API Deprecation and Removal Policy Revision 1

[dennisklein]

edit: Now outdated, once the discussion threads conclude, I will propose a second revision. Read the following policy text as revision 1 or proposed text:

Ideally, one would want to get every public API correct from the start and never have to change anything forever. However, in reality, programmers make mistakes, requirements change over time, or the project simply evolves. To minimize avoidable friction, we would like to communicate the following API Deprecation and Removal Policy to both users and developers:

• Public APIs must be deprecated before removal
• Removal must not happen in a patch release, only in a major or minor release following a deprecating release
  • In addtion, removal must be delayed at least two weeks after the deprecating release has been published
• Deprecation is primarily declared in the release notes
  • C++ APIs will be annotated with the [[deprecated]] attribute if applicable
  • Deprecation of public header files via #pragma GCC warning ... (or any other compiler warning mechanism that cannot be filtered by the user) must be announced in one additional release before the deprecating release
  • Larger deprecation campaigns shall be accompanied by additional documentation, e.g. Cleanup of non-namespaced typenames and headers #423
• New APIs intendended to replace the deprecated ones must be available latest in the deprecating release
• Disclaimer: Deprecation and removal may deviate from the above for technical reasons only

The above policy would allow for deprecation and removal of a public API in two consecutive releases. However, in such a case, the user may always opt-in to a 3-phase-deprecation-removal still by using

1. the deprecating release with disabled deprecation warnings,
   • via the compiler option -Wno-deprecated-declarations, or
   • starting with FairMQ v1.6+ via -DFAIRMQ_NO_DEPRECATED_DECLARATIONS passed to the compiler and/or CMake
2. the deprecating release with enabled deprecation warnings (default) and the new API, if applicable, at your own pace, and finally
3. the removing release

[mattkretz]

👍 Two comments:

1. I think deprecation also shouldn't happen on patch releases.
2. I believe two weeks between deprecation and removal is quick, in general. I'd rather say 2 months to give users more time to focus their work on other important topics without always having to jump whenever a FairMQ deprecation happens.

[dennisklein]

I think deprecation also shouldn't happen on patch releases.

How about "should be avoided in patch releases"? The one use case I have in mind is, if one would forget a deprecation in a major/minor release. To fix such an oversight with a minor release that only adds a deprecation (which might be a release notes only change in some cases 😅) feels strange, no?

I'd rather say 2 months to give users more time to focus their work on other important topics without always having to jump whenever a FairMQ deprecation happens.

@ktf I basically took the two weeks from your feedback earlier today. I would be fine with two months as well, any objections?

[ChristianTackeGSI]

I think deprecation also shouldn't happen on patch releases.

How about "should be avoided in patch releases"? The one use case I have in mind is, if one would forget a deprecation in a major/minor release. To fix such an oversight with a minor release that only adds a deprecation (which might be a release notes only change in some cases sweat_smile) feels strange, no?

Looking from the alternative API (if there is one…) side of things:
A new API usually means a new feature. A new feature usually means a new minor release, right?
So a patch release *.y.z that deprecates something should have the alternative/new API at least introduced in *.y.0, IMHO.

[mattkretz]

How about "should be avoided in patch releases"?

To me deprecation is on a similar level as feature additions. Both really shouldn't happen in patch releases. If you forgot a feature in a minor release you wouldn't add it in a patch release either. Right?

[dennisklein]

To me deprecation is on a similar level as feature additions. Both really shouldn't happen in patch releases. If you forgot a feature in a minor release you wouldn't add it in a patch release either. Right?

After sleeping on it, I agree with this argument - deprecation is still a bit weaker compared to an addition, since it is not the removal yet, but it is also clearly not a bug fix which is meant to be represented by the patch version according to the semver definition. And it will go along with @ChristianTackeGSI's comment as well.

[dennisklein]

I'd rather say 2 months to give users more time to focus their work on other important topics without always having to jump whenever a FairMQ deprecation happens.

@ktf I basically took the two weeks from your feedback earlier today. I would be fine with two months as well, any objections?

but if you prefer to put two months, that's also fine.

Then two months it is.

[ktf]

Personally, I think this is to much of "legal" wording. To me the whole behaviour I would want can be summarised by:

"Two SUBSEQUENT releases SHOULD not introduce any warnings or errors in dependent codebases (e.g. O2) unless an alternative, equivalent solution working in both is provided."

For the definition of SUBSEQUENT. For me is anything which happens between one validation at point 2 and the other, but if you prefer to put two months, that's also fine.

Of course exceptions are possible when doing things incrementally creates more work than it saves, it does not need to be strict.

[mattkretz]

Would you be happy if [...] and suddenly you started to have dozens (or hundreds) of warnings, polluting your build logs, making it difficult [...]

Yes. If I opt in to getting diagnostics about deprecations in dependencies, then I'm interested in porting away from deprecated API and would be extremely unhappy if I get no warnings for deprecated APIs. However if I'm not the one to do the work and another person decided I must turn on those warnings, yes I'd be annoyed. But who does that...?

[ktf]

Anyone who has a running experiment and needs to support a two versions of your software for a few weeks to allow quick rollback in case there are troubles, without having to worry about unrolling cosmetic changes (which in the meanwhile might interfere with the over 100 commits per week we get to our codebase).

Yes, I could temporarily turn off -Wdeprecated-declarations and then turn it back on. In general I also find my way around using #if __has_include or other tricks. As your client I am asking to wait for a couple of weeks before you formally [[deprecate]] APIs, especially if it's for widespread cosmetic fixes.

[dennisklein]

As your client I am asking to wait for a couple of weeks before you formally [[deprecate]] APIs

What I interpret into this request is actually that you would like FairMQ being tightly integrated into the O2 codebase/development model like another module in O2. Then any change would naturally follow the downstream schedule and coordination and all this overhead of doing separate releases and supporting multiple upstream APIs would immediately be gone. I am very open to looking into such an option, tbh. But as long as we keep FairMQ as a separate project/library, it is a different story, is it not?

[ktf]

No, that's not what I asked. I guess I forgot a "kindly" and it should have been "As your client I am kindly asking".

I think @ChristianTackeGSI explained very well the need: if something triggers a lot of deprecation warnings in many places, please, be pragmatic and hold for a bit adding [[deprecated]]. You can still deprecate it in words in the release notes. It will make the experience of your users smoother and no one in your audience will miss the extra warnings for a couple of weeks.

Regarding the integration, I think we did well so far, I frankly do not see why to change.

[dennisklein]

please, be pragmatic and hold for a bit adding [[deprecated]]. You can still deprecate it in words in the release notes.

Your request as understood by upstream:

• two deprecating releases
  • first one pre-announcing deprecation in text form
  • second one adding compiler deprecation warnings
• wait a certain wall time between those two releases (couple of weeks?)

Downsides for upstream if implemented as requested:

• has to repeat all deprecations twice in the release notes of the two releases, or how does downstream imagine the actual enabling of user-facing compiler warnings should be handled then?
• has to make two releases which only differ in having deprecation warnings enabled or not
• has to track and honor some arbitrary wall time requirement of one downstream

Upstream thinks the pre-announcing deprecating release is unnecessarily complicating its release process and provides a counter offer:

• a -DFAIRMQ_NO_DEPRECATED_DECLARATIONS option that disables all [[deprecated]] attributes (we can also call it differently, e.g. FAIRMQ_NO_DEPRECATION_WARNINGS ?!)
• a single deprecating release that uses the release notes and - if applicable - compiler warnings

Upstream understands your use case, it is implemented like this:

1. Deprecating release v1.6.0 lands, downstream eventually (no need for synchronisation with upstream) edits alidist/fairmq.sh:

--- a/fairmq.sh
+++ b/fairmq.sh
@@ -1,6 +1,6 @@
 package: FairMQ
-version: "%(tag_basename)s"
-tag: v1.5.0
+version: "%(tag_basename)s-alice"
+tag: v1.6.0
 source: https://github.com/FairRootGroup/FairMQ
 requires:
   - boost
@@ -35,7 +35,7 @@ esac

 cmake "${SOURCEDIR}"                                              \
       -GNinja                                                     \
-      -DFAIRMQ_NO_DEPRECATED_DECLARATIONS=OFF                     \
+      -DFAIRMQ_NO_DEPRECATED_DECLARATIONS=ON                      \
       ${CXXSTD:+-DCMAKE_CXX_STANDARD=${CXXSTD}}                   \
       ${CXX_COMPILER:+-DCMAKE_CXX_COMPILER=${CXX_COMPILER}}       \
       ${CMAKE_BUILD_TYPE:+-DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE}} \

2. Downstream eventually finishes its verification process by being perfectly API backwards compatible to the previous version without any breaking deprecation warnings, then eventually edits alidist/fairmq.sh once more:

--- a/fairmq.sh
+++ b/fairmq.sh
@@ -1,5 +1,5 @@
 package: FairMQ
-version: "%(tag_basename)s-alice"
+version: "%(tag_basename)s"
 tag: v1.6.0
 source: https://github.com/FairRootGroup/FairMQ
 requires:
@@ -35,7 +35,7 @@ esac

 cmake "${SOURCEDIR}"                                              \
       -GNinja                                                     \
-      -DFAIRMQ_NO_DEPRECATED_DECLARATIONS=ON                      \
+      -DFAIRMQ_NO_DEPRECATED_DECLARATIONS=OFF                     \
       ${CXXSTD:+-DCMAKE_CXX_STANDARD=${CXXSTD}}                   \
       ${CXX_COMPILER:+-DCMAKE_CXX_COMPILER=${CXX_COMPILER}}       \
       ${CMAKE_BUILD_TYPE:+-DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE}} \

Upsides for upstream:

• only one deprecating release
• no tracking of any wall time between two releases

Upsides for downstream:

• same experience as if there were two upstream releases - two trivial edits of alidist/fairmq.sh - No? What are we missing?
• completely independent of the upstream release timing, no anciety necessary that upstream does anything too fast

Downsides for downstream:

• ??? so far I didn't get any. How exactly is the requested 2-step-deprecation-releases smoother for downstream compared to the counter offer?

And as we discussed in the other threads and as it is already stated in the proposed policy, there are exceptions to the above, the two most important that come to mind are:

• larger deprecation campaigns will need pre-announcing deprecation releases, potentially even multiple
• C++ may simply not support certain migration paths via a simple [[deprecated]] and we need to do something custom anyways

[davidrohr]

I fully agree with @dennisklein 's proposal @mattkretz 's comment.
I also think the text is a bit lengthy, but much of it refers to special cases where users suppress the deprecation warning.
I think the main points are simply:

• Removals must only happen in major releases, deprecations should happen only in major releases if possible.
• Removals of APIs or deprecations must not happen in the same major release in which the replacement API is introduced, but only in a later major release.

[dennisklein]

Removals must only happen in major releases

Ok, that would be more strictly the semver definition. Let's adopt that. Will take a bit of getting used to it, since we underused major and minor versions in the past years. but that was broken anyways ;)

deprecations should happen only in major releases if possible.

Following @mattkretz's definition deprecation is similar to feature addition, and it is clearly not breaking. From that I conclude deprecation can happen in minor releases as well, which you don't deny, but what is the specific reason you feel it should be preferred in major releases?

[dennisklein]

Removals of APIs or deprecations must not happen in the same major release in which the replacement API is introduced, but only in a later major release.

The removal point is clear, but for deprecation there are two cases: Can the compiler warning be reasonably filtered out by downstream?
A. If not, then upstream must make an additional release
B. If yes, which is the case for e.g. [[deprecated]], then replacement API and deprecation can happen in the same release. Or can you give a reason, why a compiler switch is not enough?

[mattkretz]

I agree about removals only in major versions. The point of major versions is to ship breaking changes.

But deprecation of API happens whenever replacement is ready. No need to hold back useful information. If the intent is to remove, then make it clear. Deprecation in minor releases (feature releases) should be fine.

[ChristianTackeGSI]

One other point is the (potential) amount of code downstream ("customer") has to touch. If it's a few lines of code (< 10 warnings), then things are different from having to touch 100 files.

For the first case, downstream can likely create their own #ifdef-style blocks and be done.

For the second case it might be nicer, if there would be a "migration plan". For example with one version introducing new, parallel APIs without (or disabled by default) deprecation warnings, etc. Having this in properly planned means that "the customer" can decide on their own, which version steps they want to take. (If they jump on latest, they may not complain!)

[ktf]

Yes, exactly my point.

[dennisklein]

if there would be a "migration plan"

That is what I intended to cover with the bullet point about "larger deprecation campaigns" and the one I linked as an example is basically the only big one FairMQ ever did and it was announced way ahead (Mar 21 2022) of the actual [[deprecated]] (Mar 7 2023). Everything else were basically single symbol deprecations as far as I can remember.

If it's a few lines of code (< 10 warnings), then things are different from having to touch 100 files.

But how would upstream know how much warnings it will produce in the downstream compilation in general, even a single symbol deprecation may cause millions of warnings, does it not?

[ChristianTackeGSI]

But how would upstream know how much warnings it will produce in the downstream compilation in general, even a single symbol deprecation may cause millions of warnings, does it not?

Well usually upstream has some ideas on how the code should be used (examples / tutorials!). If downstream deviates from that drastically, then they either should be in contact with upstream anyways or have no reason to complain.

[ChristianTackeGSI]

About wall time between deprecation and removal:

I don't think, the wall time is really important in this area. As upstream you can't usually influence when downstream switches to which version. If the ReleaseNotes are well written, then downstream can decide on their own on which version to jump and thus decide on their adoption rate of one particular change.

What might actually be a point: Required changes per wall time. So if upstream would deprecate 100 APIs per week (and removes them six months later), then this means a lot of work for downstream.
I guess, FairMQ has something like two to four interesting deprecations per year? So IMHO that's not a problem here?

[dennisklein]

Required changes per wall time.

I fully agree and I am happy to even implement something like this by e.g. limiting major releases (as the discussion here so far concluded, we basically want semver semantics, ergo API removal only happens in major releases) to a certain rate, let's say one per 3 months or one per 6 months. A slightly different variant would be the commitment of upstream to support every major release a minimum amount of time, so that downstream is always guaranteed to be able to stick with any major release for this amount of wall time.

However, what we have not worked out yet, is the definition of a "required change". Nobody has made a convincing argument yet, why a deprecation warning by the compiler is perceived by downstream as a requirement to change. As @mattkretz has pointed out as well as @davidrohr did earlier downstream has already full control on deprecation warnings now (and I offer to make this control even more fine-grained by providing a FairMQ-specific switch on top). Only @ktf seems to not be happy about this for some reason. He even stated himself "Yes, I could temporarily turn off -Wdeprecated-declarations and then turn it back on." earlier but then keeps asking for pre-announcing the warnings in multiple releases. Why do you prefer this over the switch?