From: Eric Wong Date: 2018-12-29T06:44:19+00:00 Subject: [ruby-core:90791] Re: [Ruby trunk Bug#15478] [RFC] erb: remove deprecation warnings from ERB.new takashikkbn@gmail.com wrote: > Issue #15478 has been updated by k0kubun (Takashi Kokubun). > > > > nil and 0 $SAFE is already no-op, already, right? I don't care about $SAFE, so I would expect people will pass nil or 0 when they don't care (because they need to pass the other legacy variables). > > > > > Note that we already showed this deprecation warning on warnlevel == 2 on Ruby 2.6. > > > > Yeah, so if $SAFE already warns, I don't think ERB should also need to warn. > I think you misunderstand that we're warning here only for > $SAFE deprecation. Once $SAFE is eliminated, why would we > leave the second argument for setting safe_level? Leave it as a placeholder for compatibility. > The purpose of this warning is to eliminate the second argument of > ERB.new. Passing nil and 0 will be harmful when the argument > does not exist anymore. Why would safe_level=(0|nil) ever be harmful? It's the default security level and it'll be the same when $SAFE is eliminated. Warning on safe_level=(1|2|etc) I can understand. > Also note that I actually meant that it's fine to combine > multiple warnings to one line by "Stop showing warnings for > legacy_trim_mode and legacy_eoutvar is fine", and still the > third/fourth arguments are expected to go away. No, removing any args is a bad idea because it screws up existing users and my main point. I understand $SAFE removal since it's fake security and already broken. But it's OK to ignore 0/nil. > > I hit this at: > > https://80x24.org/olddoc.git/tree/lib/oldweb.rb?h=v1.5.1#n272 > > Thanks. Shall I send a patch to fix it? Thanks, but I already had a dirty patch which I just pushed out (connection still flaky). https://80x24.org/olddoc-public/20181229061528.2858-1-e@80x24.org/ > > Most code repositories are NOT public; and we can never know > > all or even most of them. By now, I believe deprecating > > existing/stable APIs gracefully in scripting languages is > > impossible without either making users angry or wasting > > their time with churn. > > I get your point. I actually faced this by myself at my > company's private code. > > At the same time, it should be only acceptable on a major > version upgrade as long as we provide a way to gracefully > migrate from old interface to new interface and notify users > gradually. Starting from warn level 2 in Ruby 2.6, decreasing > it to 1 in Ruby 2.7, and changing the behavior on Ruby 3.0 > should be fine in that sense. Why change existing behavior at all? We can support both old and new-style kwargs without much overhead. There needs to be no breaking changes for most users, no breaking changes for Ruby 3, none for 4, etc. And 3 years deprecation is way too fast for users on LTS systems. > > If anything, such warning should go to syslog (or an out-of-the-way OS-level logging mechanism). Stderr is too annoying to ordinary users (not programmers). > > I agree that non programmers wouldn't see syslog and it would not annoy them. But do you think programmers always see syslog when they execute Ruby? I don't think so because I only see it when something strange happens. > I believe annoying users by suggesting to fix the usage first > is far better than immediately breaking it at some point with > just ArgumentError which has almost no clue to fix it > immediately. Of course we never break anything immediately. We don't need to change or break 99% of ERB use cases which never change $SAFE. Unsubscribe: