Commit | Line | Data |
---|---|---|
48cb5b3a | 1 | =head1 NAME |
3c78fafa | 2 | |
48cb5b3a JV |
3 | perlpolicy - Various and sundry policies and commitments related to the perl core |
4 | ||
5 | =head1 DESCRIPTION | |
6 | ||
7 | This document is the master document which records all written | |
8 | policies about how the Perl 5 Porters collectively develop and maintain | |
9 | the Perl core. | |
10 | ||
70eadc36 JV |
11 | =head1 MAINTENANCE AND SUPPORT |
12 | ||
13 | Perl 5 is developed by a community, not a corporate entity. Every change | |
14 | contributed to the Perl core is the result of a donation. Typically, these | |
15 | donations are contributions of code or time by individual members of our | |
16 | community. On occasion, these donations come in the form of corporate | |
17 | or organizational sponsorship of a particular individual or project. | |
18 | ||
19 | As a volunteer organization, the commitments we make are heavily dependent | |
20 | on the goodwill and hard work of individuals who have no obligation to | |
21 | contribute to Perl. | |
22 | ||
23 | That being said, we value Perl's stabilty and security and have long | |
24 | had an unwritten covenant with the broader Perl community to support | |
25 | and maintain releases of Perl. | |
26 | ||
27 | This document codifies the support and maintenance commitments that | |
28 | the Perl community should expect from Perl's developers: | |
29 | ||
30 | =over | |
31 | ||
32 | =item * | |
33 | ||
34 | We "officially" support the two most recent stable release | |
35 | series'. As of the release of 5.14.0, we will "officially" | |
36 | end support for Perl 5.10, other than providing security | |
37 | updates as described below. | |
38 | ||
39 | =item * | |
40 | ||
41 | To the best of our ability, we will attempt to fix critical issues | |
7fdd8d84 | 42 | in the two most recent stable 5.x release series'. Fixes for the |
70eadc36 JV |
43 | current release series take precedence over fixes for the previous |
44 | release series. | |
45 | ||
46 | =item * | |
47 | ||
48 | To the best of our ability, we will provide "critical" security patches | |
49 | / releases for any major version of Perl initially released within the | |
50 | past three years. We can only commit to providing these for the most | |
51 | recent .y release in any 5.x.y series. | |
52 | ||
53 | =item * | |
54 | ||
55 | We will not provide security updates or bug fixes for development | |
56 | releases of Perl. | |
57 | ||
58 | =item * | |
59 | ||
60 | We encourage vendors to ship the most recent supported release of | |
61 | Perl at the time of their code freeze. | |
62 | ||
63 | =item * | |
64 | ||
65 | As a vendor, you may have a requirement to backport security fixes | |
66 | beyond our 3 year support commitment. We can provide limited support and | |
67 | advice to you as you do so and, where possible will try to apply | |
68 | those patches to the relevant -maint branches in git, though we may or | |
69 | may not choose to make numbered releases or "official" patches | |
70 | available. Contact us at E<lt>perl5-security-report@perl.orgE<gt> | |
71 | to begin that process. | |
72 | ||
73 | =back | |
74 | ||
70e4a83b JV |
75 | =head1 BACKWARD COMPATIBILITY AND DEPRECATION |
76 | ||
77 | Our community has a long-held belief that backward-compatibility is a | |
78 | virtue, even when the functionality in question is a design flaw. | |
79 | ||
80 | We would all love to unmake some mistakes we've made over the past | |
81 | decades. Living with every design error we've ever made can lead | |
82 | to painful stagnation. Unwinding our mistakes is very, very | |
83 | difficult. Doing so without actively harming our users is | |
84 | nearly impossible. | |
85 | ||
86 | Lately, ignoring or actively opposing compatibility with earlier versions | |
87 | of Perl has come into vogue. Sometimes, a change is proposed which | |
88 | wants to usurp syntax which previously had another meaning. Sometimes, | |
89 | a change wants to improve previously-crazy semantics. | |
90 | ||
91 | Down this road lies madness. | |
92 | ||
93 | Requiring end-user programmers to change just a few language constructs, | |
94 | even language constructs which no well-educated developer would ever | |
95 | intentionally use is tantamount to saying "you should not upgrade to | |
96 | a new release of Perl unless you have 100% test coverage and can do a | |
97 | full manual audit of your codebase." If we were to have tools capable of | |
98 | reliably upgrading Perl source code from one version of Perl to another, | |
99 | this concern could be significantly mitigated. | |
100 | ||
101 | We want to ensure that Perl continues to grow and flourish in the coming | |
102 | years and decades, but not at the expense of our user community. | |
103 | ||
104 | Existing syntax and semantics should only be marked for destruction in | |
105 | very limited circumstances. If a given language feature's continued | |
106 | inclusion in the language will cause significant harm to the language | |
107 | or prevent us from making needed changes to the runtime, then it may | |
108 | be considered for deprecation. | |
109 | ||
110 | Any language change which breaks backward-compatibility should be able to | |
111 | be enabled or disabled lexically. Unless code at a given scope declares | |
112 | that it wants the new behavior, that new behavior should be disabled. | |
113 | Which backward-incompatible changes are controlled implicitly by a | |
114 | 'use v5.x.y' is a decision which should be made by the pumpking in | |
115 | consultation with the community. | |
116 | ||
117 | When a backward-incompatible change can't be toggled lexically, the decision | |
118 | to change the language must be considered very, very carefully. If it's | |
119 | possible to move the old syntax or semantics out of the core language | |
120 | and into XS-land, that XS module should be enabled by default unless | |
121 | the user declares that they want a newer revision of Perl. | |
122 | ||
123 | Historically, we've held ourselves to a far higher standard than | |
124 | backward-compatibility -- bugward-compatibility. Any accident of | |
125 | implementation or unintentional side-effect of running some bit of code | |
126 | has been considered to be a feature of the language to be defended with | |
127 | the same zeal as any other feature or functionality. No matter how | |
128 | frustrating these unintentional features may be to us as we continue | |
129 | to improve Perl, these unintentional features often deserve our | |
130 | protection. It is very important that existing software written in | |
131 | Perl continue to work correctly. If end-user developers have adopted a | |
132 | bug as a feature, we need to treat it as such. | |
133 | ||
134 | New syntax and semantics which don't break existing language constructs | |
135 | and syntax have a much lower bar. They merely need to prove themselves | |
136 | to be useful, elegant, well designed and well tested. | |
137 | ||
138 | =head2 Terminology | |
139 | ||
140 | To make sure we're talking about the same thing when we discuss the removal | |
141 | of features or functionality from the Perl core, we have specific definitions | |
142 | for a few words and phrases. | |
143 | ||
144 | =over | |
145 | ||
146 | =item experimental | |
147 | ||
148 | If something in the Perl core is marked as B<experimental>, we may change | |
149 | its behaviour, deprecate or remove it without notice. While we'll always | |
150 | do our best to smooth the transition path for users of experimental | |
151 | features, you should contact the perl5-porters mailinglist if you find | |
152 | an experimental feature useful and want to help shape its future. | |
153 | ||
154 | =item deprecated | |
155 | ||
156 | If something in the Perl core is marked as B<deprecated>, we may remove it | |
157 | from thecore in the next stable release series, though we may not. As of | |
158 | Perl 5.12, deprecated features and modules warn the user as they're used. | |
159 | If you use a deprecated feature and believe that its removal from the Perl | |
160 | core would be a mistake, please contact the perl5-porters mailinglist and | |
161 | plead your case. We don't deprecate things without a good reason, but | |
162 | sometimes there's a counterargument we haven't considered. Historically, | |
163 | we did not distinguish between "deprecated" and "discouraged" features. | |
164 | ||
165 | =item discouraged | |
166 | ||
167 | From time to time, we may mark language constructs and features which we | |
168 | consider to have been mistakes as B<discouraged>. Discouraged features | |
169 | aren't candidates for removal in the next major release series, but | |
170 | we may later deprecate them if they're found to stand in the way of a | |
171 | significant improvement to the core. | |
172 | ||
173 | =item removed | |
174 | ||
175 | Once a feature, construct or module has been marked as deprecated for a | |
176 | stable release cycle, we may remove it from the core. Unsurprisingly, | |
177 | we say we've B<removed> these things. | |
178 | ||
179 | =back | |
48cb5b3a | 180 | |
fcf56c88 JV |
181 | =head1 MAINTENANCE BRANCHES |
182 | ||
183 | =over | |
184 | ||
185 | =item * | |
186 | ||
187 | New releases of maint should contain as few changes as possible. | |
188 | If there is any question about whether a given patch might merit | |
189 | inclusion in a maint release, then it almost certainly should not | |
190 | be included. | |
191 | ||
192 | =item * | |
193 | ||
194 | Portability fixes, such as changes to Configure and the files in | |
195 | hints/ are acceptable. Ports of Perl to a new platform, architecture | |
196 | or OS release that involve changes to the implementation are NOT | |
197 | acceptable. | |
198 | ||
199 | =item * | |
200 | ||
201 | Documentation updates are acceptable. | |
202 | ||
203 | =item * | |
204 | ||
205 | Patches that add new warnings or errors or deprecate features | |
206 | are not acceptable. | |
207 | ||
208 | =item * | |
209 | ||
210 | Patches that fix crashing bugs that do not otherwise change Perl's | |
211 | functionality or negatively impact performance are acceptable. | |
212 | ||
213 | =item * | |
214 | ||
215 | Patches that fix CVEs or security issues are acceptable, but should | |
216 | be run through the perl5-security-report@perl.org mailing list | |
217 | rather than applied directly. | |
218 | ||
219 | =item * | |
220 | ||
221 | Updates to dual-life modules should consist of minimal patches to | |
222 | fix crashing or security issues (as above). | |
223 | ||
224 | =item * | |
225 | ||
27d0393b JV |
226 | Minimal patches that fix platform-specific test failures or |
227 | installation issues are acceptable. When these changes are made | |
228 | to dual-life modules for which CPAN is canonical, any changes | |
229 | should be coordinated with the upstream author. | |
230 | ||
231 | =item * | |
232 | ||
fcf56c88 JV |
233 | New versions of dual-life modules should NOT be imported into maint. |
234 | Those belong in the next stable series. | |
235 | ||
236 | =item * | |
237 | ||
238 | Patches that add or remove features are not acceptable. | |
239 | ||
240 | =item * | |
241 | ||
242 | Patches that break binary compatibility are not acceptable. (Please | |
243 | talk to a pumpking.) | |
244 | ||
245 | =back | |
246 | ||
247 | ||
248 | =head2 Getting changes into a maint branch | |
249 | ||
250 | Historically, only the pumpking cherry-picked changes from bleadperl | |
251 | into maintperl. This has...scaling problems. At the same time, | |
252 | maintenance branches of stable versions of Perl need to be treated with | |
253 | great care. To that end, we're going to try out a new process for | |
254 | maint-5.12. | |
255 | ||
256 | Any committer may cherry-pick any commit from blead to maint-5.12 if | |
257 | they send mail to perl5-porters announcing their intent to cherry-pick | |
258 | a specific commit along with a rationale for doing so and at least two | |
259 | other committers respond to the list giving their assent. (This policy | |
260 | applies to current and former pumpkings, as well as other committers.) | |
48cb5b3a JV |
261 | |
262 | =head1 CONTRIBUTED MODULES | |
263 | ||
264 | ||
265 | =head2 A Social Contract about Artistic Control | |
6ee623d5 GS |
266 | |
267 | What follows is a statement about artistic control, defined as the ability | |
268 | of authors of packages to guide the future of their code and maintain | |
269 | control over their work. It is a recognition that authors should have | |
270 | control over their work, and that it is a responsibility of the rest of | |
271 | the Perl community to ensure that they retain this control. It is an | |
272 | attempt to document the standards to which we, as Perl developers, intend | |
273 | to hold ourselves. It is an attempt to write down rough guidelines about | |
274 | the respect we owe each other as Perl developers. | |
275 | ||
276 | This statement is not a legal contract. This statement is not a legal | |
277 | document in any way, shape, or form. Perl is distributed under the GNU | |
278 | Public License and under the Artistic License; those are the precise legal | |
279 | terms. This statement isn't about the law or licenses. It's about | |
280 | community, mutual respect, trust, and good-faith cooperation. | |
281 | ||
282 | We recognize that the Perl core, defined as the software distributed with | |
283 | the heart of Perl itself, is a joint project on the part of all of us. | |
aaa2bbb1 | 284 | From time to time, a script, module, or set of modules (hereafter referred |
6ee623d5 GS |
285 | to simply as a "module") will prove so widely useful and/or so integral to |
286 | the correct functioning of Perl itself that it should be distributed with | |
287 | Perl core. This should never be done without the author's explicit | |
288 | consent, and a clear recognition on all parts that this means the module | |
289 | is being distributed under the same terms as Perl itself. A module author | |
290 | should realize that inclusion of a module into the Perl core will | |
291 | necessarily mean some loss of control over it, since changes may | |
292 | occasionally have to be made on short notice or for consistency with the | |
293 | rest of Perl. | |
294 | ||
295 | Once a module has been included in the Perl core, however, everyone | |
296 | involved in maintaining Perl should be aware that the module is still the | |
297 | property of the original author unless the original author explicitly | |
298 | gives up their ownership of it. In particular: | |
299 | ||
48cb5b3a JV |
300 | =over |
301 | ||
171407a0 JJ |
302 | =item * |
303 | ||
304 | The version of the module in the core should still be considered the | |
305 | work of the original author. All patches, bug reports, and so | |
306 | forth should be fed back to them. Their development directions | |
307 | should be respected whenever possible. | |
6ee623d5 | 308 | |
48cb5b3a JV |
309 | =item * |
310 | ||
311 | Patches may be applied by the pumpkin holder without the explicit | |
312 | cooperation of the module author if and only if they are very minor, | |
313 | time-critical in some fashion (such as urgent security fixes), or if | |
314 | the module author cannot be reached. Those patches must still be | |
315 | given back to the author when possible, and if the author decides on | |
316 | an alternate fix in their version, that fix should be strongly | |
317 | preferred unless there is a serious problem with it. Any changes not | |
318 | endorsed by the author should be marked as such, and the contributor | |
319 | of the change acknowledged. | |
320 | ||
321 | =item * | |
322 | ||
323 | The version of the module distributed with Perl should, whenever | |
324 | possible, be the latest version of the module as distributed by the | |
325 | author (the latest non-beta version in the case of public Perl | |
326 | releases), although the pumpkin holder may hold off on upgrading the | |
327 | version of the module distributed with Perl to the latest version | |
328 | until the latest version has had sufficient testing. | |
329 | ||
330 | =back | |
6ee623d5 GS |
331 | |
332 | In other words, the author of a module should be considered to have final | |
333 | say on modifications to their module whenever possible (bearing in mind | |
334 | that it's expected that everyone involved will work together and arrive at | |
335 | reasonable compromises when there are disagreements). | |
336 | ||
337 | As a last resort, however: | |
338 | ||
48cb5b3a JV |
339 | |
340 | If the author's vision of the future of their module is sufficiently | |
341 | different from the vision of the pumpkin holder and perl5-porters as a | |
342 | whole so as to cause serious problems for Perl, the pumpkin holder may | |
343 | choose to formally fork the version of the module in the core from the | |
344 | one maintained by the author. This should not be done lightly and | |
c4f5d98d | 345 | should B<always> if at all possible be done only after direct input |
48cb5b3a JV |
346 | from Larry. If this is done, it must then be made explicit in the |
347 | module as distributed with Perl core that it is a forked version and | |
348 | that while it is based on the original author's work, it is no longer | |
349 | maintained by them. This must be noted in both the documentation and | |
350 | in the comments in the source of the module. | |
6ee623d5 GS |
351 | |
352 | Again, this should be a last resort only. Ideally, this should never | |
353 | happen, and every possible effort at cooperation and compromise should be | |
354 | made before doing this. If it does prove necessary to fork a module for | |
355 | the overall health of Perl, proper credit must be given to the original | |
356 | author in perpetuity and the decision should be constantly re-evaluated to | |
357 | see if a remerging of the two branches is possible down the road. | |
358 | ||
359 | In all dealings with contributed modules, everyone maintaining Perl should | |
360 | keep in mind that the code belongs to the original author, that they may | |
361 | not be on perl5-porters at any given time, and that a patch is not | |
362 | official unless it has been integrated into the author's copy of the | |
363 | module. To aid with this, and with points #1, #2, and #3 above, contact | |
364 | information for the authors of all contributed modules should be kept with | |
365 | the Perl distribution. | |
366 | ||
367 | Finally, the Perl community as a whole recognizes that respect for | |
368 | ownership of code, respect for artistic control, proper credit, and active | |
369 | effort to prevent unintentional code skew or communication gaps is vital | |
370 | to the health of the community and Perl itself. Members of a community | |
371 | should not normally have to resort to rules and laws to deal with each | |
372 | other, and this document, although it contains rules so as to be clear, is | |
373 | about an attitude and general approach. The first step in any dispute | |
374 | should be open communication, respect for opposing views, and an attempt | |
375 | at a compromise. In nearly every circumstance nothing more will be | |
376 | necessary, and certainly no more drastic measure should be used until | |
377 | every avenue of communication and discussion has failed. | |
3c78fafa | 378 | |
70e4a83b | 379 | |
48cb5b3a JV |
380 | =head1 CREDITS |
381 | ||
76caf4b8 | 382 | Social Contract about Contributed Modules originally by Russ Allbery E<lt>rra@stanford.eduE<gt> and the perl5-porters. |
3c78fafa | 383 |