pyca/cryptography and the Cult of Wishful Thinking
Hello friend!
Welcome to the first issue of Hynek Did Something and thank you so much for participating in my little experiment! ❤️ The perspective of being able to send out the first issue may or may not have helped to motivate me to finish the draft. 😇
And this draft is both about a pet peeve of mine, and goes way back! Almost a year ago on April 25th 2020 (or how I like to call it: March 56th 2020) I let myself rope into giving a talk at Python Pizza Remote and I used it to explain why I think that Semantic Versioning is not a good fit for most projects. They haven’t published the videos yet, so there’s not talk page about it. But I’ve always considered to write it down as a blog post.
Fast forward February 2021. pyca/cryptography – a project I remain loosely involved with – switches to Rust to improve their long-term security. The loud demands both on the bug thread and in the comments all over the Internet reminded me of that draft in my drawer. It also reminded me that most of my arguments tend to be towards maintainers.
But one of the reasons maintainers pick up SemVer in the first place is because they are told so and I’ve had my own fair share of discussions with entitled users.
This brings me to why I blog. There’s usually two reasons:
- I need a cheatsheet for myself (like the recent Lie vs Lay or Waiting in asyncio that has become a traffic evergreen).
- Write something down, that I have to repeat again and again (How I Stopped Worrying and Started Loving PyLadies comes to mind).
Obviously, it’s time for the latter.
So please enjoy (and share ❤️) my latest opus:
Semantic Versioning Will Not Save You
A summary of why it’s in the interest of the users to ignore version schemes of third party dependencies.
My hope is that not only people will chill out a bit (who am I kidding), but to provide tired maintainers with a link that they just can paste and close a tab.
As I've mentioned on Twitter, this newsletter is an experiment to publish my work without relying on the magnanimity of The Algorithms™ (yes, I'm shamelessly ripping off CGP Grey – my favorite stick figure), while being able to contextualize it and get into a dialogue with my readers (feel free to just hit reply for feedback including typos!). Therefore, if you enjoy what you're reading right now, it would be great if you could help me spreading the word! Every new subscriber makes it more likely that I keep doing this.
Also a big thanks to everybody who decided to support me financially, it means the world to me! ❤️
Until the next time I’ll do something!
Best,
—h
P.S. If you want another thoughtful take on the pyca/cryptography disaster through a different lens, I recommend Weird architectures weren't supported to begin with by William Woodruff.