Most active commenters
  • Hizonner(4)

←back to thread

Deprecations via warnings don't work for Python libraries

(sethmlarson.dev)
45 points scolby33 | 21 comments | 08 Dec 25 18:13 UTC | HN request time: 1.475s | source | bottom
1. theamk ◴[08 Dec 25 18:24 UTC] No.46195792[source]
Deprecations via warnings don't reliably work anywhere, in general.

If you are a good developer, you'll have extensive unit test coverage and CI. You never see the unit test output (unless they fail) - so warnings go unnoticed.

If you are a bad developer, you have no idea what you are doing and you ignore all warnings unless program crashes.

replies(8): >>46196064 #>>46197215 #>>46203939 #>>46220846 #>>46221176 #>>46221435 #>>46221650 #>>46221723 #
2. SethMLarson ◴[08 Dec 25 18:46 UTC] No.46196064[source]
Author here! Agreed that are different levels of "engaged" from users, which is okay. The concerning part of this finding is that even dependent users that I know to be highly engaged didn't respond to the deprecation warnings, so they're not working for even the most engaged users.
3. eternityforest ◴[08 Dec 25 20:29 UTC] No.46197215[source]
Why is it that CI tools don't make warnings visible? Why are they ignored by default in the first place? Seems like that should be a rather high priority.
replies(3): >>46220771 #>>46220984 #>>46224332 #
4. optionalsquid ◴[09 Dec 25 11:57 UTC] No.46203939[source]
You can turn warnings into errors with the `-Werror` option. I personally use that in CI runs, along with the `-X dev` option to enable additional runtime checks. Though that wont solve the author's problem, since most Python devs don't use either of those options
replies(1): >>46224327 #
5. metadat ◴[10 Dec 25 17:40 UTC] No.46220771[source]
Most of the time they don't matter and aren't an immediate problem.

The Business doesn't care about warnings, they want working software NOW.

6. rimunroe ◴[10 Dec 25 17:45 UTC] No.46220846[source]
> If you are a good developer, you'll have extensive unit test coverage and CI. You never see the unit test output (unless they fail) - so warnings go unnoticed.

In my opinion test suites should treat any output other than the reporter saying that a test passed as a test failure. In JavaScript I usually have part of my test harness record calls to the various console methods. At the end of each test it checks to see if any calls to those methods were made, and if they were it fails the tests and logs the output. Within tests if I expect or want some code to produce a message, I wrap the invocation of that code in a helper which requires two arguments: a function to call and an expected output. If the code doesn't output a matching message, doesn't output anything, or outputs something else then the helper throws and explains what went wrong. Otherwise it just returns the result of the called function:

  let result = silenceWarning(() => user.getV1ProfileId(), /getV1ProfileId has been deprecated/);
  expect(result).toBe('foo');
This is dead simple code in most testing frameworks. It makes maintaining and working with the test suite becomes much easier as when something starts behaving differently it's immediately obvious rather than being hidden in a sea of noise. It makes working with dependencies easier because it forces you to acknowledge things like deprecation warnings when they get introduced and either solve them there or create an upgrade plan.
7. bluGill ◴[10 Dec 25 17:55 UTC] No.46220984[source]
It isn't that easy. If you have a new warning on upgrade you probably want to work on it "next week", but that means you need to ignore it for a bit. Or you might still want to support a really old version without the new API and so you can't fix it now.
replies(1): >>46221546 #
8. ploxiln ◴[10 Dec 25 18:08 UTC] No.46221176[source]
When I update python version, python packages, container image, etc for a service, I take a quick look at CI output, in addition to the all the other checks I do (like a couple basic real-world-usage end-to-end usage tests), to "smoke test" whether something not caught by outright CI failure caused some subtle problem.

So, I do often see deprecation warnings in CI output, and fix them. Am I a bad developer?

I think the mistake here is making some warnings default-hidden. The developer who cares about the user running their the app in a terminal can add a line of code to suppress them for users, and be more aware of this whole topic as a result (and have it more evident near the entrypoint of the program, for later devs to see also).

I think that making warnings error or hidden removes warnings as a useful tool.

But this is an old argument: Who should see Python warnings? (2017) https://lwn.net/Articles/740804/

9. Hizonner ◴[10 Dec 25 18:26 UTC] No.46221435[source]
If you are a good developer, you consider warnings to be errors until proven otherwise.
replies(1): >>46221912 #
10. Hizonner ◴[10 Dec 25 18:33 UTC] No.46221546{3}[source]
> If you have a new warning on upgrade you probably want to work on it "next week", but that means you need to ignore it for a bit.

So you create a bug report or an issue or a story or whatever you happen to call it, and you make sure it gets tracked, and you schedule it with the rest of your work. That's not the same thing as "ignoring" it.

replies(1): >>46221674 #
11. mrweasel ◴[10 Dec 25 18:41 UTC] No.46221650[source]
There was this one library we depended on, it was sort of in limbo during the Python 2 -> 3 migration. During that period is was maintained by this one person who'd just delete older versions when never ones became available. In one year I think we had three or four instances where our CI and unit tests just broke randomly one day, because the APIs had changed and the old version of the library had been yanked.

In hindsight it actually helped us, because in frustrations we ended up setting up our own Python package repo and started to pay more attention to our dependencies.

12. bluGill ◴[10 Dec 25 18:42 UTC] No.46221674{4}[source]
And you always have something more important/interesting to do and so never get around to it.
replies(1): >>46221705 #
13. Hizonner ◴[10 Dec 25 18:44 UTC] No.46221705{5}[source]
... which means that when the axe falls, the results are 100 percent your fault.
14. wang_li ◴[10 Dec 25 18:45 UTC] No.46221723[source]
That's why you, very early on, release code that slows the API down once it has been deprecated. Every place you issue a deprecation warning, you also sleep 60. Problem solved.
15. hiq ◴[10 Dec 25 18:58 UTC] No.46221912[source]
What does a good developer do when working in a codebase with hundreds of warnings?

Or are you only considering a certain warnings?

replies(1): >>46222489 #
16. Hizonner ◴[10 Dec 25 19:34 UTC] No.46222489{3}[source]
Why does your codebase generate hundreds of warnings, given that every time one initially appeared, you should have stamped it out (or specifically marked that one warning to be ignored)? Start with one line of code that doesn't generate a warning. Add a second line of code that doesn't generate a warning...
replies(3): >>46224192 #>>46224495 #>>46224683 #
17. stackskipton ◴[10 Dec 25 21:33 UTC] No.46224192{4}[source]
Because most people are working at Failure/Feature factories where they might work on something and at last minute, they find out something is now warning. If they work on fixing it, the PM will screaming about time slippage and be like "I want you to work on X, not Y which can wait".

2 Years later, you have hundreds of warning.

18. Y-bar ◴[10 Dec 25 21:47 UTC] No.46224327[source]
In PHP I don’t think there is a native way to convert E_DEPRECATED into E_ERROR, but the most common testing framework has a quick way of doing the same.

https://docs.phpunit.de/en/12.5/configuration.html#the-failo...

19. michaelt ◴[10 Dec 25 21:47 UTC] No.46224332[source]
> Why is it that CI tools don't make warnings visible?

A developer setting up CI decides to start an ubuntu 24.04 container and run 'apt-get install npm'

This produces 3,600 lines of logging (5.4 log lines per package, 668 packages) and 22 warnings (all warnings about man page creation being skipped)

Then they decide "Nobody's going to read all that, and the large volume might bury important information. I think I'll hide console output for processes that don't fail."

Now your CI doesn't show warnings.

20. hiq ◴[10 Dec 25 22:00 UTC] No.46224495{4}[source]
It's rare that I work on a project I myself started. If I start working on an existing codebase, the warnings might be there already. Then what do I do?

I'm also referring to all the warnings you might get if you use an existing library. If the requirements entail that I use this library, should I just silence them all?

But I'm guessing you might be talking about more specific warnings. Yes I do fix lints specific to my new code before I commit it, but a lot of warnings might still be logged at runtime, and I may have no control over them.

21. michaelt ◴[10 Dec 25 22:15 UTC] No.46224683{4}[source]
> Why does your codebase generate hundreds of warnings

Well, it wasn't my codebase yesterday, because I didn't work here.

Today I do. When I build, I get reports of "pkg_resources is deprecated as an API" and "Tesla T4 does not support bfloat16 compilation natively" and "warning: skip creation of /usr/share/man/man1/open.1.gz because associated file /usr/share/man/man1/xdg-open.1.gz (of link group open) doesn't exist" and "datetime.utcnow() is deprecated and scheduled for removal in a future version"

The person onboarding me tells me those warnings are because of "dependencies" and that I should ignore them.