New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
What do the versions mean? #1566
Comments
This is a good question. Thanks for asking. First of all gopass is using semantic versioning because that's what a lot of tools, e.g. But what's a breaking change? Any change might break someones workflow. However we never did a clean definition so far. This is something we started to address while working on the 1.10.0 release. We've also started to define our core use cases - however that work isn't finished, yet. So I'd suggest you look at the existing command documentation and file issues if you notice any discrepancies between what's documented and actual behaviour on the one hand as well as discrepancies between your expectations and the specification on the other hand. Then we can start to discuss specific details. One thing we should do to resolve this issue is to document how we define our versioning scheme. |
Oh, and btw. what's the problem with #1353 exactly? |
Thanks for responding so quickly! There are a few things to unpack, I hope I manage to address them all.
When you say "semantic versioning", are you referring to semver.org or a versioning schema that adheres to your own semantics? Either is fine, I'd just like to be on the same page. The semantics of minor releases you're describing don't make much sense to me. In my understanding of software, architectural changes don't necessarily change or break the API or UI. So, when would those be okay? And isn't a new secrets format a major architectural change? Especially because you're suggesting in the changelog:
That sounds pretty disruptive to me. Because - like in our case - when some people update to 1.10.0 and others are still on 1.8.6 things are bound to break for them. You could argue that people should always keep their tools up-to-date but with a lot of people this is hard to coordinate. For scenarios like this it'd be good to announce such changes via the tool itself, as in, you release a version that keeps the behavior but announces its deprecation. Much like in libraries and frameworks that log deprecation warnings but keep that behavior for a few versions.
That's a very good thing. It's a bit unfortunate that gopass' versioning started with 1.0.0. According to semver.org it would have been better to start with 0: Major version zero (0.y.z) is for initial development. Anything MAY change at any time. The public API SHOULD NOT be considered stable. But it is what it is now. So, all that being said, why not go to 2.0.0 instead of 1.10.0?
It's just something that accidentally broke people's setup, ours included. We'll find a way around it but not by updating to 1.10.0 because I'm too afraid it'll break too many things for too many people and too many repos containing scripts using gopass. |
I'm referring to semver.org. But we never wanted gopass to be used as a library and didn't hold ourselves accountable to the strict versioning style. Maybe we should still be on a major version of 0. I'm not sure. The upgrade path for the new secrects format is indeed a bit rough. That wasn't planned very well and I wonder if it's to late to revert the default to not using the new format, yet. We still support all previous formats, but you're right. Users of older versions will get into trouble. That wasn't intentional. Maybe 1.10.0 should have been a 2.0.0 relase. But I guess that's too late now. I'd appreciate if you could help us (e.g. by providing feedback) making the next 1.10.x releases one you'd be willing to upgrade to. I'm sure others would appreciate that, too. |
For #1353 the problem actually stem from the fact that autoclip should not have influenced 1.10 should actually be easier to migrate to than 1.9.2, I think since we corrected a lot of bugs / misbehaviour that were in 1.9.2 since it wouldn't suffer from #1353 for instance. If you have a big team using gopass, we would be really super happy to get as much feedback as you can give us :) |
Thank you for the insight, @dominikschulz. And thanks for the info and encouragement, @AnomalRoil. Sorry for the late response. I've moved on to another project, so I can't really support my old project with upgrading gopass anymore, I hope when they try that they'll find this thread. Regarding feedback, I do have a few things (this is for version 1.8.6). I don't know if this thread is the right place, if not I'm happy to repost somewhere else:
Maybe some of these things have been mentioned by other people in other issues before, I didn't check. It's just the major pain points I can remember from working with it in a bigger team for almost 2.5 years. All of this being said, I know that gopass solves a difficult problem and I'm aware that good security often comes at the cost of convenience. Some things I mentioned are just rough edges that can be polished. But maybe there's also a deeper issue with Git as the default backend, I don't know, just guessing. |
Thank you very much for sharing your experience with us. Actually with 1.11.0 some breaking changes have been rolled back and other issues have been fixed, so upgrading from older versions should have become feasible again.
Expring recipient keys is one of the issues that come with using gpg. I've tried to get rid of that, but too many people need use gpg so we're stuck with that. We'll need to figure out the best option to deal with that. |
@dAnjou Please note that many of these issues should have been addressed meanwhile and we tried to properly document our promises around API stability and what versions mean. Also we have taken a much more cautionous approach wrt. breaking changes will be more careful going forward. The catch is that you'll have to upgrade to 1.11.0 (or better: 1.12.0+) to get there. Feel free to re-open in case this is still and issue that needs to be discussed. |
Hi,
when I read versions in the format of x.y.z I assume semantic versioning (maybe I shouldn't?). But it seems gopass introduces quite a few breaking changes in new minor version.
So, what do gopass' versions mean?
Background is that we rely heavily on gopass in a team of ~40 people for our infrastructure, system, and application secrets. We maintain our own homebrew repo which provides a specific version of various tools, gopass included. The other day I updated that version from 1.8.6 to 1.9.2 assuming everything would just continue working. But we ran at least into issue #1353 which is kind of a bummer because now we'll have to update a lot of repos and communicate that to a lot of people, or we go back and are stuck with 1.8 for now.
The text was updated successfully, but these errors were encountered: