tortora G (2012) Managing and assessing the risk of component upgrades. In: 2012 3rd international workshop on product line approaches in software engineering (PLEASE), pp 9–12Google Scholar
  2. Antoniol G, Ayari K, Di Penta M, Khomh F, Guéhéneuc YG (2008) Is it a bug or an enhancement? A text-based approach to classify change requests. In: Proceedings of the 2008 conference of the centre for advanced studies on collaborative research. IBM, Richmond Hill, p 23Google Scholar
  3. Aranda J, Venolia G (2009) The secret life of bugs: going past the errors and omissions in software repositories. In: Proceedings of the 31st international conference on software engineering, ICSE 2009. Vancouver, pp 298–308Google Scholar
  4. Bavota G, Canfora G, Di Penta M, Oliveto R, Panichella S (2013) The evolution of project inter-dependencies in a software ecosystem: the case of apache. In: 29th IEEE international conference on software maintenance (ICSM 20013). IEEE, Eindhoven, The NetherlandsGoogle Scholar
  5. Bavota G, Ciemniewska A, Chulani I, De Nigro A, Di Penta M, Galletti D, Galoppini R, Gordon TF, Kedziora P, Lener I, Torelli F, Pratola R, Pukacki J, Rebahi Y, Villalonga S G (2014) The market for open source: An intelligent virtual open source marketplace. In: Proceedings of joint 18th European conference on software maintenance and reengineering / 21st working conference on reverse engineering, CSMR18/WCRE21. Antwerp, pp 399–402Google Scholar
  6. Bosh J (2009) From software product lines to software ecosystems. In: Proceedings of the 13th international conference on software product lines (SPLC), pp 111–119Google Scholar
  7. Businge J, Serebrenik A, van den Brand M (2012) Survival of eclipse third-party plug-ins. In: 28th IEEE international conference on software maintenance (ICSM 2012). IEEE Computer Society, Trento, pp 368–377Google Scholar
  8. Cohen J (1988) Statistical power analysis for the behavioral sciences, 2nd edn. Lawrence Earlbaum AssociatesGoogle Scholar
  9. Collard ML, Kagdi HH, Maletic JI (2003) An XML-based lightweight C++ fact extractor. In: 11th International Workshop on Program Comprehension (IWPC 2003), May 10-11, 2003, Portland. IEEE Computer Society, pp 134–143Google Scholar
  10. Conover WJ (1998) Practical nonparametric statistics, 3rd edn. WileyGoogle Scholar
  11. Dagenais B, Robillard MP (2008) Recommending adaptive changes for framework evolution. In: 30th international conference on software engineering (ICSE 2008). ACM, Leipzig, pp 481–490Google Scholar
  12. Di Penta, Germán D M, Guéhéneuc YG, Antoniol G (2010) An exploratory study of the evolution of software licensing. In: Proceedings of the 32nd ACM/IEEE international conference on software engineering, ICSE 2010, vol 1. ACM, Cape Town, pp 145–154Google Scholar
  13. Dig D, Johnson R (2006) How do APIs evolve? A story of refactoring. J Softw Maint Evol 18:83–107. Research and PracticeCrossRefGoogle Scholar
  14. Gala-Perez S, Robles G., Gonzalez-Barahona JM, Herraiz I (2013) Intensive metrics for the study of the evolution of open source projects. In: 10th IEEE working conference on mining software repositories. San FranciscoGoogle Scholar
  15. German D, Adams B, Hassan AE (2013) Programming language ecosystems: the evolution of R. In: Proceedings of the 17th European conference on software maintenance and reengineering (CSMR). Genova, pp 243–252Google Scholar
  16. Germán DM (2003) The GNOME project: A case study of open source, global software development. Softw Process Improv Prac 8 (4):201–215CrossRefGoogle Scholar
  17. German DM, Gonzalez-Barahona JM, Robles G (2007) A model to understand the building and running inter-dependencies of software. In: Proceedings of the 14th working conference on reverse engineering, WCRE ’07. IEEE Computer Society, Washington, DC, pp 140–149Google Scholar
  18. German DM, Manabe Y, Inoue K (2010) A sentence-matching method for automatic license identification of source code files. In: Proceedings of the IEEE/ACM international conference on automated software engineering, ASE ’10. ACM, New YorkGoogle Scholar
  19. Godfrey MW, Tu Q (2000) Evolution in open source software: a case study. In: Proceedings of the international conference on software maintenance (ICSM’00). IEEE Computer Society, Washington, DC, pp 131–140Google Scholar
  20. Goeminne M, Claes M, Mens T (2013) A historical dataset for the GNOME ecosystem. In: Proceedings of the 10th working conference on mining software repositories, MSR’13. IEEE Press, Piscataway, pp 225–228Google Scholar
  21. Goeminne M, Mens T (2013) Analyzing ecosystems for open source software developer communities. In: Slinger Jansen Sjaak Brinkkemper MAC (ed) Software ecosystems: analyzing and managing business networks in the software industry. Edward Elgar Publishing, Incorporated, pp 301–329Google Scholar
  22. Gonzalez-Barahona JM, Robles G, Michlmayr M, Amor JJ, German DM (2009) Macro-level software evolution: a case study of a large software compilation. Empirical Softw Engg 14 (3):262–285CrossRefGoogle Scholar
  23. Grissom RJ, Kim JJ (2005) Effect sizes for research: a broad practical approach, 2nd edn. Lawrence Earlbaum AssociatesGoogle Scholar
  24. Hazewinkel M (2001) Kolmogorov-Smirnov test. SpringerGoogle Scholar
  25. Hou D, Yao X (2011) Exploring the intent behind API evolution: a case study. In: 18th working conference on reverse engineering (WCRE’11). Limerick, pp 131–140Google Scholar
  26. Jansen S, Finkelstein A, Brinkkemper S (2005) A sense of community: a research agenda for software ecosystems. In: 31st international conference on software ecosystems, new and emerging research track, pp 187–190Google Scholar
  27. Jergensen C, Sarma A, Wagstrom P (2011) The onion patch: migration in open source ecosystems. In: Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering. ACM, New, pp 70–80Google Scholar
  28. Kidane YH, Gloor PA (2007) Correlating temporal communication patterns of the eclipse open source community with performance and creativity. Comput Math Organ Theory 13 (1):17–27CrossRefzbMATHGoogle Scholar
  29. Kilamo T, Hammouda I, Mikkonen T, Aaltonen T (2012) From proprietary to open sourcegrowing an open source ecosystem. J Syst Softw 85 (7):1467–1478CrossRefGoogle Scholar
  30. Koch S, Schneider G (2002) Effort, cooperation and coordination in an open source software project: GNOME. Inf Syst J 12 (1):27–42CrossRefGoogle Scholar
  31. Krinke J, Gold N, Jia Y, Binkley D (2010) Cloning and copying between GNOME projects. In: Whitehead J, Zimmermann T (eds) 2010 7th IEEE working conference on mining software repositories, MSR 2010. IEEE, pp 98–101Google Scholar
  32. Levenshtein V (1966) Binary codes capable of correcting deletions, insertions, and reversals. Sov Phys Dokl 10:707–716MathSciNetzbMATHGoogle Scholar
  33. Lungu M, Robbes R, Lanza M (2010) Recovering inter-project dependencies in software ecosystems. In: Proceedings of ASE 2010. ACM Society Press, pp 309–312Google Scholar
  34. Mens T, Fernández-Ramil J, Degrandsart S (2008) The evolution of eclipse. In: 24th IEEE international conference on software maintenance (ICSM 2008), September 28 - October 4, 2008, Beijing, China. IEEE, pp 386–395Google Scholar
  35. Ossher J, Bajracharya S K, Lopes C V (2010) Automated dependency resolution for open source software. In: Proceedings of the 7th international working conference on mining software repositories, MSR 2010 (Co-located with ICSE). IEEE, Cape Town, pp 130–140Google Scholar
  36. Raemaekers S, van Deursen A, Visser J (2012) Measuring software library stability through historical version analysis. In: 28th IEEE international conference on software maintenance (ICSM’12). Trento, pp 378–387Google Scholar
  37. Robbes R, Lungu M, Röthlisberger D (2012) How do developers react to API deprecation? The case of a smalltalk ecosystem. In: Proceedings of the ACM SIGSOFT 20th international symposium on the foundations of software engineering. ACM, New York, pp 56:1–56:11Google Scholar
  38. Scacchi W, Alspaugh TA (2012) Understanding the role of licenses and evolution in open architecture software ecosystems. J Syst Softw 85 (7):1479–1494CrossRefGoogle Scholar
  39. Singh P V (2010). The small-world effect: the influence of macro-level properties of developer collaboration networks on open-source project success. ACM Trans Softw Eng Methodol 20 (2):6:1–6:27Google Scholar
  40. Vasilescu B, Serebrenik A, Goeminne M, Mens T (2013) On the variation and specialisation of workload A case study of the Gnome ecosystem community. Empirical Software Engineering, pp 1–54Google Scholar
  41. Watts DJ, Strogatz SH (1998) Collective dynamics of small-world networks. Nature 393 (6684):409–10Google Scholar
  42. Wermelinger M, Yu Y (2008) Analyzing the evolution of eclipse plugins. In: Proceedings of the 2008 international working conference on mining software repositories. ACM, New York, pp 133–136Google Scholar
  43. Wermelinger M, Yu Y, Lozano A, Capiluppi A (2011) Assessing architectural evolution: a case study. Empir Softw Eng 16 (5):623–666CrossRefGoogle Scholar
  44. Yu L, Ramaswamy S, Bush J (2007) Software evolvability: an ecosystem point of view. IEEE Int Work Softw Evolvability 0:75–80Google Scholar
  45. Zar JH (1972) Significance testing of the spearman rank correlation coefficient. J Am Stat Assoc 67 (339):578–580CrossRefzbMATHGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  • Gabriele Bavota
    • 1
    Email author
  • Gerardo Canfora
    • 1
  • Massimiliano Di Penta
    • 1
  • Rocco Oliveto
    • 2
  • Sebastiano Panichella
    • 1
  1. 1.Department of EngineeringUniversity of SannioBenevento (BN)Italy
  2. 2.Department of Bioscience and TerritoryUniversity of MolisePesche (IS)Italy

Personalised recommendations