Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request to reconsider not removing old releases. #12383

Open
1 task done
SayantanRC opened this issue Oct 5, 2023 · 19 comments
Open
1 task done

Request to reconsider not removing old releases. #12383

SayantanRC opened this issue Oct 5, 2023 · 19 comments
Labels
support How do I ... ? Can I ... ?

Comments

@SayantanRC
Copy link

Is there an existing request for this feature?

  • I have searched the existing issues for this feature request and I know that duplicates will be closed

Is your feature request related to a problem?

Currently I am using NixOS, but I believe this will affect other linux distros too.

We are unable to download older versions (which are considered stable) of postman except the newest release. This might affect a lot of users.

Related issue link here: NixOS/nixpkgs#259147

Is this behavior expected? If yes, is it possible to reconsider the decision?

Describe the solution you'd like

Keep older versions.

Describe alternatives you've considered

No response

Additional context

No response
@SayantanRC SayantanRC mentioned this issue Oct 5, 2023
Open
@chasecaleb
Copy link

chasecaleb commented Oct 5, 2023
edited

For an example of the impact, this effects myself and a significant number of coworkers in dev and QA roles. We appreciate Postman, but this causes enough friction for us that we may be forced to switch to another tool instead if this change is not reconsidered.

@numaanashraf
Copy link
Member

@SayantanRC Thanks for writing in. We recommend being on the latest version as they contain all the security and reliability patches and are considered stable.

How can we help get the version of Postman in nixpkgs updated to the latest version?

@SayantanRC
Copy link
Author

How can we help get the version of Postman in nixpkgs updated to the latest version?

@numaanashraf I am not very much aware of how nixpkgs functions, but I believe the model is similar to node js lock file. NixOS is all about reproducible builds. Hence if a person is on NixOS 23.05 (stable release), they will always get Postman version 10.12.0. This makes it such that any other colleague who is on NixOS 23.05 will also be able to test code on 10.12.0 version of Postman itself, there won't be any version mismatch.

There is an unstable branch in NixOS that gets regularly updated. But if anyone is using nix flakes to get reproducibility, then they will also face the same trouble when older builds are unavailable (I think).

Always rolling over to the latest Postman version, even for the stable releases goes directly against the NixOS philosophy in my opinion.

Anyone with more know-how regarding this, please feel free to correct me.

@heismauri
Copy link

Please reconsider re-uploading them, I have to download an older version too.

@numaanashraf
Copy link
Member

@heismauri There are no plans to re-upload or distribute old versions as these lack the relevant reliability and security patches. How can we help you use and be on the latest version?

@numaanashraf numaanashraf added support How do I ... ? Can I ... ? and removed feature labels Oct 6, 2023
@anna328p
Copy link

anna328p commented Oct 6, 2023

This seems equivalent to publishing a package foo on npm and deleting v1.0.1 when you release v1.0.2. Any package that has foo 1.0.1 in its lockfile will fail to build, which is an issue for (at least) reproducibility, bisecting, etc.

Nixpkgs uses a model very similar to lockfiles (though a little different for historical reasons). Dropping older releases of postman breaks older commits of nixpkgs from building.

@heismauri
Copy link

@heismauri There are no plans to re-upload or distribute old versions as these lack the relevant reliability and security patches. How can we help you use and be on the latest version?

As mentioned repeated times before, forcing a login when using certain features leads to people needing to use older versions in order to keep using your product. The only way to use the latest version if you rollback forcing a login when using collections, which looks like it is a hill Postman's team will die on. So sadly, you can't help me unless my opinion matters in some way and you guys decide to rollback that.

Technetium1 added a commit to Technetium1/ChocolateyUpdate that referenced this issue Oct 7, 2023
@Technetium1
Remove Postman
81ca55e 
Developers are being scumbags and removing data if you refuse to create an account. They're also deleting old releases to make downgrading impossible. This software and its developers can no longer be trusted. 
https://news.ycombinator.com/item?id=37792690 
postmanlabs/postman-app-support#12369 
postmanlabs/postman-app-support#12114 
postmanlabs/postman-app-support#12383
@tldzyx
Copy link

tldzyx commented Oct 10, 2023

Is there any one provide other way to store and shared the old version, we need it.

@emptyflask
Copy link

Removing old releases is hostile to users. We need to be able to download specific versions for NixOS (same for Guix or any other OS with a deterministic build system)

This seems like it's an attempt to lock users into whatever new "features" are added, to ensure everyone pays, and no one can circumvent it by using older versions. Security and bug fixes are just a poor excuse. You don't see outdated, insecure versions of the linux kernel, openssl, etc. being sent to the memory hole.

@emptyflask
Copy link

emptyflask commented Oct 12, 2023
edited

I was asked to copy my comments from the Postman community board here.

I’m trying to install a newer release of Postman on NixOS, which attempts to download https://dl.pstmn.io/download/version/10.18.6/linux64 – but this is now a 404.

From some casual testing, it appears that latest is the only version option available. Perhaps someone thought you should only be able to get the latest and greatest release, but this does not work with a deterministic build system.

It looks like this happened before, Download specific version of postman, presumably they were restored at some point, and now they’re gone again.

@emptyflask
Copy link

Since the Postman team doesn't seem to be interested in being helpful here (for paying customers, I might add), Bruno with a shared git repo is looking like a viable alternative.

@evanjs evanjs mentioned this issue Nov 15, 2023
Closed
@SMFloris
Copy link

SMFloris commented Dec 1, 2023

I am sad to see that the Postman team decided to go this route and basically let go part of their users. We will drop any Postman usage starting Monday in our company and will use OSS alternatives. This was the one software our Tech CS and QA that was not OSS, but was friendly and flexible for them to use. Oh well, lesson learned.

@chasecaleb
Copy link

I am sad to see that the Postman team decided to go this route and basically let go part of their users. We will drop any Postman usage starting Monday in our company and will use OSS alternatives.

Same situation here in my company with ~50 Postman users. Just want to share this in case it convinces Postman to reconsider.

@DSchau
Copy link
Collaborator

DSchau commented Dec 1, 2023
edited

Hey folks (@chasecaleb @SMFloris @emptyflask) we do hear you here at Postman.

What we'd love to understand is why you are interested in the older versions. In reading this thread, I've seen a few reasons presented thus far:

  1. Older releases may be seen as more stable in some way
    • This isn't necessarily true, we ship many security releases, bugs, and so on in each release of Postman, but perhaps there's more nuance in this reason I am not capturing?
  2. Sign-in / login is required
    • We don't plan on changing this decision (for many reasons, detailed here), however I will note that the Lightweight App Client does not require a sign-in and can be used in latest versions of Postman

Are there other reasons that haven't yet been captured for why folks would like older releases? Further still, 2 could be explained further. Why are folks unable to use a product with a login? (as an example, we're right now communicating to one another with a product that requires a login)

I am genuinely curious and would love to figure out the why behind these requests to see if there are other avenues we could pursue and enable as many of you as possible to continue using Postman. If folks are interested and would like to chat with me, please feel free to e-mail me at dustin.schau@postman.com (and keep using this thread, I'll keep monitoring it!) and I'd love to investigate this further.

@emptyflask
Copy link

emptyflask commented Dec 1, 2023
edited

@DSchau in the case of Nix/NixOS, the package manager needs to match a known sha256 hash (stored in the package repo) with a specific version.

This means that on such a declarative system, we're unable to install Postman until someone notices that the build is broken, submits a pull request with the new hash, and it makes it's way downstream to the end users.

Being able to lock to a predictable release is core to systems like NixOS, a bit like how package.lock is used on a project that uses nodejs, only more strict.

While newer versions of a program itself might be more stable, its place within a whole ecosystem may not be, and it's the end user that gets to make that determination.

I'm not interested in running some ancient version of Postman. I just need to be able to download a known one.

@DSchau
Copy link
Collaborator

DSchau commented Dec 1, 2023
edited

@emptyflask makes sense! The reference to package-lock.json especially makes sense, since that's something I'm a bit more familiar with.

Would you be open to walking me through (you can e-mail me, Twitter DM, etc. whatever works best for you) how other products are adopted in NixOS? Perhaps there's some kind of eventing we could expose or document that would at least make the process less broken for your team, but I can't say I fully understand how packages get added in the NixOS world currently.

I'm not interested in running some ancient version of Postman. I just need to be able to download a known one.

I hear this loud and clearly, and appreciate it!

@emptyflask
Copy link

emptyflask commented Dec 1, 2023
edited

@DSchau I don't mind communicating here, especially since others can be part of the conversation. This is essentially how nix derivations will download a program (the version in this example is specified in the calling function here). This is a public repository, and users contribute to it via pull requests.

To answer the other part of your question, yes in theory you could open a PR whenever a new version is released and/or act as the package maintainer for postman, but this assumes that the end user is (or is willing to be) always on the bleeding edge of nixpkgs, and they would still have to tolerate broken system builds during the time it takes to propagate these changes. Postman would have to work differently from the other 80,000+ packages that are maintained, in a way that is antithetical to the OS. I think the community would rather remove Postman from nixpkgs.

@DSchau
Copy link
Collaborator

DSchau commented Dec 1, 2023

Interesting. So then PRs to NixOS for Postman would ideally happen whenever a new version is released. As an example, here's the PR updating to 10.18.6: NixOS/nixpkgs#257173 which now breaks for users since the hash has since changed.

And since the link in that pull request no longer works, NixOS users are left with broken builds when that link is removed.

Yeah, I guess the automation I was referring to isn't as useful here. There are tools more in the Node space like Renovate that automatically update locked dependencies when they change, so I was curious if something like that may improve the situation.

This is helpful context, and an example of where persisting at least some older versions of Postman could be advantageous. Thank you! We'll discuss and follow-up as soon as we can.

lohvht added a commit to lohvht/dotfiles that referenced this issue Dec 5, 2023
@lohvht
fix: replace postman with bruno. update flakes
ca88b42 
Replace as postman changes to not offer older older versions
- See this issue on postman:
postmanlabs/postman-app-support#12383 (comment)

For more info, see this issue on nixpkgs:
NixOS/nixpkgs#259147
Kazuto added a commit to Kazuto/.nix that referenced this issue Dec 7, 2023
@Kazuto
refactor(postman): remove it as the devs are assholes and anti-consumer
3b87e20 
See here: postmanlabs/postman-app-support#12383
Kazuto added a commit to Kazuto/.nix that referenced this issue Dec 7, 2023
@Kazuto
refactor(postman): remove it as the devs are anti-consumer
37231fa 
See here: postmanlabs/postman-app-support#12383
Kazuto added a commit to Kazuto/.nix that referenced this issue Dec 7, 2023
@Kazuto
refactor(postman): remove it as the devs are anti-consumer
c4695a1 
See here: postmanlabs/postman-app-support#12383
@lhanson lhanson mentioned this issue Feb 27, 2024
Open
@PierreBeucher
Copy link

Hey there, any news on this? Postman is broken (again) on the most recent stable version of NixOS. As stated before, being able to download "old" release (such as a version set in a .lock file like JS, Nix and countless other tools) seems a natural thing to do for your users.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
support How do I ... ? Can I ... ?
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
11 participants
@emptyflask @numaanashraf @SMFloris @DSchau @PierreBeucher @chasecaleb @tldzyx @anna328p @SayantanRC @heismauri and others