docs(adr): propose 12-month trailing window MSRV policy#3361
docs(adr): propose 12-month trailing window MSRV policy#3361bryantbiggs wants to merge 2 commits intoopen-telemetry:mainfrom
Conversation
Propose replacing the current N-3 version-count MSRV policy with a 12-month trailing window. The MSRV may be raised to any stable Rust release that is at least 12 months old. This is more conservative than the 6-month policy used by tokio, hyper, and tower, reflecting opentelemetry-rust's role as infrastructure. Motivated by the discussion in open-telemetry#3352.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #3361 +/- ##
=======================================
+ Coverage 82.2% 82.7% +0.4%
=======================================
Files 128 128
Lines 24626 24811 +185
=======================================
+ Hits 20267 20526 +259
+ Misses 4359 4285 -74 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
Hey @bantonsson and @paullegranddc ; for one helpful downstream anecdote - do we have a view on the Datadog side on MSRV? I note that dd-trace-rs is up at 1.84 vs the current MSRV of 1.75. Also @open-telemetry/rust-approvers I think we also need to carefully consider what our MSRV policy should be. On the one hand it feels like we are quite out of date and as @bryantbiggs has pointed out this has led to us missing out on some pieces on I will also share this in the slack to try solicit feedback ! |
|
|
||
| ## Ecosystem context | ||
|
|
||
| ### Rust ecosystem |
There was a problem hiding this comment.
despite their documented policy, they are all actually quite conservative and some are on 1.6* today.
There was a problem hiding this comment.
that is correct!
|
The ADR is well-researched, but I think we should be careful about the gap between policy and practice. The ADR cites tokio (6-month policy), hyper (6-month), and tower (6-month) as precedent. But their actual MSRVs tell a different story:
Even projects with aggressive policies bump conservatively in practice. We should learn from that. I'm supportive of documenting a guideline, but I'd prefer it to be framed as a recommendation rather than a policy that gets mechanically enforced. The 12-month window should communicate what's permissible to the community, not create an expectation that bumps will happen on a schedule. Maintainers should still exercise judgment - bumps should be motivated by concrete need (blocking dependency, std API replacing an external crate, security fix), not just because the window allows it. I'd also suggest separating the guideline from the actual bump. There's no urgency to bump right now. |
|
@lalitb @cijothomas could we consider framing this in terms of what would cause us to bump? |
Correct, see @cijothomas 's comment on this already above. and more to this point below
agreed, thats what the rule states:
Emphasis on
I don't quite follow - could you elaborate? there are no version bumps happening here, just the proposal of what policy the project might adopt for how it handles raising the MSRV |
|
You're right that the ADR says "may" not "will" - I was reacting more to the "Practical impact" section which seems to be read as "here's what we'd do immediately." That framing made it feel like the policy and the first bump were being proposed together. I'd suggest reframing that section to read as illustrative rather than prescriptive. Something like:
This keeps the section useful as context without implying an immediate bump to 1.85. It also avoids the
On the "why not follow the policy" question - I think the answer for tokio et al. is simply that the cost of bumping (downstream churn) usually outweighs the benefit unless there's a concrete motivator. The policy exists as a social contract ("we won't go newer than X"), not as a schedule. I think we're actually aligned here - I just want to make sure the ADR text reads that way to future contributors who might interpret a 12-month window as encouragement to bump proactively. The 12-month window as a ceiling is reasonable. No objections to the policy itself. |
+1 we should do that. |
|
we can update the language to make the language a bit clearer on "it could happen, its not guaranteed to happen just for the sake of a bump". And to Scott's point - perhaps a bit more definition around - "these are valid reasons to bump the MSRV" maybe something on some examples of whats not a fruitful, meaningful reason to bump. For example, getting to the next rust edition seems like a plausible reason to bump. its just a matter of how we phrase it so we don't get too overly pedantic on "if this yes, if this no" for every situation |
|
My only comment is: despite promising to support N to N-3 rust versions, we were quite conservative so far. (similar in tokio/tracing etc.) Previous bumps to MSRV did not receive any pushbacks (nothing I can find in this repo, or slack or personal conversations) #1554 has suggested to follow "forrecene", but they are well past 1.89 already. @lalitb mentioned earlier about Debian supported Rust versions, but we broken them already with our bump to 1.75 a year ago, and no issue was reported here. IOW, I am supportive of actually following the established policy and also the change the policy to what this proposes. If there are any issues that I am not seeing, happy to revise position. |
|
@djc I know you are not active here anymore, but we could use some insights from you on this topic given your expertise, provided you have bandwidth! Thanks in advance. |
|
Happy to vent my opinions: I mostly agree with what's being said. If you want to be a low-level (in the sense of a multiple-hop-transitive dependency of actual applications) library, especially one that might be depended on by other libraries (some of which are also low-level), it's important not to unnecessarily increase constraints on your downstreams. This may not be the same for all components in this repo -- the opentelemetry crate might be considered what's sometimes called a "vocabulary" crate, which might appear in downstream public API, while something like opentelemetry-jaeger-propagator is arguably a higher-level dependency that probably will usually be a direct application dependency. For low-level libraries, IMO MSRV bumps need to be well motivated, in that I usually prefer not to make changes unless there's substantial benefit to my downstream users (which might be different from there being benefit to me as a maintainer). One benefit might be upstream dependency deduplication -- that is, I might want to bump my MSRV so that I can pick up the latest semver-incompatible version of my dependency, which helps deduplicate dependencies for all of my downstreams. On the other hand, I will usually version my So my main goal generally (similar to what some of you have already pointed out) is that MSRV bumps need to be justified by some benefit, so something like this is useful:
This is a minor benefit, and probably not something I'd bump for. I'd also hope you have already dropped lazy_static in favor of once_cell everywhere to minimize dependencies, and that you're not exposing once_cell in public API (this is generally a concern for most upstreams that aren't themselves 1.x yet).
IMO this is more of a benefit, particularly if you have some
IMO the 2024 edition isn't all that desirable in most (library) contexts -- the MSRV aware resolver is not a benefit for libraries, only for applications, AFAICT, so I wouldn't bump for this. The other factor of course is support across your users. For example, Debian stable support might be a factor -- trixie (which has been out for 7 months or so) includes 1.85, so that might not be a blocker in this case. Here's some actual data: 
(Although this data might be skewed away from older versions due to various factors.) FWIW, for a bunch of the projects I maintain we picked 1.83 as a reasonable goal now. For the reasons explained, I think being conservative is a good default (definitely not picking up the most aggressive MSRV just because your policy allows it) and then bumps should come with compensating downstream benefits. Hope that helps. |
|
@djc Hey, where does your data come from, and is it publicly available? It seems super interesting and I couldn't find this kind of statistics when I looked for them some time ago. |
|
There happens to be some discussion going on in Zulip: lib.rs also has some nice stats: |
- Add "When to bump" section: bumps need concrete downstream benefit, window is a ceiling not a schedule - Rewrite "Practical impact" as illustrative (what levels enable) rather than prescriptive (what we'd do immediately) - Remove inaccurate num_cpus/num-format claims and MSRV-aware resolver selling point (only benefits applications, not libraries) - Add "Actual MSRV" column to ecosystem table showing policy-vs-practice gap in tokio/hyper/tower - Soften N-3 alternatives section to acknowledge practice divergence
6 participants
Summary
Proposes replacing the current N-3 version-count MSRV policy with a 12-month trailing window via a new ADR (
docs/adr/002_msrv_policy.md).Context
This was requested during the discussion on #3352. The ADR includes:
Practical impact
Under this policy the MSRV could immediately move from 1.75 (December 2023) to 1.85 (February 2025), enabling removal of
once_cell,lazy_static,num-format, andnum_cpusin favor of std APIs, plus eligibility for Edition 2024 and the MSRV-aware dependency resolver.Merge requirement checklist
CHANGELOG.mdfiles updated for non-trivial, user-facing changes