derivepassphrase bug remove-click¶
Bug details: Remove the dependency on click
| Class | bug | This is clearly an actual problem we want fixed. |
|---|---|---|
| Priority | high | This should be fixed in the next release. |
| Difficulty | tricky | Needs many tuits. |
| Present-in | 0.1.0 0.1.1 0.1.2 0.1.3 0.2.0 0.3.0 0.3.1 0.3.2 0.3.3 0.4.0 0.5 0.5.1 0.5.2 0.6 | |
click, the library which derivepassphrase uses to implement its command-line interface, used to have a very stable and essentially unchanging API (up until v8.1.8) due to a maintenance bottleneck.
Several larger, backwards incompatible changes to click were in preparation, but withheld until the next major release.
In August 2025, a group of volunteers released click v8.2.0, immediately implementing these withheld changes, without a deprecation period.
This caused both derivepassphrase’s command-line machinery and the test suite to immediately break because of changes in class hierarchies and function signatures.
The volunteers have since (March 2026) released multiple further versions, some of which include similar compatibility breaks without deprecation periods (e.g. flag value handling in v8.3.0).
This difference in library design philosophy is not reconcilable with derivepassphrase’s pledge to backwards compatibility.
derivepassphrase does not actually depend on functionality specific to click; any command-line creation library would principally do equally well.
derivepassphrase also needs to customize and reconfigure large parts of click’s infrastructure to better adhere to its use case – UNIX-style command-line interfaces, in contrast to click’s OS-native command-line interfaces.
The cost-benefit ratio of click v8.2.0+ is thus too high to justify its continued use.
Therefore, remove click as a dependency, and reimplement the command-line interface and testing machinery without it.
Until then, pin click to v8.1.8, the last version adhering to the de facto stable API.