New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Auto-generated build-depends-preemptive, and --follow-pvp flag #1828
Comments
Ahh, very nice. That seems like it would allow for two very nice features:
|
Why do we require this to be generated on the server? Cabal has access to all package upload time stamps locally, as the file modification time stamps in |
I am a big +1 on this feature, and @snoyberg 's algorithm is a great idea, even though I totally disagree with just about every statement of @snoyberg in his justification for the feature in the first post. This feature is simply the dual of This feature would save us huge amounts of time (and pulled-out hair). It's true that we can limit versions explicitly using constraints, and record those solutions in the package-local I really would want it also to be possible to specify this for individual packages - just as I would want that for I propose the following syntax: In constraints, As an option, As for the admitted straw man |
You know about the |
No I didn't. Thanks, that's great news. We're usually not on the latest cabal - that would drive our release team crazy - and we very rarely need to ignore upper bounds rather than tighten them. But it's good to know about that, and I'm sure we'll use it. And that means there's no reason not to allow per-package inferring of upper bounds, by symmetry. |
@ygale I agree that enabling
It makes sense to compute this information once and cache it. Also see the pros @snoyberg mentioned. Yackage will still work, it's just that packages uploaded to it won't have pre-emptive upper bounds inferred. |
The term "preemptive upper bounds" is misleading and affected - it is an attempt to delegitimize PVP. Upper bounds don't "preempt" anything - they are an important part of the semantics of a dependency specification (and no, they can't be calculated automatically, although @snoyberg 's algorithm is a good heuristic that will often be correct), and it's then up to cabal what to do with that information. I am strongly opposed to changing PVP to allow omitting upper bounds. Packages with cabal files that omit upper bounds are broken: they promise that they will support all future versions of a dependency forever, no matter what changes are made to it. I won't go on any more about this here (unless you insist) because I don't think this is the forum for that discussion. The reason for adopting the proposal in this issue must not be a sneaky way to force upon the community a massive change to PVP, which is a far broader issue and certainly cannot be decided in a cabal-install GitHub issue. That would truly be "preemptive". Instead, the reason is to make cabal-install more powerful and flexible, which it would certainly do.
Since most package authors do comply with PVP, this information would rarely be needed. We probably would use this feature as much as anyone, and we only need it for the minority of PVP-broken packages, plus a few others. This is a calculation that takes a few CPU cycles per package-version. Is it so important to save a few cycles to make such a major change to cabal/hackage architecture? There are many other simpler designs, including various kinds of local caching. My opinion is that anything other than local calculation on demand would be premature optimization. If we see that this creates a performance issue, we can think about what to do then.
Local calculation would support all packages and versions. No backfilling is needed.
The proposed feature is a
What you are saying is that yackage will work, but cabal-install will now be somewhat broken - the inferred upper bound feature will stop working. This feature is important to us. |
@ygale Not only are you misreading what I've said here, you then say that your misunderstanding somehow represents malice on my part. I will furthermore state that- as I stated initially- this proposal came from @23Skidoo after seeing my work on a Hackage mirror with added upper bounds, not something I proposed. And further, I haven't stated that this proposal is in any way dependent on PVP changes! So please take a step back and reread what I've said before making any more accusations that I'm trying to be sneaky or misleading here; I've been complete direct in all of my motivations, and it's upsetting that you're trying to imply otherwise. Regarding the term itself: preemptive upper bounds is completely accurate. You are preemptively stating that your package won't work with a new version, even though that isn't known to be true. If you think that this term somehow is wrong, and somehow biases people in the wrong way, then provide a new term that you think makes more sense. But your mistaken comment here demonstrates the obvious need for a separate term, as your comments confuse the discussion by talking about "removing upper bounds" in an absolute sense, when that's not all what's been proposed.
If that is the case, then please provide an example of a preemptive upper bound which cannot be calculated automatically.
I'd like to see a stat on that, every single analysis I've ever done has said the opposite. And this is really a core component of this proposal: people looking to get benefits from the PVP require broad Hackage support of the PVP, and having the preemptive upper bounds automatically generated ensures this.
Then you misunderstood. This is talking about allowing someone to say "package foo-1.2 wasn't available when package bar was released, but since then, foo-1.2 was released, so let's relax the automatically determined upper bound for everyone." That's not to say that I disagree with some of your arguments for this being more logically a client-side feature, but let's not see incorrect statements accepted simply to try and win an argument. |
@snoyberg
You didn't say that, but @23Skidoo did:
And I must admit that I was quite shocked by that.
That is not what an upper bound means in PVP. An upper bound is an estimate - not a statement of fact - by the package author of until what version that dependency is likely safe. It is clear from the discussion of "risk" in PVP that this is the intention, not being "preemptive" in any sense. It's not forbidding you from using later versions, just giving you information about when there starts to be some risk of incompatibility. Users can then decide what to do with that information (assuming they have a recent enough version of
No not really. The more good information we get the better, but now that
One obvious example is tagged. That library underwent major version bumps (second component) on a constant basis for a while. Those version bumps were correct. But most packages using tagged only use the The opposite problem can happen with a library that is experiencing frequent minor version bumps that matter to you - like dependency version bumps that can mess up your build plan, or like when you are using internals of the dependency. Then you may want to use the third or fourth component, for example, to determine your upper bound.
That's not how I would use this feature; we don't need that. I would use it as a huge time saver for dealing with particular packages whose omission of upper bounds causes us trouble.
I admit that my statement is anecdotal, based on the few hundred or so packages that I happen to use frequently. Furthermore, we use almost exclusively older versions of packages, from before all the screaming about PVP began in earnest. So things may very well have changed. But again, I don't think that's really an issue. I hope that once things settle down, and it really starts sinking in how much better cabal is now, people will start providing better upper bound estimates again.
Indeed, I misunderstood. I thought the goal is to make it easier to deal with packages that omit upper bounds. And then there was a proposed implementation that involved server and protocol hackery. So I suggested a simpler implementation in a more traditional client-side fashion - which might not have been obvious if you didn't think of the tar file mod date trick. I don't like the idea of Hackage providing a modified view of packages that were uploaded. Even if the lack of upper bounds in many packages is inconvenient for me, if that's what they published, that's what I should see. But gee-whiz, I sure would like to be able to apply your algorithm automatically sometimes. |
@ygale I'm sorry, I really don't see the relevance of most of your response to what I wrote. Your comments on tagged are a criticism of the PVP's rules for placing upper bounds, which this proposal merely codifies. If you're opposed to those rules being codified, then it seems like you're really opposed to the PVP's statements regarding how upper bounds are supposed to be placed on packages. Your comments about three and fourth numbers similarly conflict with the PVP. In other words, your complaints don't belong in a feature discussion for cabal, they belong on the libraries mailing list about problems with the PVP. I also don't think your explanation of how my term "preemptive upper bound" is wrong is convincing. You also haven't provided any preferred term. So I'll continue using my term, until a different one is agreed upon.
This one I can't even start on... it's not about ensuring that the PVP works by adding upper bounds where they're missing, it's about being a time saver for adding upper bounds where they're missing?!? Back to the topic at hand. This feature will allow people who want to rely on PVP upper bounds to get that benefit, even when package authors don't indicate those upper bounds. Will the upper bounds sometimes be overly restrictive? Yes, that's the nature of these upper bounds. That's why the proposal provides a means of relaxing them after-the-fact. Might this feature affect future discussions of changes to the PVP? Sure, why not, but that's not what's being discussed here. I'd like to keep this discussion on track for the feature itself, not a place to attack someone's choice of term or argue over minutiae of the exact benefits of having upper bounds. We all accept that upper bounds are useful, this proposal is about an automated way of providing them when authors (for whatever reason) choose not to. |
First of all, just to make sure: We are talking about PVP that is defined here: http://www.haskell.org/haskellwiki/Package_versioning_policy At the time, Simon's write-up of PVP seemed absolutely clear. But perhaps that was only because we were in the context of what was happening at that time. I'm beginning to suspect that all the recent noise about PVP is being caused by relative newcomers to the community who were not present then and who have completely misunderstood PVP. |
This proposal consists of a major architecture change to the cabal/hackage system, and a user-visible feature that it would make available.. I am in favor of the user-visible feature, since it would be very helpful to me. And do I highly appreciate that @snoyberg made this proposal with users like me in mind; Thank you! But that feature could be implemented simply, without the re-architecture. The only claimed significant justification for the re-architecture depends on one particular view on a highly controversial topic. I completely agree that this is not the place to discuss controversial topics and make decisions on them. So if we are not going to consider just the feature on its own, I don't see much point in continuing. |
See also #3729 for a similar idea though with a different mechanism. |
I guess this somehow RFC was not formally or informally accepted nor rejected. |
Discussed via email with @23Skidoo, I'll try to capture what we wound up at, but if I put in anything you disagree with, please correct me.
The goal is this: the contentious and time-consuming part of the PVP is preemptive upper bounds: putting upper bounds to exclude versions of packages not yet released, since they might break the build. As opposed to known upper bounds, it is often desirable to relax these constraints, as a valid build may still exist. Additionally, these preemptive bounds can be fully determined by simply inspecting upload dates of packages.
So the proposal is this. In addition to having the build-depends field in the cabal file, we will have a new field with an identical syntax called
build-depends-preemptive
. This field will be automatically generated by cabal (question: at what point would it be generated? I'm unclear on that) using the following PVP-inspired rule:foo >= 1.2
, and the newest version offoo
on Hackage is 1.5.3, thenbuild-depends-preemptive
will havefoo >= 1.2 && < 1.6
.This field will not be user editable.
We would then have an additional flag- strawman-proposal for naming being
--follow-pvp
- which would use thebuild-depends-preemptive
field instead of build-depends. This leads to essentially three modes of operation regarding upper bounds:--follow-pvp
: cabal will only use versions of dependencies available at the time of upload.--allow-newer
: completely ignore all upper bounds, whether they are preemptive or specified by the user. This would still be vital for dealing with older packages which have preemptive upper bounds in their build-depends field.I won't include proposed changes to the PVP in this issue, but I believe this will obviously have ramifications on recommendations of the PVP.
The text was updated successfully, but these errors were encountered: