On Sat, Apr 07, 2018 at 09:30:05AM +0100, Paul Moore wrote:
> On 7 April 2018 at 04:13, Steve Dower <steve.dower@python.org> wrote:
> > Better to deprecate it before it becomes broken, in my opinion.
That argument could be applied to everything in the std lib.
Sure, but we all know none of this is as black-and-white as it's being portrayed either.
> > Having someone willing and able to review and merge changes is the best
> > criteria for whether a module is still supported or not.
I don't think "best" is justified -- and certainly it is not the *only*
criteria.
But you have to admit it is an important one.
Modules can become stable simply because they have no known bugs and no
new feature requests. Stable doesn't mean useless, and the urge to
consider anything that isn't being regularly fiddled with as "obsolete"
is a tendency to be resisted.
If the module isn't broken, there's no need to fix it. That's a GOOD
thing, not a reason to dump a perfectly good, useful, working module.
I think part of the question is whether the module is also used enough to justify putting in scarce core dev time to maintain it.
Raymond has stated that he is happy to work on it if there are any bugs
reported on it, and if he's not available, I'm sure somebody will.
Actually Raymond said he teaches the module, not that he wanted to maintain it. And I definitely would not assume that someone will pick up to help maintain any module in the stdlib.
And
if not, well, we don't have any sort of performance guarantees on fixes:
sooner or later, *somebody* will provide a patch.
Assuming someone does, do we really want to say, "eh, it's buggy but we can wait over 7 years for a fix" (the oldest open issue on b.p.o is from August 2009:
https://bugs.python.org/issue6686). And even if they do, that doesn't mean someone will have the time or inclination to review it and eventually see it through to being merged.
That's the beauty of
the Open Source model. There are plenty of potential upstream
contributors who could contribute a patch.
But potential does not necessarily translate to action.
> I think there's a difference between not being willing to add
> enhancements, and not fixing bugs. The issue that originally triggered
> this discussion was an enhancement request, and I don't think it's
> unreasonable to declare cmd as "stable - no further enhancements will
> be made or accepted" while still considering it as supported for
> bugfixes.
Its not an unreasonable position to take, but I don't think it is
justified in this case. The cmd module is not something so arcane or
complicated that it requires a specialist to maintain it. Its about 400
lines, including blank lines and doc strings, with a single class and
around twenty methods.
Wasn't one of the major reasons for moving to git and Github to
make it easier for non-core devs to contribute?
Actually the major reason was to make it easier for core devs to review contributions. Easing the workflow for outside contributors was a side benefit.
A module as stable and
simple as cmd seems to me to be the ideal place for people to begin
contributing, whether it is fixing bugs or contributing any
(hypothetical) feature enhancements.
Perhaps, but that assumes someone wants that job. ;)
I don't think we need do anything here: so long as there is a core
developer willing to review any PRs, and so long as new enhancements go
through the same approval process on the bug tracker and/or Python-
Ideas, I don't think we need to single cmd out as deprecated or "no new
features".
Those two "so long as" parts are I think the key reason Ned brought this up.
This isn't gopher, or something with serious unfixable security
vulnerabilities. It works. What more needs to be said?
I think this all ties back to the usual discussion we have when it comes to the stdlib: what is the bar for what should be in there because nothing is maintenance-free?
The cmd module itself has plenty of commits that were just standard code maintenance changes:
https://github.com/python/cpython/commits/master/Lib/cmd.py . All of that eats up time over the 26 years of the module's existence. And feature enhancements are not free either even if you don't review the PR because even if you don't review them you still have to peruse the PR title to make the decision not to review it, which once again is a small amount of time in isolation but adds up at a macro level.
We all have a limited amount of time to contribute, especially when we are almost all spending personal time on this project. And no matter how trivial a module is to keep around, it is not a non-zero amount of time for the group all-up, even if we all collectively choose to ignore it in hopes someone comes forward to help out.
And I would also say that ignoring a module until someone comes forward to maintain it runs counter-productive to our overall goal to produce quality software as we are effectively saying we are okay with lower quality if it simply puts us out too much to maintain it. I personally would argue that the language itself is an amazingly solid piece of software but that the stdlib's quality varies. For me, that's where my personal desire to trim the stdlib a bit so we can have "more wood behind fewer arrows" and bring the stdlib's quality up a bit.