| 1 | =head1 NAME |
| 2 | |
| 3 | perlpolicy - Various and sundry policies and commitments related to the Perl core |
| 4 | |
| 5 | =head1 DESCRIPTION |
| 6 | |
| 7 | This document is the master document which records all written |
| 8 | policies about how the Perl 5 Porters collectively develop and maintain |
| 9 | the Perl core. |
| 10 | |
| 11 | =head1 GOVERNANCE |
| 12 | |
| 13 | =head2 Perl 5 Porters |
| 14 | |
| 15 | Subscribers to perl5-porters (the porters themselves) come in several flavours. |
| 16 | Some are quiet curious lurkers, who rarely pitch in and instead watch |
| 17 | the ongoing development to ensure they're forewarned of new changes or |
| 18 | features in Perl. Some are representatives of vendors, who are there |
| 19 | to make sure that Perl continues to compile and work on their |
| 20 | platforms. Some patch any reported bug that they know how to fix, |
| 21 | some are actively patching their pet area (threads, Win32, the regexp |
| 22 | -engine), while others seem to do nothing but complain. In other |
| 23 | words, it's your usual mix of technical people. |
| 24 | |
| 25 | Over this group of porters presides Larry Wall. He has the final word |
| 26 | in what does and does not change in any of the Perl programming languages. |
| 27 | These days, Larry spends most of his time on Perl 6, while Perl 5 is |
| 28 | shepherded by a "pumpking", a porter responsible for deciding what |
| 29 | goes into each release and ensuring that releases happen on a regular |
| 30 | basis. |
| 31 | |
| 32 | Larry sees Perl development along the lines of the US government: |
| 33 | there's the Legislature (the porters), the Executive branch (the |
| 34 | -pumpking), and the Supreme Court (Larry). The legislature can |
| 35 | discuss and submit patches to the executive branch all they like, but |
| 36 | the executive branch is free to veto them. Rarely, the Supreme Court |
| 37 | will side with the executive branch over the legislature, or the |
| 38 | legislature over the executive branch. Mostly, however, the |
| 39 | legislature and the executive branch are supposed to get along and |
| 40 | work out their differences without impeachment or court cases. |
| 41 | |
| 42 | You might sometimes see reference to Rule 1 and Rule 2. Larry's power |
| 43 | as Supreme Court is expressed in The Rules: |
| 44 | |
| 45 | =over 4 |
| 46 | |
| 47 | =item 1 |
| 48 | |
| 49 | Larry is always by definition right about how Perl should behave. |
| 50 | This means he has final veto power on the core functionality. |
| 51 | |
| 52 | =item 2 |
| 53 | |
| 54 | Larry is allowed to change his mind about any matter at a later date, |
| 55 | regardless of whether he previously invoked Rule 1. |
| 56 | |
| 57 | =back |
| 58 | |
| 59 | Got that? Larry is always right, even when he was wrong. It's rare |
| 60 | to see either Rule exercised, but they are often alluded to. |
| 61 | |
| 62 | =head1 MAINTENANCE AND SUPPORT |
| 63 | |
| 64 | Perl 5 is developed by a community, not a corporate entity. Every change |
| 65 | contributed to the Perl core is the result of a donation. Typically, these |
| 66 | donations are contributions of code or time by individual members of our |
| 67 | community. On occasion, these donations come in the form of corporate |
| 68 | or organizational sponsorship of a particular individual or project. |
| 69 | |
| 70 | As a volunteer organization, the commitments we make are heavily dependent |
| 71 | on the goodwill and hard work of individuals who have no obligation to |
| 72 | contribute to Perl. |
| 73 | |
| 74 | That being said, we value Perl's stability and security and have long |
| 75 | had an unwritten covenant with the broader Perl community to support |
| 76 | and maintain releases of Perl. |
| 77 | |
| 78 | This document codifies the support and maintenance commitments that |
| 79 | the Perl community should expect from Perl's developers: |
| 80 | |
| 81 | =over |
| 82 | |
| 83 | =item * |
| 84 | |
| 85 | We "officially" support the two most recent stable release series. 5.12.x |
| 86 | and earlier are now out of support. As of the release of 5.18.0, we will |
| 87 | "officially" end support for Perl 5.14.x, other than providing security |
| 88 | updates as described below. |
| 89 | |
| 90 | =item * |
| 91 | |
| 92 | To the best of our ability, we will attempt to fix critical issues |
| 93 | in the two most recent stable 5.x release series. Fixes for the |
| 94 | current release series take precedence over fixes for the previous |
| 95 | release series. |
| 96 | |
| 97 | =item * |
| 98 | |
| 99 | To the best of our ability, we will provide "critical" security patches |
| 100 | / releases for any major version of Perl whose 5.x.0 release was within |
| 101 | the past three years. We can only commit to providing these for the |
| 102 | most recent .y release in any 5.x.y series. |
| 103 | |
| 104 | =item * |
| 105 | |
| 106 | We will not provide security updates or bug fixes for development |
| 107 | releases of Perl. |
| 108 | |
| 109 | =item * |
| 110 | |
| 111 | We encourage vendors to ship the most recent supported release of |
| 112 | Perl at the time of their code freeze. |
| 113 | |
| 114 | =item * |
| 115 | |
| 116 | As a vendor, you may have a requirement to backport security fixes |
| 117 | beyond our 3 year support commitment. We can provide limited support and |
| 118 | advice to you as you do so and, where possible will try to apply |
| 119 | those patches to the relevant -maint branches in git, though we may or |
| 120 | may not choose to make numbered releases or "official" patches |
| 121 | available. Contact us at E<lt>perl5-security-report@perl.orgE<gt> |
| 122 | to begin that process. |
| 123 | |
| 124 | =back |
| 125 | |
| 126 | =head1 BACKWARD COMPATIBILITY AND DEPRECATION |
| 127 | |
| 128 | Our community has a long-held belief that backward-compatibility is a |
| 129 | virtue, even when the functionality in question is a design flaw. |
| 130 | |
| 131 | We would all love to unmake some mistakes we've made over the past |
| 132 | decades. Living with every design error we've ever made can lead |
| 133 | to painful stagnation. Unwinding our mistakes is very, very |
| 134 | difficult. Doing so without actively harming our users is |
| 135 | nearly impossible. |
| 136 | |
| 137 | Lately, ignoring or actively opposing compatibility with earlier versions |
| 138 | of Perl has come into vogue. Sometimes, a change is proposed which |
| 139 | wants to usurp syntax which previously had another meaning. Sometimes, |
| 140 | a change wants to improve previously-crazy semantics. |
| 141 | |
| 142 | Down this road lies madness. |
| 143 | |
| 144 | Requiring end-user programmers to change just a few language constructs, |
| 145 | even language constructs which no well-educated developer would ever |
| 146 | intentionally use is tantamount to saying "you should not upgrade to |
| 147 | a new release of Perl unless you have 100% test coverage and can do a |
| 148 | full manual audit of your codebase." If we were to have tools capable of |
| 149 | reliably upgrading Perl source code from one version of Perl to another, |
| 150 | this concern could be significantly mitigated. |
| 151 | |
| 152 | We want to ensure that Perl continues to grow and flourish in the coming |
| 153 | years and decades, but not at the expense of our user community. |
| 154 | |
| 155 | Existing syntax and semantics should only be marked for destruction in |
| 156 | very limited circumstances. If a given language feature's continued |
| 157 | inclusion in the language will cause significant harm to the language |
| 158 | or prevent us from making needed changes to the runtime, then it may |
| 159 | be considered for deprecation. |
| 160 | |
| 161 | Any language change which breaks backward-compatibility should be able to |
| 162 | be enabled or disabled lexically. Unless code at a given scope declares |
| 163 | that it wants the new behavior, that new behavior should be disabled. |
| 164 | Which backward-incompatible changes are controlled implicitly by a |
| 165 | 'use v5.x.y' is a decision which should be made by the pumpking in |
| 166 | consultation with the community. |
| 167 | |
| 168 | When a backward-incompatible change can't be toggled lexically, the decision |
| 169 | to change the language must be considered very, very carefully. If it's |
| 170 | possible to move the old syntax or semantics out of the core language |
| 171 | and into XS-land, that XS module should be enabled by default unless |
| 172 | the user declares that they want a newer revision of Perl. |
| 173 | |
| 174 | Historically, we've held ourselves to a far higher standard than |
| 175 | backward-compatibility -- bugward-compatibility. Any accident of |
| 176 | implementation or unintentional side-effect of running some bit of code |
| 177 | has been considered to be a feature of the language to be defended with |
| 178 | the same zeal as any other feature or functionality. No matter how |
| 179 | frustrating these unintentional features may be to us as we continue |
| 180 | to improve Perl, these unintentional features often deserve our |
| 181 | protection. It is very important that existing software written in |
| 182 | Perl continue to work correctly. If end-user developers have adopted a |
| 183 | bug as a feature, we need to treat it as such. |
| 184 | |
| 185 | New syntax and semantics which don't break existing language constructs |
| 186 | and syntax have a much lower bar. They merely need to prove themselves |
| 187 | to be useful, elegant, well designed, and well tested. |
| 188 | |
| 189 | =head2 Terminology |
| 190 | |
| 191 | To make sure we're talking about the same thing when we discuss the removal |
| 192 | of features or functionality from the Perl core, we have specific definitions |
| 193 | for a few words and phrases. |
| 194 | |
| 195 | =over |
| 196 | |
| 197 | =item experimental |
| 198 | |
| 199 | If something in the Perl core is marked as B<experimental>, we may change |
| 200 | its behaviour, deprecate or remove it without notice. While we'll always |
| 201 | do our best to smooth the transition path for users of experimental |
| 202 | features, you should contact the perl5-porters mailinglist if you find |
| 203 | an experimental feature useful and want to help shape its future. |
| 204 | |
| 205 | =item deprecated |
| 206 | |
| 207 | If something in the Perl core is marked as B<deprecated>, we may remove it |
| 208 | from the core in the next stable release series, though we may not. As of |
| 209 | Perl 5.12, deprecated features and modules warn the user as they're used. |
| 210 | When a module is deprecated, it will also be made available on CPAN. |
| 211 | Installing it from CPAN will silence deprecation warnings for that module. |
| 212 | |
| 213 | If you use a deprecated feature or module and believe that its removal from |
| 214 | the Perl core would be a mistake, please contact the perl5-porters |
| 215 | mailinglist and plead your case. We don't deprecate things without a good |
| 216 | reason, but sometimes there's a counterargument we haven't considered. |
| 217 | Historically, we did not distinguish between "deprecated" and "discouraged" |
| 218 | features. |
| 219 | |
| 220 | =item discouraged |
| 221 | |
| 222 | From time to time, we may mark language constructs and features which we |
| 223 | consider to have been mistakes as B<discouraged>. Discouraged features |
| 224 | aren't candidates for removal in the next major release series, but |
| 225 | we may later deprecate them if they're found to stand in the way of a |
| 226 | significant improvement to the Perl core. |
| 227 | |
| 228 | =item removed |
| 229 | |
| 230 | Once a feature, construct or module has been marked as deprecated for a |
| 231 | stable release cycle, we may remove it from the Perl core. Unsurprisingly, |
| 232 | we say we've B<removed> these things. When a module is removed, it will |
| 233 | no longer ship with Perl, but will continue to be available on CPAN. |
| 234 | |
| 235 | =back |
| 236 | |
| 237 | =head1 MAINTENANCE BRANCHES |
| 238 | |
| 239 | =over |
| 240 | |
| 241 | =item * |
| 242 | |
| 243 | New releases of maint should contain as few changes as possible. |
| 244 | If there is any question about whether a given patch might merit |
| 245 | inclusion in a maint release, then it almost certainly should not |
| 246 | be included. |
| 247 | |
| 248 | =item * |
| 249 | |
| 250 | Portability fixes, such as changes to Configure and the files in |
| 251 | hints/ are acceptable. Ports of Perl to a new platform, architecture |
| 252 | or OS release that involve changes to the implementation are NOT |
| 253 | acceptable. |
| 254 | |
| 255 | =item * |
| 256 | |
| 257 | Acceptable documentation updates are those that correct factual errors, |
| 258 | explain significant bugs or deficiencies in the current implementation, |
| 259 | or fix broken markup. |
| 260 | |
| 261 | =item * |
| 262 | |
| 263 | Patches that add new warnings or errors or deprecate features |
| 264 | are not acceptable. |
| 265 | |
| 266 | =item * |
| 267 | |
| 268 | Patches that fix crashing bugs that do not otherwise change Perl's |
| 269 | functionality or negatively impact performance are acceptable. |
| 270 | |
| 271 | =item * |
| 272 | |
| 273 | Patches that fix CVEs or security issues are acceptable, but should |
| 274 | be run through the perl5-security-report@perl.org mailing list |
| 275 | rather than applied directly. |
| 276 | |
| 277 | =item * |
| 278 | |
| 279 | Patches that fix regressions in perl's behavior relative to previous |
| 280 | releases are acceptable. |
| 281 | |
| 282 | =item * |
| 283 | |
| 284 | Updates to dual-life modules should consist of minimal patches to |
| 285 | fix crashing or security issues (as above). |
| 286 | |
| 287 | =item * |
| 288 | |
| 289 | Minimal patches that fix platform-specific test failures or |
| 290 | installation issues are acceptable. When these changes are made |
| 291 | to dual-life modules for which CPAN is canonical, any changes |
| 292 | should be coordinated with the upstream author. |
| 293 | |
| 294 | =item * |
| 295 | |
| 296 | New versions of dual-life modules should NOT be imported into maint. |
| 297 | Those belong in the next stable series. |
| 298 | |
| 299 | =item * |
| 300 | |
| 301 | Patches that add or remove features are not acceptable. |
| 302 | |
| 303 | =item * |
| 304 | |
| 305 | Patches that break binary compatibility are not acceptable. (Please |
| 306 | talk to a pumpking.) |
| 307 | |
| 308 | =back |
| 309 | |
| 310 | |
| 311 | =head2 Getting changes into a maint branch |
| 312 | |
| 313 | Historically, only the pumpking cherry-picked changes from bleadperl |
| 314 | into maintperl. This has scaling problems. At the same time, |
| 315 | maintenance branches of stable versions of Perl need to be treated with |
| 316 | great care. To that end, as of Perl 5.12, we have a new process for |
| 317 | maint branches. |
| 318 | |
| 319 | Any committer may cherry-pick any commit from blead to a maint branch if |
| 320 | they send mail to perl5-porters announcing their intent to cherry-pick |
| 321 | a specific commit along with a rationale for doing so and at least two |
| 322 | other committers respond to the list giving their assent. (This policy |
| 323 | applies to current and former pumpkings, as well as other committers.) |
| 324 | |
| 325 | =head1 CONTRIBUTED MODULES |
| 326 | |
| 327 | |
| 328 | =head2 A Social Contract about Artistic Control |
| 329 | |
| 330 | What follows is a statement about artistic control, defined as the ability |
| 331 | of authors of packages to guide the future of their code and maintain |
| 332 | control over their work. It is a recognition that authors should have |
| 333 | control over their work, and that it is a responsibility of the rest of |
| 334 | the Perl community to ensure that they retain this control. It is an |
| 335 | attempt to document the standards to which we, as Perl developers, intend |
| 336 | to hold ourselves. It is an attempt to write down rough guidelines about |
| 337 | the respect we owe each other as Perl developers. |
| 338 | |
| 339 | This statement is not a legal contract. This statement is not a legal |
| 340 | document in any way, shape, or form. Perl is distributed under the GNU |
| 341 | Public License and under the Artistic License; those are the precise legal |
| 342 | terms. This statement isn't about the law or licenses. It's about |
| 343 | community, mutual respect, trust, and good-faith cooperation. |
| 344 | |
| 345 | We recognize that the Perl core, defined as the software distributed with |
| 346 | the heart of Perl itself, is a joint project on the part of all of us. |
| 347 | From time to time, a script, module, or set of modules (hereafter referred |
| 348 | to simply as a "module") will prove so widely useful and/or so integral to |
| 349 | the correct functioning of Perl itself that it should be distributed with |
| 350 | the Perl core. This should never be done without the author's explicit |
| 351 | consent, and a clear recognition on all parts that this means the module |
| 352 | is being distributed under the same terms as Perl itself. A module author |
| 353 | should realize that inclusion of a module into the Perl core will |
| 354 | necessarily mean some loss of control over it, since changes may |
| 355 | occasionally have to be made on short notice or for consistency with the |
| 356 | rest of Perl. |
| 357 | |
| 358 | Once a module has been included in the Perl core, however, everyone |
| 359 | involved in maintaining Perl should be aware that the module is still the |
| 360 | property of the original author unless the original author explicitly |
| 361 | gives up their ownership of it. In particular: |
| 362 | |
| 363 | =over |
| 364 | |
| 365 | =item * |
| 366 | |
| 367 | The version of the module in the Perl core should still be considered the |
| 368 | work of the original author. All patches, bug reports, and so |
| 369 | forth should be fed back to them. Their development directions |
| 370 | should be respected whenever possible. |
| 371 | |
| 372 | =item * |
| 373 | |
| 374 | Patches may be applied by the pumpkin holder without the explicit |
| 375 | cooperation of the module author if and only if they are very minor, |
| 376 | time-critical in some fashion (such as urgent security fixes), or if |
| 377 | the module author cannot be reached. Those patches must still be |
| 378 | given back to the author when possible, and if the author decides on |
| 379 | an alternate fix in their version, that fix should be strongly |
| 380 | preferred unless there is a serious problem with it. Any changes not |
| 381 | endorsed by the author should be marked as such, and the contributor |
| 382 | of the change acknowledged. |
| 383 | |
| 384 | =item * |
| 385 | |
| 386 | The version of the module distributed with Perl should, whenever |
| 387 | possible, be the latest version of the module as distributed by the |
| 388 | author (the latest non-beta version in the case of public Perl |
| 389 | releases), although the pumpkin holder may hold off on upgrading the |
| 390 | version of the module distributed with Perl to the latest version |
| 391 | until the latest version has had sufficient testing. |
| 392 | |
| 393 | =back |
| 394 | |
| 395 | In other words, the author of a module should be considered to have final |
| 396 | say on modifications to their module whenever possible (bearing in mind |
| 397 | that it's expected that everyone involved will work together and arrive at |
| 398 | reasonable compromises when there are disagreements). |
| 399 | |
| 400 | As a last resort, however: |
| 401 | |
| 402 | |
| 403 | If the author's vision of the future of their module is sufficiently |
| 404 | different from the vision of the pumpkin holder and perl5-porters as a |
| 405 | whole so as to cause serious problems for Perl, the pumpkin holder may |
| 406 | choose to formally fork the version of the module in the Perl core from the |
| 407 | one maintained by the author. This should not be done lightly and |
| 408 | should B<always> if at all possible be done only after direct input |
| 409 | from Larry. If this is done, it must then be made explicit in the |
| 410 | module as distributed with the Perl core that it is a forked version and |
| 411 | that while it is based on the original author's work, it is no longer |
| 412 | maintained by them. This must be noted in both the documentation and |
| 413 | in the comments in the source of the module. |
| 414 | |
| 415 | Again, this should be a last resort only. Ideally, this should never |
| 416 | happen, and every possible effort at cooperation and compromise should be |
| 417 | made before doing this. If it does prove necessary to fork a module for |
| 418 | the overall health of Perl, proper credit must be given to the original |
| 419 | author in perpetuity and the decision should be constantly re-evaluated to |
| 420 | see if a remerging of the two branches is possible down the road. |
| 421 | |
| 422 | In all dealings with contributed modules, everyone maintaining Perl should |
| 423 | keep in mind that the code belongs to the original author, that they may |
| 424 | not be on perl5-porters at any given time, and that a patch is not |
| 425 | official unless it has been integrated into the author's copy of the |
| 426 | module. To aid with this, and with points #1, #2, and #3 above, contact |
| 427 | information for the authors of all contributed modules should be kept with |
| 428 | the Perl distribution. |
| 429 | |
| 430 | Finally, the Perl community as a whole recognizes that respect for |
| 431 | ownership of code, respect for artistic control, proper credit, and active |
| 432 | effort to prevent unintentional code skew or communication gaps is vital |
| 433 | to the health of the community and Perl itself. Members of a community |
| 434 | should not normally have to resort to rules and laws to deal with each |
| 435 | other, and this document, although it contains rules so as to be clear, is |
| 436 | about an attitude and general approach. The first step in any dispute |
| 437 | should be open communication, respect for opposing views, and an attempt |
| 438 | at a compromise. In nearly every circumstance nothing more will be |
| 439 | necessary, and certainly no more drastic measure should be used until |
| 440 | every avenue of communication and discussion has failed. |
| 441 | |
| 442 | |
| 443 | =head1 DOCUMENTATION |
| 444 | |
| 445 | Perl's documentation is an important resource for our users. It's |
| 446 | incredibly important for Perl's documentation to be reasonably coherent |
| 447 | and to accurately reflect the current implementation. |
| 448 | |
| 449 | Just as P5P collectively maintains the codebase, we collectively |
| 450 | maintain the documentation. Writing a particular bit of documentation |
| 451 | doesn't give an author control of the future of that documentation. |
| 452 | At the same time, just as source code changes should match the style |
| 453 | of their surrounding blocks, so should documentation changes. |
| 454 | |
| 455 | Examples in documentation should be illustrative of the concept |
| 456 | they're explaining. Sometimes, the best way to show how a |
| 457 | language feature works is with a small program the reader can |
| 458 | run without modification. More often, examples will consist |
| 459 | of a snippet of code containing only the "important" bits. |
| 460 | The definition of "important" varies from snippet to snippet. |
| 461 | Sometimes it's important to declare C<use strict> and C<use warnings>, |
| 462 | initialize all variables and fully catch every error condition. |
| 463 | More often than not, though, those things obscure the lesson |
| 464 | the example was intended to teach. |
| 465 | |
| 466 | As Perl is developed by a global team of volunteers, our |
| 467 | documentation often contains spellings which look funny |
| 468 | to I<somebody>. Choice of American/British/Other spellings |
| 469 | is left as an exercise for the author of each bit of |
| 470 | documentation. When patching documentation, try to emulate |
| 471 | the documentation around you, rather than changing the existing |
| 472 | prose. |
| 473 | |
| 474 | In general, documentation should describe what Perl does "now" rather |
| 475 | than what it used to do. It's perfectly reasonable to include notes |
| 476 | in documentation about how behaviour has changed from previous releases, |
| 477 | but, with very few exceptions, documentation isn't "dual-life" -- |
| 478 | it doesn't need to fully describe how all old versions used to work. |
| 479 | |
| 480 | |
| 481 | =head1 CREDITS |
| 482 | |
| 483 | "Social Contract about Contributed Modules" originally by Russ Allbery E<lt>rra@stanford.eduE<gt> and the perl5-porters. |
| 484 | |