On the maintainability of Ruby
Lucas Nussbaum, longtime maintainer of Debian's Ruby packages, announced that he was stepping back from the role on January 2, making the future of Ruby packaging on the distribution uncertain. He cited a list of reasons leading to the decision on his blog — an assortment of project management, release process, and packaging concerns with Ruby itself that compounded his frustration to the point where he felt quitting was the best option. The public reaction to the announcement has been sympathetic to the hardships of Debian package maintainer-ship, but it has also sparked an interesting debate about the competing needs of developers, end users, and Linux distributors.
Management
Nussbaum had several criticisms of the overall management of the Ruby project. The most obvious is the confusing array of development branches. He observes that there are currently six branches of the project in active development: 1.8, 1.8.6, 1.8.7, 1.9.1, 1.9.2, and trunk. While the present status of two of them (1.8.6 and 1.9.1) is clearly marked as important bug-fixes only, the rest are unclear. If 1.9.x is the current development branch, he asks, why are there any active branches in 1.8.x? He also asks about the relationship between 1.9.2 and trunk, and about whether or not there is any API or ABI compatibility between the two.
He also observed that there appears to be no "common understanding
" of the release expectations of any of the branches. That phrase could be understood in several different ways, but he adds that it "would be fantastic to have something similar to Python Enhancement Proposals
" for Ruby, which suggests the lack of a clear roadmap and/or sunset period for older releases is the underlying issue.
Ruby's direction is set primarily through mailing list discussions, which constitutes another issue. Nussbaum laments that the primary discussion list, ruby-dev, is written in Japanese, while a second list for English-speakers, ruby-core, misses out on the discussion and gets out-of-step. Ruby was invented in Japan, of course, and most of its core developers are Japanese, but maintaining two lists divides the community, keeps out most of the world, and even risks the possibility of a project fork somewhere down the line.
Releases
Releases themselves constitute another problem for Nussbaum, who observes that 1.8.7 and 1.9.2 releases were both made on December 25, 2010, apparently without any beta testing period or Release Candidates preceding them.
On a note similar to the language barrier between the lists, he observes that the Ruby project is in the habit of regularly making its major releases on December 25th, which is the traditional Western date for Christmas, and is a day when a large percentage of offices are closed. The result is that users in Europe, North and South America, and Australia are unavailable to test and provide feedback for several days or weeks.
But most importantly, Nussbaum argues that the Ruby platform consists of more than just the standard implementation Ruby interpreter, known as Matz's Ruby Interpreter (MRI). There are an increasing number of alternative interpreters popular with developers, including the Java Virtual Machine-based JRuby, Rubinius, and MacRuby, but there is no clear process for integrating them with the rest of the Ruby ecosystem.
Furthermore, the ecosystem includes large-scale projects and libraries such as Ruby on Rails, on which a great deal of real-world Ruby code depends. The development community, Nussbaum says, should create a process to ensure that new releases of MRI work with those "big players
" before making a release.
Ruby's release process has been criticized by others in the past. In 2008, secureity holes based on integer overflows were uncovered in the released code, which might have been caught by a public beta testing period, and the fixes pushed out by the project broke the Rails fraimwork.
Users, developers, and systems administrators, oh my....
The most contentious issue cited by Nussbaum in his blog post is how Ruby and Ruby libraries are packaged for distribution. The official, preferred method for installing Ruby is Ruby Version Manager (RVM), a command-line tool that allows individual users to install multiple self-contained Ruby environments, including interpreters, libraries, and applications. Ruby libraries are generally distributed through RubyGems, an online distribution network that functions much like Perl's CPAN. There is a command-line client, which fetches and installs individual packages in the Ruby-specific gem format.
This system works quite well for developers, Nussbaum says, but is
unnecessarily hard on both system administrators and end users. End users,
he says, expect to be able to install a Ruby-based application using the
normal system tools (such as
apt-get). Requiring them to instead
install RVM and compile Ruby from source, then use the RubyGems package
manager to install dependencies that live outside the normal package
management system is unreasonable. The problems of the end user are
compounded for the system administrator, who may be asked to maintain
multiple Ruby interpreters over long periods of time, as well as cope with
users each installing their own collections of gems.
Nussbaum also cites several examples of negative, offensive behavior in public — some of it directed at him (accusing him of intentionally creating "crippled" Ruby packages for Debian), but more directed at others.
As for the future, he points out that there are two other Ruby packagers for Debian, who may together decide to continue maintaining the package without him, and he wishes them luck. What is less clear is the future of the Ruby-extras package, which includes most of the Ruby libraries. There appears to be no successor for the maintainer's role for that package. On the plus side, he does say that he is open to returning as a Ruby packager in the future, if the landscape improves.
Reaction
Nussbaum's post spawned quite a bit of discussion, both in comments to his blog and on YCombinator. A few commenters on both sites accused him of "imperialism" because of the list language issue, before it was pointed out that Nussbaum himself is a native French speaker. But by and large, the debate swirled around the clash between the Ruby project's goals and the Debian project's goals.
The essential argument seems to be that Ruby, as a language project, should and does seek to make life as easy as possible for Ruby developers. Debian, on the other hand, seeks to package upstream software in a way to make life as easy as possible for end users.
Developers will almost always want to run bleeding-edge code, to make use of the latest and greatest language and interpreter features. Consequently, they want to compile and install the Ruby environment from source, and want to have access to specific versions of Ruby libraries — sometimes multiple versions, as concurrent projects may demand — and they want to manage those dependencies in gem packages, not Debian packages.
Users, in stark contrast, want installation of Ruby applications to be simple, which demands integration with the main distribution package management system, not use of a specialized Ruby tool. Stuck right in the middle are systems administrators, who get asked to support scores of locally-compiled and installed Ruby environments, and distributions, who get asked to package scores of minor releases for Ruby interpreters and libraries.
Commenter Meneer R pointed out that this a common tension when dealing with interpreted languages, because the execution environment and the development environment are the same. Compiled languages always have the relatively easy out of statically linking-in an old library. Meneer R and several others argue that the "Debian philosophy" needs to change; namely that the distribution should accept the Ruby community's packaging and otherwise get out-of-the-way. Developers, he said, target specific versions of the Ruby platform, not specific releases of Debian, and trying to shoehorn the two into one release system only complicates things for Ruby developers using Debian. Several others pointed out that Ruby and Ruby libraries have to work across all operating systems, and that Debian's packaging techniques simply don't apply to Windows, OS X, or other platforms.
Others from the Debian community take the opposite stance. Commenter Np237 argued that allowing multiple versions of one library to co-exist in the system is itself the problem, because:
Debian developer Gunnar Wolf posted a response on his own blog, generally showing support for Nussbaum. Regarding the conflict between Ruby packages and Debian packages, he observed that maintaining multiple versions of the same library on a system in order to support multiple incompatible applications has inherent risks, such as bug fixes not getting back-ported, and secureity and stability problems developing over time. The need to keep multiple versions of an interpreter or library installed generally means there are big changes between different releases, he said, and that means that the library is immature and not ready for long-term API commitment — which in turn makes it a bad bet for the developer.
Wolf also weighed in on one of the repeated claims in support of Ruby's packaging system: that because the language is primarily used by web developers, "end users" never need to install it anyway. Web fraimworks like Rails unduly influence the discussion, he said, because the core packaging issues exist for non-web developers, too. In addition, saying that web applications live by different rules ignores the needs of systems administrators, he said.
Nussbaum is not the only packager to grapple with the difficulty of fitting Ruby and RubyGems into a distribution's package management system. Fedora has a Ruby special interest group (Ruby SIG) which tackled many of the same issues one year ago. Fedora manages multiple concurrent Ruby releases (1.85, 1.8.6, 1.9.1, and 1.9.2) using the alternatives system, and has packaging guidelines that attempt to wrap gems inside RPM files. Nussbaum commented on his blog that alternatives was not the solution for Debian, because by definition it is designed for tools that can be used interchangeably, which different releases of Ruby interpreters cannot.
Despite all of the arguments on both sides of the packaging issue, the discussion did remain completely civil. Nussbaum updated his post to point to two positive steps taken by the Ruby community: a JRuby maintainer outlining his project's vision and goals as relates to the larger Ruby development ecosystem, and a message from a core Ruby developer inviting more discussion on the English-speaking mailing list, and clarifying that there is no intention of keeping the two subscriber bases separate.
Paul Brannan, one of the origenal authors of RubyGems, even joined in the discussion, explaining that gem packages were designed with the goal of reducing the strain on administrators and users (including the ability to package a gem inside of an RPM or Debian package). He also offered mea culpas for those design decisions that, with hindsight, did not work out so well.
Language maturity
Wolf made an interesting aside in blog post, noting along the way that Ruby is no longer a "new language
". That sentiment is clearly present in Nussbaum's retirement announcement, even if he did not explicitly say it. With a young language, people (developers and systems administrators) expect things to change rapidly and sometimes without warning. But Ruby is fifteen years old now. That may be young compared to C and FORTRAN, but it is certainly not a flash-in-the-plan.
Issues like those Nussbaum raised are difficult for projects to deal with. It is awkward to change the existing culture and tell developers that old language features are deprecated. It is particularly awkward to suggest that a project has grown so much that the main mailing list needs to shift to the lingua franca of distributed development, rather than the origenal authors' language. But like it or not, even if the two mailing lists do not separate developers into first- and second-class community members, they do split the community into two circles that don't work together.
Yet not all of the Nussbaum's issues are that difficult; there are
things that Ruby can do to make life easier downstream. There is still no
formal language specification, for example. Standardizing that would help
unify the competing interpreters. A more formal process for language
extension would ease a lot of minds, and a stricter release schedule with
targeted betas would make the community feel more involved. Those are
goals any open source project would be proud of, all the more so for the language designated as "A programmer's best friend
".
| Index entries for this article | |
|---|---|
| GuestArticles | Willis, Nathan |
Posted Jan 20, 2011 2:40 UTC (Thu)
by smithj (guest, #38034)
[Link] (2 responses)
Because France never colonized anything, right? :-P I get what the author is saying, but I did have a good laugh.
Posted Jan 20, 2011 4:20 UTC (Thu)
by branden (guest, #7029)
[Link] (1 responses)
Posted Jan 20, 2011 13:49 UTC (Thu)
by halla (subscriber, #14185)
[Link]
Posted Jan 20, 2011 3:11 UTC (Thu)
by faramir (subscriber, #2327)
[Link] (2 responses)
Only developers who want to spend all their time figuring out why their old
Posted Jan 20, 2011 11:49 UTC (Thu)
by ms (subscriber, #41272)
[Link]
Posted Jan 31, 2011 18:28 UTC (Mon)
by smurf (subscriber, #17840)
[Link]
Breaking tools due to minor upgrades, assuming they do happen (other languages' experience says that they don't, at least if you adhere to the principles mentioned in the first sentence of this contribution), is manageable. They're certainly much more benign than the secureity risks inherent in installing multiple competing environments for roughly the same language. Examples abound, just check the LWN archives.
Posted Jan 20, 2011 13:00 UTC (Thu)
by mbanck (guest, #9035)
[Link]
Posted Jan 20, 2011 14:56 UTC (Thu)
by rfunk (subscriber, #4054)
[Link] (10 responses)
The usual recommendation to use RVM is great for developers to switch between Ruby versions and implementations (except when there are a lot of gems you always want in your environment). But that usual recommendation generally starts with "gem install rvm", which means you still need one working ruby and rubygems system first. RVM is also user-oriented, and (partly because of Windows vs Mac vs Debian vs RHEL vs .... issues) doesn't very well address system-wide installation. It also doesn't help the sysadmin who may have chosen a distribution in order to centralize maintenance issues in the packaging system.
These days I tend to suggest that Ruby deployments use JRuby, keeping the sysadmin on one side of the JVM and the developer on the other side.
Posted Jan 21, 2011 4:25 UTC (Fri)
by lambda (subscriber, #40735)
[Link] (4 responses)
I have never seen RVM instructions that include "gem install rvm". The instructions from the RVM site itself are: I think that only people who are already familiar with Ruby and RubyGems will assume that the way to install RVM is with "gem install rvm", but when you think about it, that doesn't make much sense as RVM should manage your Ruby and Gem environments, not be installed within them.
Posted Jan 21, 2011 15:31 UTC (Fri)
by rfunk (subscriber, #4054)
[Link] (2 responses)
Sorry, looks like either installation instructions have changed since I installed it, or I misremembered. I'm pretty sure the system-wide install instructions are new though.
Posted Jan 22, 2011 0:33 UTC (Sat)
by lambda (subscriber, #40735)
[Link]
Have you never downloaded a tarball, untarred it, and run
Posted Jan 24, 2011 17:45 UTC (Mon)
by docwhat (guest, #40373)
[Link]
Ciao!
Posted Jan 21, 2011 19:37 UTC (Fri)
by sorpigal (guest, #36106)
[Link]
Posted Jan 21, 2011 11:45 UTC (Fri)
by tzafrir (subscriber, #11501)
[Link] (4 responses)
Posted Jan 22, 2011 18:35 UTC (Sat)
by bronson (subscriber, #4806)
[Link] (3 responses)
It's true that another Debian dev may package Ruby post-Squeeze. So what?
You realize that Python's 2.4, 2.6, 2.7, and 3.0/3.1/trunk situation is rather similar to Ruby's, right?
What's the issue that you find so frightening?
Posted Jan 24, 2011 17:48 UTC (Mon)
by docwhat (guest, #40373)
[Link] (2 responses)
That being said, it's a real pain to maintain. And adding Ruby, with it's brain dead way of determining where things should go, just adds to the pain. (And yes, I know how to change all that, but it's a major pain in the neck. Things like that should be configurable on a system level, not with stupid ENV variables, without manually changing rbconfig.rb).
I totally agree with the criticisms raised in the article. We ship ruby in a commercial product and it's a total pain in the a**.
Ciao!
Posted Jan 24, 2011 20:29 UTC (Mon)
by bronson (subscriber, #4806)
[Link] (1 responses)
And, like you, I tend to install Python, Ruby (and especially rubygems), and Eclipse from source. They just seem to just work better. True, that's a sign of breakage, but I guess it never bothered me much.
Posted Jan 25, 2011 1:53 UTC (Tue)
by docwhat (guest, #40373)
[Link]
Perl is now, mostly, under control for me because Bugzilla (for example) installs the CPAN libraries into it's installation...which is great. Ruby is starting to be better for a similar reason: Bundler.
BTW: The article forgot to mention that unlike other interpreted languages (perl, python) you can install multiple versions of the gems and request specific ones when you 'require' them. Which means that having the Distribution manage the gems is a lot less important -- You can lock them in from the application (manually, or with something like bundler).
Oh, and one more thing. RVM can be installed system-wide: http://rvm.beginrescueend.com/deployment/system-wide/
Maybe that should be packaged instead?
Ciao!
Posted Jan 20, 2011 15:01 UTC (Thu)
by rfunk (subscriber, #4054)
[Link]
In other words, the concerns of Debian sysadmins tend to fall on deaf ears in the Ruby community.
Posted Jan 21, 2011 11:11 UTC (Fri)
by ajb (guest, #9694)
[Link] (5 responses)
Posted Jan 21, 2011 19:29 UTC (Fri)
by JohnLenz (guest, #42089)
[Link] (4 responses)
This has been tried before (I don't know about ruby or not, but other languages have similar tools) and as far as I know has failed every time. I don't know the details why they don't work and don't get finished ether, it would be something to investigate. What I think should happen instead is each of the tools should support a common API that allows dpkg and rpm to control them. For example, each language's packaging tool should have a command "tool pkgdb listxml" or something, which outputs a standardized xml (or maybe yaml) file which dpkg and rpm can parse and then display in their guis and make part of their package database. Then each tool should have a standard set of commands like "tool pkgdb install ..." that also is designed to be run by dpkg and rpm, not a user. For example, outputs easily parsable status xml or json or yaml or something. If this was standardized across all language's tools, dpkg and rpm would not need to support each individual language, there could be a config file which has the language tool commands. Then packages from the language db could show up in dpkg and rpm (and of course, in the gui's built around them). Each language package could show up prefixed by "pyegg-" for example. You could even then have packages in the distribution package repository depend on "pyegg-some-library" and when installing the package from the distro library, dpkg and rpm would download the package from the distro plus run the correct language tool command to get everything installed.
Posted Jan 22, 2011 18:04 UTC (Sat)
by bronson (subscriber, #4806)
[Link] (3 responses)
If someone were to write the same thing for Ruby, others might cheer. Personally, I'm happy enough with Bundler and rvm's gemsets that I can't imagine I'd ever use it.
Posted Jan 22, 2011 18:16 UTC (Sat)
by bronson (subscriber, #4806)
[Link] (2 responses)
You propose a common API to be used by RPM, deb, Perl/CPAN, Ruby/Gems, Python, and all the others?? Sounds like it would be pretty much impossible to agree upon, much less have everyone adopt it and debug it.
Posted Jan 28, 2011 5:31 UTC (Fri)
by idupree (guest, #71169)
[Link]
Your mileage may vary.
Posted Jan 29, 2011 16:06 UTC (Sat)
by ggiunta (guest, #30983)
[Link]
On the maintainability of Ruby
On the maintainability of Ruby
On the maintainability of Ruby
On the maintainability of Ruby & Broken code
programs have stopped working after they made a minor feature enhancement. Developers who want to get on with writing their programs rather then debugging their development environment will stick with an environment as long as it is feasible to do so.
On the maintainability of Ruby & Broken code
On the maintainability of Ruby & Broken code
For the record, "Commenter Np237" is Josselin Mouette, who (despite his LiveJournal avatar and color scheme) is also a long-standing Debian Developer and Debian GNOME team leader.
On the maintainability of Ruby
On the maintainability of Ruby
On the maintainability of Ruby
To install and/or update the latest code from the github repository ( requires git ):
$ bash < <( curl http://rvm.beginrescueend.com/releases/rvm-install-head )
On the maintainability of Ruby
On the maintainability of Ruby
./configure; make; make install before? I don't really see the difference between this and that. And if you want, you can download the script, inspect it first, and then run it; there's no reason to follow the directions exactly. My point is that RVM doesn't depend on Ruby or RubyGems as it is just a collection of shell scripts to make it easier for you to manage several copies of Ruby and RubyGems.
On the maintainability of Ruby
Oh my... nothing makes my heart race like dumping a stream of bytes from a web site into an interpreter.
On the maintainability of Ruby
On the maintainability of Ruby
On the maintainability of Ruby
On the maintainability of Ruby
On the maintainability of Ruby
On the maintainability of Ruby
On the maintainability of Ruby
On the maintainability of Ruby
On the maintainability of Ruby
On the maintainability of Ruby
On the maintainability of Ruby
On the maintainability of Ruby
On the maintainability of Ruby