3 perlpolicy - Various and sundry policies and commitments related to the perl core
7 This document is the master document which records all written
8 policies about how the Perl 5 Porters collectively develop and maintain
11 =head1 MAINTENANCE AND SUPPORT
13 Perl 5 is developed by a community, not a corporate entity. Every change
14 contributed to the Perl core is the result of a donation. Typically, these
15 donations are contributions of code or time by individual members of our
16 community. On occasion, these donations come in the form of corporate
17 or organizational sponsorship of a particular individual or project.
19 As a volunteer organization, the commitments we make are heavily dependent
20 on the goodwill and hard work of individuals who have no obligation to
23 That being said, we value Perl's stabilty and security and have long
24 had an unwritten covenant with the broader Perl community to support
25 and maintain releases of Perl.
27 This document codifies the support and maintenance commitments that
28 the Perl community should expect from Perl's developers:
34 We "officially" support the two most recent stable release
35 series'. As of the release of 5.14.0, we will "officially"
36 end support for Perl 5.10, other than providing security
37 updates as described below.
41 To the best of our ability, we will attempt to fix critical issues
42 in the two most recent stable 5.x release series'. Fixes for the
43 current release series take precedence over fixes for the previous
48 To the best of our ability, we will provide "critical" security patches
49 / releases for any major version of Perl initially released within the
50 past three years. We can only commit to providing these for the most
51 recent .y release in any 5.x.y series.
55 We will not provide security updates or bug fixes for development
60 We encourage vendors to ship the most recent supported release of
61 Perl at the time of their code freeze.
65 As a vendor, you may have a requirement to backport security fixes
66 beyond our 3 year support commitment. We can provide limited support and
67 advice to you as you do so and, where possible will try to apply
68 those patches to the relevant -maint branches in git, though we may or
69 may not choose to make numbered releases or "official" patches
70 available. Contact us at E<lt>perl5-security-report@perl.orgE<gt>
71 to begin that process.
75 =head1 BACKWARD COMPATIBILITY AND DEPRECATION
77 Our community has a long-held belief that backward-compatibility is a
78 virtue, even when the functionality in question is a design flaw.
80 We would all love to unmake some mistakes we've made over the past
81 decades. Living with every design error we've ever made can lead
82 to painful stagnation. Unwinding our mistakes is very, very
83 difficult. Doing so without actively harming our users is
86 Lately, ignoring or actively opposing compatibility with earlier versions
87 of Perl has come into vogue. Sometimes, a change is proposed which
88 wants to usurp syntax which previously had another meaning. Sometimes,
89 a change wants to improve previously-crazy semantics.
91 Down this road lies madness.
93 Requiring end-user programmers to change just a few language constructs,
94 even language constructs which no well-educated developer would ever
95 intentionally use is tantamount to saying "you should not upgrade to
96 a new release of Perl unless you have 100% test coverage and can do a
97 full manual audit of your codebase." If we were to have tools capable of
98 reliably upgrading Perl source code from one version of Perl to another,
99 this concern could be significantly mitigated.
101 We want to ensure that Perl continues to grow and flourish in the coming
102 years and decades, but not at the expense of our user community.
104 Existing syntax and semantics should only be marked for destruction in
105 very limited circumstances. If a given language feature's continued
106 inclusion in the language will cause significant harm to the language
107 or prevent us from making needed changes to the runtime, then it may
108 be considered for deprecation.
110 Any language change which breaks backward-compatibility should be able to
111 be enabled or disabled lexically. Unless code at a given scope declares
112 that it wants the new behavior, that new behavior should be disabled.
113 Which backward-incompatible changes are controlled implicitly by a
114 'use v5.x.y' is a decision which should be made by the pumpking in
115 consultation with the community.
117 When a backward-incompatible change can't be toggled lexically, the decision
118 to change the language must be considered very, very carefully. If it's
119 possible to move the old syntax or semantics out of the core language
120 and into XS-land, that XS module should be enabled by default unless
121 the user declares that they want a newer revision of Perl.
123 Historically, we've held ourselves to a far higher standard than
124 backward-compatibility -- bugward-compatibility. Any accident of
125 implementation or unintentional side-effect of running some bit of code
126 has been considered to be a feature of the language to be defended with
127 the same zeal as any other feature or functionality. No matter how
128 frustrating these unintentional features may be to us as we continue
129 to improve Perl, these unintentional features often deserve our
130 protection. It is very important that existing software written in
131 Perl continue to work correctly. If end-user developers have adopted a
132 bug as a feature, we need to treat it as such.
134 New syntax and semantics which don't break existing language constructs
135 and syntax have a much lower bar. They merely need to prove themselves
136 to be useful, elegant, well designed and well tested.
140 To make sure we're talking about the same thing when we discuss the removal
141 of features or functionality from the Perl core, we have specific definitions
142 for a few words and phrases.
148 If something in the Perl core is marked as B<experimental>, we may change
149 its behaviour, deprecate or remove it without notice. While we'll always
150 do our best to smooth the transition path for users of experimental
151 features, you should contact the perl5-porters mailinglist if you find
152 an experimental feature useful and want to help shape its future.
156 If something in the Perl core is marked as B<deprecated>, we may remove it
157 from thecore in the next stable release series, though we may not. As of
158 Perl 5.12, deprecated features and modules warn the user as they're used.
159 If you use a deprecated feature and believe that its removal from the Perl
160 core would be a mistake, please contact the perl5-porters mailinglist and
161 plead your case. We don't deprecate things without a good reason, but
162 sometimes there's a counterargument we haven't considered. Historically,
163 we did not distinguish between "deprecated" and "discouraged" features.
167 From time to time, we may mark language constructs and features which we
168 consider to have been mistakes as B<discouraged>. Discouraged features
169 aren't candidates for removal in the next major release series, but
170 we may later deprecate them if they're found to stand in the way of a
171 significant improvement to the core.
175 Once a feature, construct or module has been marked as deprecated for a
176 stable release cycle, we may remove it from the core. Unsurprisingly,
177 we say we've B<removed> these things.
181 =head1 MAINTENANCE BRANCHES
187 New releases of maint should contain as few changes as possible.
188 If there is any question about whether a given patch might merit
189 inclusion in a maint release, then it almost certainly should not
194 Portability fixes, such as changes to Configure and the files in
195 hints/ are acceptable. Ports of Perl to a new platform, architecture
196 or OS release that involve changes to the implementation are NOT
201 Documentation updates are acceptable.
205 Patches that add new warnings or errors or deprecate features
210 Patches that fix crashing bugs that do not otherwise change Perl's
211 functionality or negatively impact performance are acceptable.
215 Patches that fix CVEs or security issues are acceptable, but should
216 be run through the perl5-security-report@perl.org mailing list
217 rather than applied directly.
221 Updates to dual-life modules should consist of minimal patches to
222 fix crashing or security issues (as above).
226 Minimal patches that fix platform-specific test failures or
227 installation issues are acceptable. When these changes are made
228 to dual-life modules for which CPAN is canonical, any changes
229 should be coordinated with the upstream author.
233 New versions of dual-life modules should NOT be imported into maint.
234 Those belong in the next stable series.
238 Patches that add or remove features are not acceptable.
242 Patches that break binary compatibility are not acceptable. (Please
248 =head2 Getting changes into a maint branch
250 Historically, only the pumpking cherry-picked changes from bleadperl
251 into maintperl. This has...scaling problems. At the same time,
252 maintenance branches of stable versions of Perl need to be treated with
253 great care. To that end, we're going to try out a new process for
256 Any committer may cherry-pick any commit from blead to maint-5.12 if
257 they send mail to perl5-porters announcing their intent to cherry-pick
258 a specific commit along with a rationale for doing so and at least two
259 other committers respond to the list giving their assent. (This policy
260 applies to current and former pumpkings, as well as other committers.)
262 =head1 CONTRIBUTED MODULES
265 =head2 A Social Contract about Artistic Control
267 What follows is a statement about artistic control, defined as the ability
268 of authors of packages to guide the future of their code and maintain
269 control over their work. It is a recognition that authors should have
270 control over their work, and that it is a responsibility of the rest of
271 the Perl community to ensure that they retain this control. It is an
272 attempt to document the standards to which we, as Perl developers, intend
273 to hold ourselves. It is an attempt to write down rough guidelines about
274 the respect we owe each other as Perl developers.
276 This statement is not a legal contract. This statement is not a legal
277 document in any way, shape, or form. Perl is distributed under the GNU
278 Public License and under the Artistic License; those are the precise legal
279 terms. This statement isn't about the law or licenses. It's about
280 community, mutual respect, trust, and good-faith cooperation.
282 We recognize that the Perl core, defined as the software distributed with
283 the heart of Perl itself, is a joint project on the part of all of us.
284 From time to time, a script, module, or set of modules (hereafter referred
285 to simply as a "module") will prove so widely useful and/or so integral to
286 the correct functioning of Perl itself that it should be distributed with
287 Perl core. This should never be done without the author's explicit
288 consent, and a clear recognition on all parts that this means the module
289 is being distributed under the same terms as Perl itself. A module author
290 should realize that inclusion of a module into the Perl core will
291 necessarily mean some loss of control over it, since changes may
292 occasionally have to be made on short notice or for consistency with the
295 Once a module has been included in the Perl core, however, everyone
296 involved in maintaining Perl should be aware that the module is still the
297 property of the original author unless the original author explicitly
298 gives up their ownership of it. In particular:
304 The version of the module in the core should still be considered the
305 work of the original author. All patches, bug reports, and so
306 forth should be fed back to them. Their development directions
307 should be respected whenever possible.
311 Patches may be applied by the pumpkin holder without the explicit
312 cooperation of the module author if and only if they are very minor,
313 time-critical in some fashion (such as urgent security fixes), or if
314 the module author cannot be reached. Those patches must still be
315 given back to the author when possible, and if the author decides on
316 an alternate fix in their version, that fix should be strongly
317 preferred unless there is a serious problem with it. Any changes not
318 endorsed by the author should be marked as such, and the contributor
319 of the change acknowledged.
323 The version of the module distributed with Perl should, whenever
324 possible, be the latest version of the module as distributed by the
325 author (the latest non-beta version in the case of public Perl
326 releases), although the pumpkin holder may hold off on upgrading the
327 version of the module distributed with Perl to the latest version
328 until the latest version has had sufficient testing.
332 In other words, the author of a module should be considered to have final
333 say on modifications to their module whenever possible (bearing in mind
334 that it's expected that everyone involved will work together and arrive at
335 reasonable compromises when there are disagreements).
337 As a last resort, however:
340 If the author's vision of the future of their module is sufficiently
341 different from the vision of the pumpkin holder and perl5-porters as a
342 whole so as to cause serious problems for Perl, the pumpkin holder may
343 choose to formally fork the version of the module in the core from the
344 one maintained by the author. This should not be done lightly and
345 should B<always> if at all possible be done only after direct input
346 from Larry. If this is done, it must then be made explicit in the
347 module as distributed with Perl core that it is a forked version and
348 that while it is based on the original author's work, it is no longer
349 maintained by them. This must be noted in both the documentation and
350 in the comments in the source of the module.
352 Again, this should be a last resort only. Ideally, this should never
353 happen, and every possible effort at cooperation and compromise should be
354 made before doing this. If it does prove necessary to fork a module for
355 the overall health of Perl, proper credit must be given to the original
356 author in perpetuity and the decision should be constantly re-evaluated to
357 see if a remerging of the two branches is possible down the road.
359 In all dealings with contributed modules, everyone maintaining Perl should
360 keep in mind that the code belongs to the original author, that they may
361 not be on perl5-porters at any given time, and that a patch is not
362 official unless it has been integrated into the author's copy of the
363 module. To aid with this, and with points #1, #2, and #3 above, contact
364 information for the authors of all contributed modules should be kept with
365 the Perl distribution.
367 Finally, the Perl community as a whole recognizes that respect for
368 ownership of code, respect for artistic control, proper credit, and active
369 effort to prevent unintentional code skew or communication gaps is vital
370 to the health of the community and Perl itself. Members of a community
371 should not normally have to resort to rules and laws to deal with each
372 other, and this document, although it contains rules so as to be clear, is
373 about an attitude and general approach. The first step in any dispute
374 should be open communication, respect for opposing views, and an attempt
375 at a compromise. In nearly every circumstance nothing more will be
376 necessary, and certainly no more drastic measure should be used until
377 every avenue of communication and discussion has failed.
382 Social Contract about Contributed Modules originally by Russ Allbery E<lt>rra@stanford.eduE<gt> and the perl5-porters.
https://perl5.git.perl.org / perl5.git / blob