-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Acceptance of changes made to the legacy APIs #42230
Comments
I think "legacy" means "the project does not intend to strategically spend a lot of time adding features to this". If people want to contribute improvements to usability or in general as long as it doesn't make maintenance harder I think that's fair game? |
If the project accepts changes that improve the usability of a legacy API, it conflicts with what the project currently states -
Reading these I get the feeling that the project explicitly discourages uses of these APIs. |
Right - why do you think that conflicts? We can recommend one API (WHATWG URL) while supporting two (WHATWG URL and url) and still improving both though strategically only investing in one can't we? |
Usually legacy APIs are so because we can't improve them without breaking the ecosystem. This would rule out most semver-major changes, however bugfixes and semver-minor could be accepted. |
I think they conflict because on the one hand we want folks to migrate to the better API while on the other, we are still giving folks reason to stay on the broken API.
I believe that would have been okay if the document said "not actively supported" instead of "discouraged".
But isn't that true for stable APIs too? What's the point of labelling the API as legacy if we still treat it as a stable API? Also, instead of applying fixes / semver-minor changes to an API that is inherently broken and unsafe to use, won't it be easier for folks to just move to the recommended API? |
Basically, I've always read it as an indication that this API should not be adopted in new project since Node is not going to strategically invest a lot of time on it. If there is an API we'll never remove but want people to really not use it's usually "forever deprecated" like |
I thought this was the point the Legacy status. Basically a forever doc-only deprecation. |
Lines 26 to 27 in 3d4f3ca
Lines 33 to 34 in 3d4f3ca
Documentation-only deprecation is different - Lines 19 to 26 in 3d4f3ca
|
Unfortunately that's not easy at all. Usually those legacy APIs are used in very old modules that have all the quirks figured out. Changing it in 3-4-5 level deep is very hard. |
To make it easier for users, would it be reasonable to write a guide like we did in https://nodejs.org/en/docs/guides/buffer-constructor-deprecation/? Also, are you trying to say that it is easier to make the needed changes to the parser in Node.js than to the code that uses the legacy API inside the older module? If that's so, I was wondering if the migration strategy I stated in #42196 (comment) sounds practical:
Yes, it does talk about making semver-major changes but if we do them gradually, it should be helpful for users to migrate. Not sure why we are ruling out semver-major changes for legacy APIs. |
The stability labels aren't about differences in our process, although that can be part of it. But the labels are for users, not us. The label says "Don't use this in new code." It does not require us to have a different maintenance process. |
Yes.
Changes that improve the API without causing widespread breakage for users and that do not substantially increase our maintenance burden. |
I thought these labels were supposed to convey to the users how we maintain these APIs, so it is a result of us having different maintenance processes for each.
It doesn't specifically say "new code", so it stands for both new and old code. |
I think it's useful to ask the question like this: Should we make an effort to intentionally preserve security vulnerabilities and other bugs in Legacy APIs so that it inflicts pain on end users when that user is using the API, even if it is in a transitive dependency? EDIT: Just to make it 100% clear that I'm NOT advocating the pro-bugs pro-user-pain perspective, I'll mention that I definitely think we should allow fixes. I mean, obviously. But just in case it wasn't obvious. |
Bug fixes that don't break backwards compat or introduce significant regressions: Yes if there are people who want to work on it. New features, breaking changes: No. In the case of something like url.parse, I would view making it act more like the WHATWG parser as falling under the New Feature category. That is, url.parse was never meant to be compliant with WHATWG so changing it to start being compliant qualifies as new function and new feature. Making it do so just signals that folks are fine to keep using the API in new things which is counter to the purpose of marking it as Legacy. |
Then what qualifies as a bug in the context of url.parse()? Did we follow a spec while implementing it? If so, what spec did we follow? |
My opinion is that we should treat Legacy APIs the same as all other Stable APIs as long as people are volunteering to do the work, and the Legacy designation should only be used to discourage their use in new code. |
With regards to things like url.parse, I certainly would not block any prs to update it unless those are semver-major. I would just strongly discourage such changes. If folks want to invest time in an old, node specific, non standard, non portable, non spec compliant API when there is a standardized, cross platform, portable, spec compliant alternative available, that's up to them, but please don't make breaking changes. |
@RaisinTen The same things that qualify as bugs in every other context.
@jasnell I would agree if it's "make it behave like WHATWG parser for the sake of making it behave like WHATWG parser", then we shouldn't do that. I'm OK with (and it seems that you are at least tolerant of) "hey, there's a bug or security issue, and one way to fix it is to emulate WHATWG parser in this narrow edge case." An example of that is #42196. I also agree that we don't have to encourage them and we can be very cautious about accepting such changes. But obviously, that's not the same thing as automatically rejecting such fixes and insisting on leaving potentially-risky edge case bugs in place. |
It shouldn’t take a stick to get people to migrate. If the incremental bug fixes make the old api “good enough that i don’t need the new api” (such that without the fixes, it wouldn’t meet that bar) then the new api clearly failed at being better enough to be worth it. The only way to prove a new thing is better is to make the old thing as good as possible, and for people to still prefer that new thing. Is URL that underwhelming that these minor bugfixes are going to retroactively make the entire effort a waste of time? I certainly don’t think so, but blocking these bugfixes imo is representing exactly that opinion. |
To be clear, no one has suggested in any way that bug fixes should be blocked. |
Isn’t this very issue asking if bug fixes to legacy APIs should be blocked or not? If not, then I’m not clear on what’s being discussed, and the linked PR can land prior to resolving this issue - but there’s a block on it. |
That's what the issue is asking, yes, but as far as I'm aware no one has suggested that the answer is to block bug fixes. |
Great! So is there any reason not to make the policy be “accept non-breaking bugfixes made to legacy APIs, assuming they don’t increase maintenance burden or unreasonably harm performance (or other similar ad hoc caveats)”? |
We don't block bug fixes on legacy APIs. |
What I think does merit conversation, however, is what qualifies as a bug fix vs new feature. Updating a legacy API to conform to a standard that didn't exist when the API was added, and was never claimed to conform to doesn't qualify as a bug fix to me, especially when there's a fully supported non-legacy API that already does conform to that spec available. The message you're essentially sending is that there's no reason to migrate to the new API since we're eventually going to make this old one act the same. |
I would agree with that. As I wrote above: "I would agree if it's 'make it behave like WHATWG parser for the sake of making it behave like WHATWG parser', then we shouldn't do that. " |
The problem here is that folks can end up a building a "new feature" in the process of fixing a "bug" and vice versa, so this sounds ambiguous to me.
Reading the current description in #42196:
I understand that the PR tries to conform the legacy API to a standard which didn't exist when the API was added. And in doing so, it ends up fixing a bug. This feels like a "new feature" which would be blocked according to #42230 (comment) ( However, the ordering of sentences in the description could easily be flipped:
and now I understand that there is a bug in a legacy API and this PR tries to fix it by adopting the behavior of a standard because it is more reliable. This sounds like a "bug fix" to me which should be approved. I think it would be clearer if we considered all semver-patch commits as bug fixes, even if the patch tries to conform the legacy API to a standard that might not have existed during its creation.
The problem is that both the legacy API and the newer API has some advantages and disadvantages and none of them are good enough to rule out each other in the current state. This is the reason why we aren't supportive of even runtime deprecating the legacy APIs. |
Also, if we don't intend to go ahead with runtime deprecating / End-of-Life deprecating an API, I don't think we should "discourage" folks from using it. "Not encouraging" is okay IMO. |
If the new one isn’t good enough to rule out the old one, then I’d hope that correcting that would be a priority for those who want(ed) the new api, and also for the old one to be gone. |
This is a bit silly. Unless the old API is removed entirely, there will always be folks who insist on using the old API no matter what improvements are made to the new API simply because they don't want to change or changes would be too disruptive in other ways. None of this has anything to do with whether the new API is "good enough". For instance, the reason
Unless there are very real reasons folks shouldn't be using it and should be using the new one, which in the case of
I don't believe anyone has argued against this even if I don't always agree such changes are necessary (note, for instance, that I haven't blocked any of these type). semver-minor should be given a very critical eye and semver-major should be avoided entirely unless it is considered a critical security fix. If folks want to keep maintaining the legacy API, more power to them! Great to have contributions in all cases. But maintaining two APIs that do generally the same thing increases the maintenance burden and cognitive load for everyone -- maintainers and users -- so it's definitely worth keeping that in mind. |
@jasnell to clarify, i'm not claiming that all desire for the old one must be eliminated - i'm saying that assuming the claim "The problem is that both the legacy API and the newer API has some advantages and disadvantages and none of them are good enough to rule out each other in the current state" is true, then that suggests there's an opportunity for improvement in the new API. I'm not making any assertions about the claim being true, however. |
I'm OK with the ambiguity. I don't think this is a problem that we need to solve in advance. It might never actually come up. And if it does, we can weigh at that time what to do based on the pros and cons of the particular situation. Trying to set policy in advance for this seems like it may be an anti-pattern to me. It's trying to make a decision on something hypothetical. If we wait until it becomes real, we'll have actual information to weigh. There will be less guesswork. Additionally, it might never come to pass at all. I could be wrong, but I think we're going down a bit of a rabbit-hole at this point and we can close this issue. I'm fine with leaving it open longer if others disagree. But it seems to me that there is consensus on:
And going forward, for Legacy API changes, I'll be sure to emphasize the bug-fix nature of any bug-fix changes, since that at least seems to be an area of especially broad agreement. |
Won't that be applicable the other way round too? The points in #42232 (comment) are some reasons to discourage the uses of the newer API and use the legacy API instead. I don't think we should discourage/encourage the usage of any of these. In stead, we can make it very clear in the docs that the project does not officially support one of the APIs and then let the users decide if they want to use it or not. And if we choose to discourage uses of the legacy API (which we should talk about in #42232), I think we should do it through a runtime warning because it communicates the message better. We don't have to go ahead with the End-of-Life deprecation though (which is what's happening with the Buffer c'tor).
Then saying "uses in newer code is discouraged" sounds more fitting? |
Fixes: nodejs#42230 Fixes: nodejs#42232 Signed-off-by: Darshan Sen <raisinten@gmail.com>
PR: #42269 |
Maybe we could get the habit of running CITGM for any changes to a legacy API, and withdraw the PR if that makes any package fail. Not sure if it needs to be a documented process, but that could help having revert PRs (e.g. #42280). |
Legacy APIs in particular or all stable APIs (which includes legacy APIs because they are maintained in the same way) in general? |
Seems like something we’d want to do on any PR. |
It's something we'd want to do if it didn't take many hours to run and many minutes, if not hours, to analyze the results. |
Fixes: #42230 Fixes: #42232 Signed-off-by: Darshan Sen <raisinten@gmail.com> PR-URL: #42269 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Mestery <mestery@protonmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Fixes: #42230 Fixes: #42232 Signed-off-by: Darshan Sen <raisinten@gmail.com> PR-URL: #42269 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Mestery <mestery@protonmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Fixes: nodejs#42230 Fixes: nodejs#42232 Signed-off-by: Darshan Sen <raisinten@gmail.com> PR-URL: nodejs#42269 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Mestery <mestery@protonmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Fixes: #42230 Fixes: #42232 Signed-off-by: Darshan Sen <raisinten@gmail.com> PR-URL: #42269 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Mestery <mestery@protonmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Fixes: #42230 Fixes: #42232 Signed-off-by: Darshan Sen <raisinten@gmail.com> PR-URL: #42269 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Mestery <mestery@protonmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Fixes: #42230 Fixes: #42232 Signed-off-by: Darshan Sen <raisinten@gmail.com> PR-URL: #42269 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Mestery <mestery@protonmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Fixes: nodejs#42230 Fixes: nodejs#42232 Signed-off-by: Darshan Sen <raisinten@gmail.com> PR-URL: nodejs#42269 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Mestery <mestery@protonmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Should we accept changes made to the legacy APIs? If so, what kinds of changes should we accept?
For reference, this came up when we were discussing about whether we should accept a change made to the legacy url.parse() API in #42196.
cc @nodejs/tsc
The text was updated successfully, but these errors were encountered: