Meeting will happen in #d9readiness on drupal.slack.com.
| Gabor Hojtsy (he/him) |
@mixologic and I did some analysis on deprecations in contrib that are new in Drupal 8.8 |
| mixologic |
I had meant to open an issue in the core queue for that. |
| Gabor Hojtsy (he/him) |
as per 17% of all contrib deprecated API use now is from either code deprecated in 8.7 or 8.8 |
| Gabor Hojtsy (he/him) |
most of it is for 8.8 (4% for 8.7 I think and 13% for 8.8) |
| Gabor Hojtsy (he/him) |
so @mixologic looked at the toplist of those deprecations and categorized them based on whether the replacements are also introduced in 8.8 or earlier |
| Gabor Hojtsy (he/him) |
|
| Gabor Hojtsy (he/him) |
this is his analysis |
| mixologic |
I would love to get release manager thoughts on deprecation backports: @xjm ? |
| Gabor Hojtsy (he/him) |
so looks like there are 9 issues that may be candidates for backporting the new APIs so we can make it possible for people to not need to branch for Drupal 9 |
| mixologic |
Both existing and new ones. |
| xjm |
What does "deprecation backports" mean? |
| xjm |
As in actually backporting deprecations to previous minors? That doesn't work for two reasons: (1) Requires the API be added in the old minor as well which violates semver (2) deprecations themselves are a disruptive change |
| xjm |
What we can consider doing is being more restrictive about new deprecations in 8.8 starting right now |
| mixologic |
So, as we deprecate new things in d8.8, contrib maintainers are not able to simultaneously have a module that removes those deprecations and still have a module that is compatible with the security supported version of core |
| xjm |
Yep, that's the way it is |
| mixologic |
So the suggestion was that if a deprecation is introduced in 8.8, then we backport the new api, but not the deprecation messages itself. |
| xjm |
We're not backporting new APIs to 8.7 and 8.6 |
| mixologic |
just 8.7. |
| xjm |
Nope, not doing that |
| xjm |
It breaks semver. |
| mixologic |
Im not sure I follow |
| xjm |
Introducing a new API in (say) 8.7.7 violates semver |
| xjm |
And can have other disruptivbe impacts |
| xjm |
So no, we're not going to do that |
| xjm |
What we can do is start deprecating for removal in 10.0.0 instead. |
| xjm |
Especially if there's a lot of stuff. |
| mixologic |
Because if a module then leverages the new api (say, to elminate its deprecated useage in 8.8, it wont be compatible with 8.7.6) ? |
| xjm |
Correct |
| xjm |
We've always had this concern; it's just people are more antsy now (understandably) about a moving target |
| xjm |
So the solution is to stop the target from moving by deprecating for removal by 10.0.0 instead of 9.0.0, rather than to violate semver |
| mixologic |
Hmm. what about the plan to backport this: |
| mixologic |
is that more of an exception due to its nature? |
| xjm |
That's being granted a specific exception for that issue only |
| xjm |
Because of the nature of the issue, its criticality, and its impact on the upgrade path |
| xjm |
And it's internal API rather than public API |
| Gabor Hojtsy (he/him) |
of the top 30 modules, the modules that have over 20 deprecated APIs used that were deprecated in 8.8 are: metatag, paragraphs, webform, google analytics |
| Gabor Hojtsy (he/him) |
so at least those very popular modules are in danger of needing a 9.x branch or have a whole bunch of workaround code |
| mixologic |
so, sites using those modules wont be able to upgrade to 9.0 until 9.1 essentially, unless the mainters branch |
| mixologic |
or yeah, workaround code. |
| xjm |
This is also what 8.9 is for |
| Gabor Hojtsy (he/him) |
yeah if they drop support for 8.7 |
| xjm |
They won't be able to have a version compatible with 8.8 and 9.0 at the same time already as of today. However, their 8.9 and 9.0 version will be fine. |
| mixologic |
Oh, right. materially it doesnt matter if they're on 9.0 because they can still upgrade to 8.9, which is feature identical |
| xjm |
Yep. The main issue is just around allowing modules to be "done" now, and whether we're still adding too many new deprecations between now and Oct. 14. |
| xjm |
Contrib already has this problem anyway; it was the #1 pushback to extending security coverage to the old minor |
| xjm |
Balancing the old minor compatibility with incoming deprecations |
| mixologic |
Right, any deprecations we add between now and oct 14th means they cant be 'done' until 9.0 is released. |
| Gabor Hojtsy (he/him) |
unless they drop 8.7 support? then they can work with 8.8 and 8.9 :slightly_smiling_face: |
| xjm |
Well, no, that's not what it means |
| xjm |
IT means what Gábor said :slightly_smiling_face: |
| mixologic |
right, but fwiremember, berdir was saying that dropping 8.7 support in contrib essentially nullify's the idea that we have extended security support |
| xjm |
They have three choices (a) Drop compatibility for 8.7 as of 8.8's release date, which is up to them as maintainers (b) Create a new branch compatible with 8.8-plus and remove the newew deprecations there (c) Not do anything until later when 8.9 and 9.0 are under development. |
| xjm |
@mixologic It's up to the individual maintainer which they want to do, but they're contrib maintainers; we can't force them to do anything :slightly_smiling_face: |
| mixologic |
In any case, the purpose of 8.9 just locked into focus for me, and I see now that "d9" isnt a hard deadline for contrib maintainers isasmuch as a six month overlap where they have an opportunity to upgrade their modules. |
| xjm |
It's also super easy for them to create a second branch if they want to, especially now that the core compatibility key will respect semver :slightly_smiling_face: |
| mixologic |
Sure we cant force contrib to do extended security support, but maintainers of popular projects recognize that they kinda need to if it is to have real meaning. |
| xjm |
Core doesn't even let you know yet that those security backports are available, so we don't need to worry about it |
| xjm |
What we do need to worry about is whether the "moving target" is too much of a burden before Oct. 14, and if so, whether other committers will be comfortable with stopping new 8.8 deprecations aside from things that aren't strategic priorities for D9 itself (like dependency-related deprecations) |
| xjm |
We're about 2/3 of the way through 8.8's development cycle now |
| xjm |
So it might be a good time to switch to "New deprecations should deprecate for removal in 10.0.0, except with release manager signoff" |
| mixologic |
okay, so to summarize, We're not backporting API's, that carries far too much semver breaking risk. If a contrib maintainer has usages of code that was deprecated in 8.8.x, and they want their module to be 9.x compatible _on the day that 9.0 comes out_, they can 1. do internal version checking 2. open another branch 3. wait until 9.1 to be 100% compatible with all supported versions or 4. Drop support for 8.7.x |
| Gabor Hojtsy (he/him) |
yeah |
| mixologic |
And waiting until 9.1 really means, as soon as 9.0 is released, you can fix everything because 8.8/9.0 have all the api's you need. |
| mixologic |
and you dont have to worry about supporting 8.7.x anymore |
| Gabor Hojtsy (he/him) |
I will try to update my script sometime to more accurately figure out the actual 8.8 deprecations (that do not have 8.7 replacements) |
| mikelutz |
It’s not like you don’t have a release or version that works with 8.7 anyway, If you can specify a core semver requirement in info.yml. Really, you shouldn’t be targeting new features to the security supported branch anyway. I wish it was just easier for the average maintainer to understand and manage. |
| mixologic |
yeah, I mean the issue is if they update their core semver requirement in info.yml to be higher than the security supported version, and then a grave issue is discovered with their module, and an 8.7.x site relies on that module, does that mean in order to get the security fix, that site owners have to upgrade? |
| mixologic |
I guess thats one of those things that is probably rare enough, and will be made moot by having contrib semver that we could probably just roll a BC compatible patch if that happened. |
| mikelutz |
Yeah, the security issues is the hangup, and yeah, contrib semver would solve it. |
| mikelutz |
Then it would be a matter of release management instead of branch management. |
| xjm |
@mixologic No one needs to wait until 9.1 for anything. 8.8, 8.9, _and_ 9.0 will have the same minimum API. |
| mixologic |
yeah, vocab collision between 'wait for 9.1.x to open' vs 9.0 is out. |
| mixologic |
|
| xjm |
9.1 opens before 9.0 is out |
| xjm |
so best not to confuse those things :slightly_smiling_face: |
| xjm |
It might open in January depending on how things are going |
| mixologic |
yeah, true. |
| mixologic |
but really, on the day that 9.0 comes out, a module can cut a release that is 9.0 compatible without regard to BC conflicts. |
| mixologic |
(given a module that has 8.8.x deprecations) |
| Gabor Hojtsy (he/him) |
@andypost suggested this but I am not sure the related issue he posted was right(?) |
| andypost |
There's meta about renames, looks it's part of |
| andypost |
The list
- actions => actions_ui
- simpletest (ui)
Needs sub-issue:
- block -> rename to block_ui (needs sub-issue)
- settings_tray/toolbar (maybe create new module) |
| xjm |
Before we jump on doing these, we also need a process for deprecating core modules, including both process-process and actual technical ways of marking an entire module as deprecated for all our misc tooling. |
| xjm |
So renames is like a sub-item of straight-up removals |
| mixologic |
Speaking of tooling, I really think we need to examine this: |
| mixologic |
Basically, renaming modules can have impacts on other modules that declare a dependency on those modules. |
| andypost |
Is there agreement on removals? I mean about this process? because for example field_layout "hangs" long enough |
| mixologic |
And so we need some way to prove that a rename doesnt break contrib modules. |
| mixologic |
I.e. the problem is that a module name is essentially an API. |
| mixologic |
So, yeah, we need to explore how we actually remove/rename modules. |
| mixologic |
(and *also* when we move them into core from contrib, super pretty please rename them) |
| andypost |
then removal policy looks low hanging |
| mikelutz |
It really seems like we need to deprecate the old module and have the new one next to it in 8.8, along with code to prevent both from being installed at the same time ala content_moderation and workspaces |
| mikelutz |
Just reading what I just wrote makes me uncomfortable… |
| mixologic |
yeah, that'd still be somewhat problematic |
| Gabor Hojtsy (he/him) |
I would personally say these are too cosmetic to be worth the pain for Drupal 9 |
| Gabor Hojtsy (he/him) |
other than the names not being perfect, there is nothing wrong with them, right? |
| mixologic |
because drupal's internal dependency checking doesnt have anything useful like composer's 'replace' we'd have to replicate something to say 'if you have a dependency on actions, then actions_ui fullfils that dependency' |
| mikelutz |
hmm, very true. |
| mikelutz |
It might just be too late in the cycle to try and manage it. |
| mikelutz |
We might need to spend the first cycle or two of D9 putting in place the systems we would need to manage it properly, and then making the change around 9.3 or 9.4 |
| mikelutz |
Do it right. |
Comments
Comment #2
gábor hojtsyFix URL
Comment #3
MixologicComment #14
gábor hojtsyPosted logs. Special thanks to @mlhess for access to logs.