Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SemVer 2.0 - improve messaging for SemVer 2.0 upload and packages page #4215

Closed
skofman1 opened this issue Jun 16, 2017 · 7 comments
Closed

Comments

@skofman1
Copy link
Contributor

skofman1 commented Jun 16, 2017

Exact messages will be provided by @anangaur
Edit: Proving the details:

Problem
SemVer 2.0 packages will not be visible from legacy clients (i.e clients before NuGet 4.3 release). In order to make sure that publishers are aware that they are about to publish a SemVer 2 package, they should be warned appropriately so that this is a conscious decision and not an inadvertent one.

Read more on Identifying SemVer v2.0.0 Packages

One of the concerns is that a build metadata (e.g. 2.1.0**+buildmetadata**) also constitutes a Semver 2 version though this build metadata does not form the identity of the package.

Solution
The idea here is to warn enough at the client (NuGet/Home#5493) and on the NuGet.org server (this issue) when there is an intent or when the package is published.

Following is the list of cases and NuGet should identify to determine a SemVer 2 package and corresponding warning messages NuGet should output:
Case 1: Package has prerelease SemVer 2 versioning
Warning1:
Title: This package has a SemVer2 package version
Message: This package will only be available to download with SemVer2 compatible NuGet clients, such as Visual Studio 2017 (version 15.3) and above or NuGet client 4.3 and above. Read more

Case 2: Package has a non-semver2 version, but is considered semver2 due to a dependency declaration
Warning2
Title: This package is considered a SemVer2 package as it has dependency on SemVer2 package(s)
Message: This package will only be available to download with SemVer2 compatible NuGet clients, such as Visual Studio 2017 (version 15.3) and above or NuGet client 4.3 and above. Read more

Case 3: Package has dependecy declared as SemVer 1 but the available dependency matching default dependency resolution Lowest itself is SemVer 2 (due to build metadata)
Warning2 as described above.

NuGet Server should warn for the above scenarios during:

  1. Package upload - Verify step
  2. Package page
@xavierdecoster
Copy link
Member

Proposal: the message should be in your face right next to the submit button on the VerifyPackage page.
Awaiting the final message, here's a suggestion.

When a package has a semver2 version itself:

image

When a package has a non-semver2 version, but is considered semver2 due to a dependency declaration:

image

@agr agr mentioned this issue Jun 26, 2017
19 tasks
@anangaur
Copy link
Member

Provided the scenarios we should warn for and the error messages.

@xavierdecoster
Copy link
Member

xavierdecoster commented Jun 27, 2017

I do want to point out that none of the server APIs are considering the package to be SemVer 2.0.0 in Case 3.

These packages are not considered to be SemVer 2.0.0 and e.g. NOT HIDDEN on V2 OData endpoints, as all we check is the package's nuspec manifest.

This is one of the edge cases described in the non-goals (paragraph 2) that may lead to (gracefully handled) restore failures on non-SemVer2 compatible clients.

@xavierdecoster
Copy link
Member

Updated screenshots (including fwlink).

Case 1

image

Case 2

image

@anangaur anangaur changed the title SemVer 2.0 - improve messaging for SemVer 2.0 upload SemVer 2.0 - improve messaging for SemVer 2.0 upload and packages page Jun 27, 2017
@anangaur
Copy link
Member

@xavierdecoster: What does 'gracefully handled' mean?
I am guessing the restore will fail as it would not be able to find the dependency package version (SemVer2 due to build metadata). So user goes to this package version on NuGet.org to find out it is SemVer 2 package and hence needs the latest client?

Also if the publisher releases a newer non SemVer 2 version of the package, then the restore would continue with warning. Right?

@xavierdecoster
Copy link
Member

xavierdecoster commented Jun 27, 2017

Gracefully handled indeed means: it won't crash, and be treated as a package not found causing restore failure.

Once a newer non SemVer2 version of the dependency is made available, restore will just work (given the newer version does not violate the upper-bound of the dependency version range of course).

@anangaur
Copy link
Member

Pending documentation the message link points to: https://github.com/NuGet/docs.microsoft.com-nuget/issues/376

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants