英文:
Difference between Deprecate and retract?
问题
今天我升级到了Go 1.17版本。在https://golang.org/doc/go1.17的发布说明中提到了这个新功能:
> 模块作者可以通过在go.mod文件中添加// Deprecated:注释来弃用一个模块。
我知道从Go 1.16开始,go.mod文件可以使用retract
指令来撤销一个模块版本或多个版本。
新的// Deprecated
注释的用法类似于retract
。请问你能正式解释一下我应该在什么情况下使用// Deprecated
,以及何时使用retract
吗?
英文:
Today I upgraded to Go 1.17. The release notes at https://golang.org/doc/go1.17 talk about this new feature:
> Module authors may deprecate a module by adding a // Deprecated: comment to go.mod
I know from Go 1.16 that go.mod file can specify a retract
directive and retract a module version, or more versions.
The usage of the new // Deprecated
comment is similar to retract
. Please can you formally explain when I should use // Deprecate
and when retract
?
答案1
得分: 7
你应该使用// Deprecated: comment
来表示你不再支持一个主要版本。例如,你发布了v2.0.0
,并且不打算再对v1.0.0
进行开发。v1.0.0
可能仍然按预期工作,但可能缺少你只打算添加到v2.0.0
的许多新功能。
retract
可以用来标记一个可能包含严重错误或漏洞的次要或修补版本(或包含在[ ]
中的版本范围),并且不应该使用它们。例如,你可能发布了v1.2.0
,两天后有人发现了一个安全漏洞。你可以修改go.mod
,在版本v1.2.0
上添加retract
,并将此添加标记为v1.2.1
:
retract (
v1.2.0 // 发现安全漏洞。
v1.2.1 // 仅包含撤回。
[v3.0.0, v3.9.9] // 撤回所有v3版本
)
这将通知go
工具不要升级到v1.2.0
或v1.2.1
(例如,当你使用go get example.com/m@latest
指令更新到最新版本时)。当你修复问题并发布v1.2.2
时,go get example.com/m@latest
将更新到v1.2.2
。
引用自Go Modules参考文档:Deprecation(弃用)
> 弃用消息旨在通知用户该模块不再受支持,并提供迁移说明,例如,迁移到最新的主要版本。无法弃用单个次要和修补版本;retract
(撤回)可能更适合此用途。
引用自retract
指令
> retract
指令表示不应依赖于go.mod
定义的模块的某个版本或版本范围。当一个版本过早发布或在发布后发现了严重问题时,retract
指令非常有用。撤回的版本应该保留在版本控制存储库和模块代理上,以确保依赖于它们的构建不会中断。
英文:
You should use // Deprecated: comment
to indicate you don't support a major version anymore. For example you released v2.0.0
, and you don't intend to work on v1.0.0
anymore. v1.0.0
may still work as intended, but it may lack many new features you only intend to add to v2.0.0
.
retract
can be used to mark a minor or patch version (or a range of versions enclosed in [ ]
) that may contain a severe bug or vulnerability and they should not be used. For example you may release v1.2.0
and 2 days later someone discovers a security vulnerability in it. You may modify go.mod
to add retract
to version v1.2.0
, and mark this addition as v1.2.1
:
retract (
v1.2.0 // Security vulnerability discovered.
v1.2.1 // Contains retractions only.
[v3.0.0, v3.9.9] // Retract all from v3
)
This will inform the go
tool not to upgrade to v1.2.0
nor to v1.2.1
(e.g. when you instruct to update to the latest version with go get example.com/m@latest
). When you fixed the issue and release v1.2.2
, go get example.com/m@latest
will update to v1.2.2
.
Quoting from Go Modules Reference: Deprecation:
> Deprecation messages are intended to inform users that the module is no longer supported and to provide migration instructions, for example, to the latest major version. Individual minor and patch versions cannot be deprecated; retract
may be more appropriate for that.
And quoting from retract
directive:
> A retract
directive indicates that a version or range of versions of the module defined by go.mod
should not be depended upon. A retract
directive is useful when a version was published prematurely or a severe problem was discovered after the version was published. Retracted versions should remain available in version control repositories and on module proxies to ensure that builds that depend on them are not broken.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论