-
Notifications
You must be signed in to change notification settings - Fork 460
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Auto block registration of packages pre-1.0 #111019
Comments
I don't think it would be a good hard rule to have, but I think it would be a good guideline/soft check. I have one or two packages that are In most cases though, I think it's very useful to have the three channels of information in the version number:
So perhaps a way this could be done is as an automerge check, allowing for manual intervention if the registrant insists that they've thought about it and really do want 0.x? |
I agree. |
I'm not sure if following SemVer prescription would be beneficial in this case. I think this would encourage people to release a 1.0 version when the API is not ready. Considering the amount of packages which are still in <1.0 stage in the Julia ecosystem, it seems that many mantainers feel like their packages are still not ready for a 1.0 release, which is more a lack of time maybe than anything else. This seems to me an artificial solution to a different underling problem. |
I would argue its actually the opposite. |
To me the motivating issue here is that we have a bunch of This results in needless comparability bound churn across the ecosystem. This is the problem that I see this proposal helping with. I don't quite understand this view that occasionally seems to pop up that |
if that is the ratio of the proposal @tecosaur I'm more convinced now that it's probably a good idea actually, I didn't consider the problem of having breaking releases for new features. And also the reasoning of @oxinabox seems right, but maybe it's more debatable why mantainers didn't release a 1.0 for years. But that is not the point maybe. So for what is worth I would reconsider my position :-) But it doesn't seem a good hard rule also to me anyway. |
This is a misreading of SemVer. Pre-1.0, there is no such thing as a "breaking release". Pre-1.0 packages do not have a stable API, so by definition, they can't break that API. Quoting from the SemVer specification: "Major version zero (0.y.z) is for initial development. Anything MAY change at any time." It is not a violation of SemVer to add features (or even make breaking changes) in a pre-1.0 "bugfix" release. This is actually something that, arguably,
That's also a misreading of SemVer. Breaking releases must change the major version number, but major version number changes do not need to contain breaking changes. They generally should, of course, but the change from 0.x to 1.0 especially is not a breaking change according to SemVer, because 0.x wasn't stable in the first place! |
This is not to say that there aren't plenty of 0.x packages that should be 1.0. It's also not to say that pre-1.0, there isn't some less formal notion of "breaking" vs "non-breaking". I certainly use 0.y.0 releases to indicate bigger changes that are likely to "break" other packages and I would also claim that pre-1.0 is an important part of a package's development cycle. If the developers feel that they're still "figuring out" the API, it shouldn't be 1.0. A lot of projects in Julia are related to academic research, and in such a situation, "active research" should indicate pre-1.0. If you're eventually going to publish a paper of a package, the publication of that paper seems like a good time to make a 1.0 release. I pretty strongly believe that most packages should use 0.1.0 for registration, not |
If the problem to do with pre-1.0 packages that cause everyone to have to update compat bounds when they release new backwards-compatible features, maybe that is where the focus should be placed.
There's an argument to be made that the approach is "too late", but on the other hand, adding extra steps for package registration could put people off registering packages, or make them delay, which could also have bad outcomes. |
The tips in the SemVer document certainly aren't wrong: If a package has a lot of dependents and thus should be worried about backward compatibility (whether the authors feel that the API is perfect or not), that package should probably make a 1.0 release. That does not mean we should be pushing people to make 1.0 releases prematurely, or impose version restrictions on registration. And I'll say it again: switching from |
Right now I have a package that depends on six If they remained unregistered I would have to deal with unregistered dependencies, which is a pain in the ass, and wouldn't be able to register my own package. |
How unhelpful is it really if you are already using them as a dependency in another package...? They clearly have an API, otherwise how would you be using them? I'd rather say it would be helpful instead if they were at 1.0. This gives the package authors the nudge they need to be thinking about their users. If you care about having users, you should also care about compatibility and breaking changes and SemVer is a great system for that, with the added advantage of being ultra-widely adopted. If you don't care about having users, well, why are you registering? Overall I give a +1 to the idea of disabling the automerge for new packages that are < 1.0, and in general as a community showing that we value SemVer and hence would prefer registered packages to have an API that at least the authors themselves consider solid to be 1.0. I've expressed in many other situations that registering a package in the general registry is way too easy and having checks that disable the auto merge can be of benefit to the community. Some packages I've registered would not pass the bar of this rule, and that's fine. I would have to wait more before registering. Not really a big deal... In the next version of Pkg.jl we will be able to add packages to our projects without them being registered, and still specify reproducibility by specifying the exact commit. Hence, even less the reason to register everything as soon as possible. For a counterexample that also gives a +1 to the automerge block suggestion: two packages I am involved with Agents.jl is at v6, and DynamicalSystems.jl at v3. Its not like you can't release a breaking release post 1.0 if you have good reasons to. If anything, it makes you more concious about breaking changes. |
@frankier and @goerz I agree with your comments; they are excellent: motivating a 1.0 for large packages that have been stable for a long time is a good idea. But I don't find it related with this issue which is about new registered packages. Additionally, I have done this several times so far and I have been faced either with no response, or no real arguments, sometimes the authors saying they don't themselves know what breaking changes they would like to do (proving the point entirely that they should release 1, but oh well...). So that's why I think your suggestions should be a separate discussion alltogether. |
I also think it's worth highlighting that this proposal is to for automerge, not a hard rule. I still think there's the occasional well-justified 0.x package. Drawing from my own experience, I'd point to Like @Datseris, I think in general this would be a valuable nudge to authors to think about the API they're delivering, and the state of their package a bit more. It's also not like we can't reverse this rule if it turns out not to be such a good idea in practice 🙂 |
It's a matter of communication. They do have an API, but it changes frequently, and the packages are incomplete. That's what I expect from |
I feel very strongly that, if anything, we should go the other way: New packages should automerge only if the initial package version is I think we actually used to have an initial version Again, that is not to say that we shouldn't push for packages that have a lot of dependents to actually commit to their API and tag |
From SemVer 2.0
I am going to argue that this is normally actually the case when you register in general.
If you don't intend for people to use it you shouldn't be registering it.
Perhaps by exception people are registering with intent to iterate rapidly in a breaking way.
But it is exceptional and we can always use the functionality to bypass that rule.
It's problematic we people register pre-1.0
Because
I propose we only enforce this on new package registration. And allow old packages to be grandfathered.
We have talked about this on and off for years
The text was updated successfully, but these errors were encountered: