Feature: Module Lifecycle and Experimental/Deprecated Features #3910
Conversation
There was a problem hiding this comment.
One thing I’m not completely sure about - and this is a policy issue related to how we’ll use this, rather than the change itself - previously (or since 2.0.0, anyway) there was a clear distinction about when any functionality could be removed, namely in a new major version. Consider we introduce experimental module X, then decide it doesn’t work out. What is the procedure for making it clear this is something that “was” experimental, but is going to be removed soon? We can’t mark it as deprecated - that causes it to start building by default! I guess under this contract we can just yank it without notice. I suppose this can be decided on a case by case basis as we go forward.
Please update sem_ver.rst to make it clear experimental features are not covered by any SemVer guarantee. Otherwise lgtm.
Mhm, fair point. But frankly, another state (e.g. "deprecated experimental") feels somewhat overkill for this use case. At least for adding it right now. In any case, if we'd really need such a lifecycle state for some module in the future, we could always just add it to the build system later on. Regarding communication: We could make it a policy to open a discussion on GitHub about every experimental feature. This could be used for early feedback and also as a platform for the deprecation notice. To make this discoverable, we might even add another entry to the I would consider that future-work, though. |
The new configuration switches --enable/disable-deprecated-features and --enable/disable-experimental-features define the C macros BOTAN_DISABLE_DEPRECATED_FEATURES and BOTAN_ENABLE_EXPERIMENTAL_FEATURES. There are currently no code-locations that actually react to these.
Modules may now be marked as 'Deprecated' or 'Experimental' in their <module_info> section. When configuring a build with either of them, a warning will be issued in the output of ./configure.py. Experimental modules won't be built by default and may be enabled either explicitly via --enable-modules or globally (all-at-once) with --enable-experimental-features. Deprecated modules are built by default but are scheduled for removal in a future release of the library.
reneme
force-pushed
the
feature/module_lifecycle
branch
from
702188c
to
5269469
Compare
Done. Ready for merge from my side. |
In #3910 we introduced a nice way of marking specific modules as deprecated. However this change did not set the lifecycles of any specific modules. Additionally, officially deprecate the TPM support which is pretty obsolete and these days not well tested. (GH #3877) Mark various headers and classes that are entirely deprecated as such to provide some additional compile time warning for users.
In #3910 we introduced a nice way of marking specific modules as deprecated. However this change did not set the lifecycles of any specific modules. Additionally, officially deprecate the TPM support which is pretty obsolete and these days not well tested. (GH #3877) Mark various headers and classes that are entirely deprecated as such to provide some additional compile time warning for users.
This aims at implementing the suggestions in #3110 and #3853. Namely, it introduces a "lifecycle" to Botan's module system. In their
info.txtfile, individual modules may be flagged as "Experimental" or "Deprecated" ("Stable" is the default), like so:Lifecycle
./configure.pywill subtly warn about the deprecated modules that go into the build../configure.pywarns about any experimental modules that go into the build.Configuration
This adds a few switches to
./configure.pyto handle modules (and features) that are not "Stable":--enable-experimental-featuresdefinesBOTAN_ENABLE_EXPERIMENTAL_FEATURESin the code base and enables all experimental modules.--disable-experimental-features(the default)--enable-deprecated-features(the default)--disable-deprecated-featuresdefinesBOTAN_DISABLE_DEPRECATED_FEATURESin the code base and disables all deprecated modulesAdditionally, the default build behaviour of experimental and deprecated modules may be explicitly changed using
--enable-modules=MODSand--disable-modules=MODS.Dependants of a disabled experimental/deprecated module won't be built (due to dependency failure), but they won't be transitively marked as experimental/deprecated. Library maintainers have to keep this in mind when changing modules' life cycle state.
Usage
This just introduces the feature but does not mark any modules/features as deprecated or experimental. A good first candidate for "experimental" might be ML-KEM-ipd (#3893). In retrospect, TLS with hybrid PQ/T key exchange (#3609) would have been a good candidate for an experimental module. Soon, Kyber 90s could become the first "deprecated" module: #3807 (comment).
Also, the macros
BOTAN_ENABLE_EXPERIMENTAL_FEATURESandBOTAN_DISABLE_DEPRECATED_FEATURESare just introduced but not used, yet. For instance, GCM tags with just 64bits could become a deprecated feature (that is not a full module) at one point.Documentation
The new switches and the life cycle states are mentioned in the relevant locations of the handbook. Also, the generated Doxygen pages for the modules contain information about the module's life cycle status, if they are not "Stable", like so: