-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deprecation Policy #1704
Deprecation Policy #1704
Comments
Also: |
I'd like to see us make The V8 4.4 issue is also interesting; for those not following - it's going to force us to completely remove |
part of the |
As part of this I'd like to try actually removing |
Deprecation notices may be easily maintained, but it's not really a solution. +1 to @chrisdickinson Maybe we should do a pre-mortem first so we can gauge where this is being used the most and already send PRs / info beforehand? Also, regarding |
Yep – I'll write up a pre-mortem, to include:
|
@mikeal ... we should work on formalizing the deprecation policy in the dev-policy document further. Some of the processes are documented there but it's been an open issue. Perhaps it would be best to keep the high level discussion of the process there so that we can focus on the specific technical items here? |
deprecating sys – premortem and plan of actionstep 0: set goalsOur goal is to pick a minimum percentage of weekly downloads that should work As an hypothetical example:
My preference is to set this percentage between 80 and 90 percent of downloads. step 1: identify usageDeprecating an entire module is somewhat easier problem than deprecating
step 2: mitigation effectivenessThe question to be answered at this stage in deprecation is "how much effort will To estimate the amount of effort it will take to reach our target mitigation number, What we want to know is the minimum number of packages that will have to release a new patch Given:
We run the following pseudocode walk through the graph:
The set, Now, given:
We run the following pseudocode:
Go / No go check: At this point there we should check to see if the amount of work step 3: go fix modulesStarting with the broken packages themselves, PR the appropriate fixes to packages. Expand to dependents as Go / No go check: If v4.0.0 is looming at this point and we have not met our target mitigation number, the |
@chrisdickinson ... posts like that should come with automatic and mandatory free beer to help mitigate the pain. Great analysis, going to have to stew over that one for a bit... |
What happens if a module FOO which half of npm depends upon outright refuses to make any changes, claiming that the deprecation which TC agreed upon is unnecessary, or that And they are hoping that node.js will never actually change it because it'll break too much stuff, thus using their amount of downloads to indefinitely stall a deprecation of a certain feature? Kinda similar thing happened with |
I'm not sure about the "outright refuses" part, but for modules where the maintainers no longer update them, we could always contact them / npm for access to publish a fixed version. |
Yep, no longer maintained libraries are actually the simpler part. But actively maintained popular ones telling you "we don't want to change anything, our code works fine on 0.10.x and your new release is broken" is quite another matter. Maybe I'll rephrase: what is the maximum period of deprecation after which the feature will be dropped no matter what? |
If a good section of the ecosystem is objecting like that it's probably a good sign that we shouldn't move forward with the deprecation :( |
Agreed.
There is no maximum period of deprecation in that sense – we can only remove the feature once we reach the target mitigation number. If it becomes clear that we can't reach the target mitigation number, we should back out of the deprecation. |
for example:
These stages are already documented ? |
Perhaps after a deprecated feature is removed, an error is thrown with a link to something helpful (like a PR or reference issue) for fixing it. |
@chrisdickinson maybe this could help get started? https://github.com/evanlucas/find-sys/blob/master/results.txt. It doesn't include dependencies for all of the packages, only bundled dependencies, but it sure cuts the list down of what needs to be checked now |
We need this to be simple and straightforward. What @yosuke-furukawa started is perfect. What we don't need, is to be in the business of maintaining the world, @chrisdickinson. |
@yosuke-furukawa's plan is necessary but not sufficient, and describes our current approach up until this point. However, we've never successfully removed code using that approach – we've deprecated, added messages, but have always stopped short of actually making breaking changes. If we want to make breaking changes, we have to own up to it. We should have an idea of how much code we stand to break through removal, and we shouldn't remove APIs until the amount of code that will break is below a certain threshold. If there's something we really, really want to deprecate, then it's on us to make sure the ecosystem doesn't set on fire because of it – we have to meet the community at least half-way on this. |
semver, documentation, time, and a clear policy should be more than sufficient. If you are concerned beyond that, then we can always release a non-core module that is for deprecated modules. In other words, take ownership of npmjs.com/package/deprecated or similar, and put the API that has been removed into that module as we remove it. |
This assumes a few things:
In reality, a lot of packages with breakage may not be maintained, but are depended on indirectly by hundreds (or thousands) of packages. It's easy enough to change the packages that depend directly on the broken package, but now you've got to go one ring out and fix any package that pegged a dep on the packages you just fixed. It's a lot of work, potentially; and it has to be done before users can upgrade. What the proposed changes state is that the users are the ones responsible for routing around whatever breakage we create – they have to shoulder the cost of fixing bugs and going through (essentially) the same process I've outlined above, but in an ad-hoc fashion with no central place for information sharing, and no option to "back out" of breaking changes that are too costly. In reality, most folks won't upgrade – why would they? Of what benefit is a new Node sans In other words: we serve the users of Node, not the other way around. We can't dictate to them what Node will or won't be, their code already does that. We can't expect them to put in effort to change their code based on our say-so if we're not willing to step up and put our effort in as well. |
@chrisdickinson I assume we are deprecating wherever we want to deprecate. If you deprecate some internal function then toss it into the deprecated module under the same path and parent file where its found. What is your position ? |
A "deprecation" package on npm is not sufficient to fix breakage in the ecosystem, whether it's at module level or API level. Assuming such an approach could fix breakage, it still puts the onus on the end-user to fix the problem. They will still have to fix all of the modules that are broken between their code and the package that's actually broken, and point everything at the right versions. This is too much to demand of end-users. @evanlucas: Great work! This should give us a good start. |
Just a quick reminder that the long dep chains means incredibly long lists of potential packages that need to be updated because it's not enough to just push updates of those directly dependent, you must also get all of the deps of every other package to update to the new version, and so on, and so on, and so on :) The good news is that there's a lot of data available about how many downloads of a particular package there are that we can use to assess the outstanding liability. |
Exactly right! That's covered in the "mitigation effectiveness" step above – it's a bit subtle, but in the pseudocode walk through the graph we're looping over items of set |
Probably another good candidate: #1747 |
Let's discuss (not necessarily decide) on tomorrow's TC meeting. |
@piscisaureus Can we get an update on what was discussed? |
@JCMais there wasn't a tc meeting this week, planning it fell through the cracks. |
I think documenting deprecation, including pointing people to the recommended alternative, plus allowing a good time window should be enough to deprecate functionality even if it's widely used. Number of major releases is not a good criteria, IMO, because those are driven by other factors like v8 upgrades and can happen frequently and not on a predictable timeline. We might want to consider doing something to increase visibility of documented deprecation. I am worried that just because we give a "future deprecation" warning in the docs and release notes, people might not notice it immediately. In .NET, you can decorate types and methods with an "Obsolete" attribute, so that the compiler will give you a warning about it every time you compile. In Javascript there is no compilation, but perhaps we could achieve something similar by other means. Just to illustrate the idea, a deprecated API could spew a one-time warning to stderr at runtime. Eg: |
That is already what |
😄 |
removed |
@mikeal ... any reason to keep this one open? |
Do we have a deprecation policy now? I couldn't find it earlier today. |
the "official" deprecation policy is basically an evolved version of what is in this thread kinda. Dx |
we should write something down :) |
PR: #7964 |
I'm going to close this because the above-mentioned PR is where all the action is right now and if we want an issue to discuss it rather than a PR, that's #7912 rather than here (which has been inactive for 5 months). If you feel strongly that this should remain open, by all means, re-open it. |
Recently we've run in to issues related to deprecation and have realized we don't actually have a formal deprecation policy and even the one we are culturally enforcing now doesn't handle the breadth of use cases we have.
We should discuss and draft a deprecation policy and pull together various use cases as hypotheticals for it. Some recent issues that come to mind are:
The text was updated successfully, but these errors were encountered: