[libvirt PATCH 0/5] Formalize the deprecation of arguments in virsh

Michal Privoznik mprivozn at redhat.com
Tue Mar 23 14:19:44 UTC 2021 

On 3/23/21 3:04 PM, Peter Krempa wrote:
> On Tue, Mar 23, 2021 at 14:50:09 +0100, Michal Privoznik wrote:
>> On 3/23/21 2:42 PM, Daniel P. Berrangé wrote:
>>> On Tue, Mar 23, 2021 at 02:36:19PM +0100, Michal Privoznik wrote:
>>>> On 3/22/21 5:09 PM, Tim Wiederhake wrote:
>>>>> virsh has several arguments that are better not used. This series introduces
>>>>> a formal way of marking them as deprecated.
>>>>
>>>> Commit messages are rather sparse. What we currently have is hiding options
>>>> we deem obsolete from users and replacing them with better ones (just :Ggrep
>>>> VSH_OT_ALIAS). No error message, no warning. What makes these you picked
>>>> special? I'm not against reporting that an option is obsolete, but I don't
>>>> quite understand why we need a different way for obsoleting those three.
>>>
>>> Also the general idea of deprecation is that the thing will be deleted
>>> eventually, which is not something we intended to do with these options.
>>> Basically there's a better way to do these things, but we're not going
>>> to break existing usage, so if users are happy with what they're doing
>>> they don't need to change.
>>>
>>
>> To be fair we never promised virsh to be stable, did we? We are trying to
> 
> I'd say we do, at least for the reasonably machine-usable interfaces
> (for output [1]), thus any input options should be treated as such.
> 
>> keep it as backwards compatible as we can (and so far I guess we didn't have
>> a single instance of bad example), but I wouldn't mind telling users (esp.
>> in interactive mode) that --optionX is now called --optionY.
> 
> Well, that's what we do with the alias and documentation changes. But
> removing --optionX completely would be wrong:

Just to be clear, I am not advocating for removing anything.

> 
> - It needlessly breaks scripts
> - If you decide to print a deprecation warning, the code usually won't
>    be much simpler.
> - most cases are covered by use of _ALIAS to a better name
> 
> The only thing that IMO should be removed but I didn't for compatibility
> is the 'secret-set-value's 'base64' parameter as that is insecure. There
> isn't a compatible replacement though.
> 

That's debatable. Its not much worse than reading from a file. I mean, 
who has access to my $HISTFILE? Only me and root and in both cases the 
secret can be changed or read from the file (if the file is not deleted 
right away, and even then it could be recovered). Many tools accept 
passwords in clear text on cmd line (e.g. curl, wget). If anything, we 
could document why --base64 is dangerous (if we haven't done so yet).

Michal

More information about the libvir-list mailing list