If you use an inherited signature from another package in your own code,
the only valid PVP bound you can specify for this package is an *exact*
version bound. This is because the signature is used both covariantly
(it provides declarations for import) and contravariantly (it specifies
what is required). However, this is a bit distressing if you want to
use a PVP-style bound that allows for upgrading a package. So there is
- Any signatures that come from packages with exact bounds (this includes, in particular, signature packages, who are included solely to make declarations available), can be used without problem by modules, but
- Any signatures that come from packages that are version bounded (i.e., any package that also provides modules) must NOT be used, because if they were used, they could break under a PVP policy that allows relaxations in the needed requirements.
To help users avoid situation (2), I've added a warning to all
signature declarations that come solely from (2). This is not
perfect; you might still end up relying on some type identity
specified by a signature in a version-bounded package, but it
should help catch major errors.
Signed-off-by: Edward Z. Yang <email@example.com>