Difference between Deprecate and retract?

huangapple go评论98阅读模式
英文:

Difference between Deprecate and retract?

问题

今天我升级到了Go 1.17版本。在https://golang.org/doc/go1.17的发布说明中提到了这个新功能:

> 模块作者可以通过在go.mod文件中添加// Deprecated:注释来弃用一个模块。

我知道从Go 1.16开始,go.mod文件可以使用retract指令来撤销一个模块版本或多个版本。

新的// Deprecated注释的用法类似于retract。请问你能正式解释一下我应该在什么情况下使用// Deprecated,以及何时使用retract吗?

英文:

Today I upgraded to Go 1.17. The release notes at https://golang.org/doc/go1.17 talk about this new feature:

> Module authors may deprecate a module by adding a // Deprecated: comment to go.mod

I know from Go 1.16 that go.mod file can specify a retract directive and retract a module version, or more versions.

The usage of the new // Deprecated comment is similar to retract. Please can you formally explain when I should use // Deprecate and when retract?

答案1

得分: 7

你应该使用// Deprecated: comment来表示你不再支持一个主要版本。例如,你发布了v2.0.0,并且不打算再对v1.0.0进行开发。v1.0.0可能仍然按预期工作,但可能缺少你只打算添加到v2.0.0的许多新功能。

retract可以用来标记一个可能包含严重错误或漏洞的次要或修补版本(或包含在[ ]中的版本范围),并且不应该使用它们。例如,你可能发布了v1.2.0,两天后有人发现了一个安全漏洞。你可以修改go.mod,在版本v1.2.0上添加retract,并将此添加标记为v1.2.1

retract (
    v1.2.0 // 发现安全漏洞。
    v1.2.1 // 仅包含撤回。
    [v3.0.0, v3.9.9] // 撤回所有v3版本
)

这将通知go工具不要升级到v1.2.0v1.2.1(例如,当你使用go get example.com/m@latest指令更新到最新版本时)。当你修复问题并发布v1.2.2时,go get example.com/m@latest将更新到v1.2.2


引用自Go Modules参考文档:Deprecation(弃用)

> 弃用消息旨在通知用户该模块不再受支持,并提供迁移说明,例如,迁移到最新的主要版本。无法弃用单个次要和修补版本;retract(撤回)可能更适合此用途。

引用自retract指令

> retract指令表示不应依赖于go.mod定义的模块的某个版本或版本范围。当一个版本过早发布或在发布后发现了严重问题时,retract指令非常有用。撤回的版本应该保留在版本控制存储库和模块代理上,以确保依赖于它们的构建不会中断。

英文:

You should use // Deprecated: comment to indicate you don't support a major version anymore. For example you released v2.0.0, and you don't intend to work on v1.0.0 anymore. v1.0.0 may still work as intended, but it may lack many new features you only intend to add to v2.0.0.

retract can be used to mark a minor or patch version (or a range of versions enclosed in [ ]) that may contain a severe bug or vulnerability and they should not be used. For example you may release v1.2.0 and 2 days later someone discovers a security vulnerability in it. You may modify go.mod to add retract to version v1.2.0, and mark this addition as v1.2.1:

retract (
    v1.2.0 // Security vulnerability discovered.
    v1.2.1 // Contains retractions only.
    [v3.0.0, v3.9.9] // Retract all from v3
)

This will inform the go tool not to upgrade to v1.2.0 nor to v1.2.1 (e.g. when you instruct to update to the latest version with go get example.com/m@latest). When you fixed the issue and release v1.2.2, go get example.com/m@latest will update to v1.2.2.


Quoting from Go Modules Reference: Deprecation:

> Deprecation messages are intended to inform users that the module is no longer supported and to provide migration instructions, for example, to the latest major version. Individual minor and patch versions cannot be deprecated; retract may be more appropriate for that.

And quoting from retract directive:

> A retract directive indicates that a version or range of versions of the module defined by go.mod should not be depended upon. A retract directive is useful when a version was published prematurely or a severe problem was discovered after the version was published. Retracted versions should remain available in version control repositories and on module proxies to ensure that builds that depend on them are not broken.

huangapple
  • 本文由 发表于 2021年8月30日 04:07:44
  • 转载请务必保留本文链接:https://go.coder-hub.com/68976516.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定