| ▲ | oivey 4 hours ago | |
It would help a lot if core Python libraries like urllib, NumPy, and others used SemVer. Removing a function is a breaking change. The root of this post is from urllib breaking something in a minor release. Get rid of the pseudo SemVer where you can deprecate functions and then break in minor releases. Maybe after that the rest of the community could hope their code will work long term if they don’t increment major versions. | ||
| ▲ | Hizonner an hour ago | parent | next [-] | |
That just encourages people to keep using old, unmaintained, insecure versions of libraries. Then, when they're still on version 2.1.1, and your maintained version is 5.7.3, and somebody finds a major security bug in 2.1, they will come whining at you to release a 2.1.2. Code that is not being maintained is not usually suitable for use, period. | ||
| ▲ | graemep 3 hours ago | parent | prev | next [-] | |
Python itself is making breaking changes between minor versions, so I think its natural that the ecosystem will follow. I have not had any real problems yet myself, but its worrying. | ||
| ▲ | kerkeslager an hour ago | parent | prev [-] | |
> Get rid of the pseudo SemVer where you can deprecate functions and then break in minor releases. I agree, but I think there's a bigger, cultural root cause here. This is the result of toxicity in the community. The Python 2 to 3 transition was done properly, with real SemVer, and real tools to aid the transition. For a few years about 25% of my work as a Python dev was transitioning projects from 2 to 3. No project took more than 2 weeks (less than 40 hours of actual work), and most took a day. And unfortunately, the Python team received a ton of hate (including threats) for it. As a natural reaction, it seems that they have a bit of PTSD, and since 3.0 they've been trying to trickle in the breaking changes instead of holding them for a 4.0 release. I don't blame them--it's definitely a worse experience for Python users, but it's probably a better experience for the people working on Python to have the hate and threats trickle in at a manageable rate. I think the solution is for people like us who understand that breaking changes are necessary to pile love on doing it with real SemVer, and try to balance out the hate with support and I had a client who in 2023 still was on 2.7.x, and when I found a few huge security holes in their code and told them I couldn't ethically continue to work on their product if they wouldn't upgrade Python, Django, and a few other packages, and they declined to renew my contract. As far as I know, they're still on 2.7.x. :shrug: | ||