Request to reconsider not removing old releases.

[SayantanRC]

Is there an existing request for this feature?

• [X] I have searched the existing issues for this feature request and I know that duplicates will be closed

Is your feature request related to a problem?

Currently I am using NixOS, but I believe this will affect other linux distros too.

We are unable to download older versions (which are considered stable) of postman except the newest release. This might affect a lot of users.

Related issue link here: https://github.com/NixOS/nixpkgs/issues/259147

Is this behavior expected? If yes, is it possible to reconsider the decision?

Describe the solution you'd like

Keep older versions.

Describe alternatives you've considered

No response

Additional context

No response

[chasecaleb]

For an example of the impact, this effects myself and a significant number of coworkers in dev and QA roles. We appreciate Postman, but this causes enough friction for us that we may be forced to switch to another tool instead if this change is not reconsidered.

[numaanashraf]

@SayantanRC Thanks for writing in. We recommend being on the latest version as they contain all the security and reliability patches and are considered stable.

How can we help get the version of Postman in nixpkgs updated to the latest version?

[SayantanRC]

How can we help get the version of Postman in nixpkgs updated to the latest version?

@numaanashraf I am not very much aware of how nixpkgs functions, but I believe the model is similar to node js lock file. NixOS is all about reproducible builds. Hence if a person is on NixOS 23.05 (stable release), they will always get Postman version 10.12.0. This makes it such that any other colleague who is on NixOS 23.05 will also be able to test code on 10.12.0 version of Postman itself, there won't be any version mismatch.

There is an unstable branch in NixOS that gets regularly updated. But if anyone is using nix flakes to get reproducibility, then they will also face the same trouble when older builds are unavailable (I think).

Always rolling over to the latest Postman version, even for the stable releases goes directly against the NixOS philosophy in my opinion.

Anyone with more know-how regarding this, please feel free to correct me.

[heismauri]

Please reconsider re-uploading them, I have to download an older version too.

[numaanashraf]

@heismauri There are no plans to re-upload or distribute old versions as these lack the relevant reliability and security patches. How can we help you use and be on the latest version?

[anna328p]

This seems equivalent to publishing a package foo on npm and deleting v1.0.1 when you release v1.0.2. Any package that has foo 1.0.1 in its lockfile will fail to build, which is an issue for (at least) reproducibility, bisecting, etc.

Nixpkgs uses a model very similar to lockfiles (though a little different for historical reasons). Dropping older releases of postman breaks older commits of nixpkgs from building.

[heismauri]

@heismauri There are no plans to re-upload or distribute old versions as these lack the relevant reliability and security patches. How can we help you use and be on the latest version?

As mentioned repeated times before, forcing a login when using certain features leads to people needing to use older versions in order to keep using your product. The only way to use the latest version if you rollback forcing a login when using collections, which looks like it is a hill Postman's team will die on. So sadly, you can't help me unless my opinion matters in some way and you guys decide to rollback that.

[tldzyx]

Is there any one provide other way to store and shared the old version, we need it.

[emptyflask]

Removing old releases is hostile to users. We need to be able to download specific versions for NixOS (same for Guix or any other OS with a deterministic build system)

This seems like it's an attempt to lock users into whatever new "features" are added, to ensure everyone pays, and no one can circumvent it by using older versions. Security and bug fixes are just a poor excuse. You don't see outdated, insecure versions of the linux kernel, openssl, etc. being sent to the memory hole.

[emptyflask]

I was asked to copy my comments from the Postman community board here.

I’m trying to install a newer release of Postman on NixOS, which attempts to download https://dl.pstmn.io/download/version/10.18.6/linux64 – but this is now a 404.

From some casual testing, it appears that latest is the only version option available. Perhaps someone thought you should only be able to get the latest and greatest release, but this does not work with a deterministic build system.

It looks like this happened before, Download specific version of postman, presumably they were restored at some point, and now they’re gone again.

[emptyflask]

Since the Postman team doesn't seem to be interested in being helpful here (for paying customers, I might add), Bruno with a shared git repo is looking like a viable alternative.

[SMFloris]

I am sad to see that the Postman team decided to go this route and basically let go part of their users. We will drop any Postman usage starting Monday in our company and will use OSS alternatives. This was the one software our Tech CS and QA that was not OSS, but was friendly and flexible for them to use. Oh well, lesson learned.

[chasecaleb]

I am sad to see that the Postman team decided to go this route and basically let go part of their users. We will drop any Postman usage starting Monday in our company and will use OSS alternatives.

Same situation here in my company with ~50 Postman users. Just want to share this in case it convinces Postman to reconsider.

[DSchau]

Hey folks (@chasecaleb @SMFloris @emptyflask) we do hear you here at Postman.

What we'd love to understand is why you are interested in the older versions. In reading this thread, I've seen a few reasons presented thus far:

1. Older releases may be seen as more stable in some way
   • This isn't necessarily true, we ship many security releases, bugs, and so on in each release of Postman, but perhaps there's more nuance in this reason I am not capturing?
2. Sign-in / login is required
   • We don't plan on changing this decision (for many reasons, detailed here), however I will note that the Lightweight App Client does not require a sign-in and can be used in latest versions of Postman

Are there other reasons that haven't yet been captured for why folks would like older releases? Further still, 2 could be explained further. Why are folks unable to use a product with a login? (as an example, we're right now communicating to one another with a product that requires a login)

I am genuinely curious and would love to figure out the why behind these requests to see if there are other avenues we could pursue and enable as many of you as possible to continue using Postman. If folks are interested and would like to chat with me, please feel free to e-mail me at dustin.schau@postman.com (and keep using this thread, I'll keep monitoring it!) and I'd love to investigate this further.

[emptyflask]

@DSchau in the case of Nix/NixOS, the package manager needs to match a known sha256 hash (stored in the package repo) with a specific version.

This means that on such a declarative system, we're unable to install Postman until someone notices that the build is broken, submits a pull request with the new hash, and it makes it's way downstream to the end users.

Being able to lock to a predictable release is core to systems like NixOS, a bit like how package.lock is used on a project that uses nodejs, only more strict.

While newer versions of a program itself might be more stable, its place within a whole ecosystem may not be, and it's the end user that gets to make that determination.

I'm not interested in running some ancient version of Postman. I just need to be able to download a known one.

[DSchau]

@emptyflask makes sense! The reference to package-lock.json especially makes sense, since that's something I'm a bit more familiar with.

Would you be open to walking me through (you can e-mail me, Twitter DM, etc. whatever works best for you) how other products are adopted in NixOS? Perhaps there's some kind of eventing we could expose or document that would at least make the process less broken for your team, but I can't say I fully understand how packages get added in the NixOS world currently.

I'm not interested in running some ancient version of Postman. I just need to be able to download a known one.

I hear this loud and clearly, and appreciate it!

[emptyflask]

@DSchau I don't mind communicating here, especially since others can be part of the conversation. This is essentially how nix derivations will download a program (the version in this example is specified in the calling function here). This is a public repository, and users contribute to it via pull requests.

To answer the other part of your question, yes in theory you could open a PR whenever a new version is released and/or act as the package maintainer for postman, but this assumes that the end user is (or is willing to be) always on the bleeding edge of nixpkgs, and they would still have to tolerate broken system builds during the time it takes to propagate these changes. Postman would have to work differently from the other 80,000+ packages that are maintained, in a way that is antithetical to the OS. I think the community would rather remove Postman from nixpkgs.

[DSchau]

Interesting. So then PRs to NixOS for Postman would ideally happen whenever a new version is released. As an example, here's the PR updating to 10.18.6: https://github.com/NixOS/nixpkgs/pull/257173 which now breaks for users since the hash has since changed.

And since the link in that pull request no longer works, NixOS users are left with broken builds when that link is removed.

Yeah, I guess the automation I was referring to isn't as useful here. There are tools more in the Node space like Renovate that automatically update locked dependencies when they change, so I was curious if something like that may improve the situation.

This is helpful context, and an example of where persisting at least some older versions of Postman could be advantageous. Thank you! We'll discuss and follow-up as soon as we can.

[PierreBeucher]

Hey there, any news on this? Postman is broken (again) on the most recent stable version of NixOS. As stated before, being able to download "old" release (such as a version set in a .lock file like JS, Nix and countless other tools) seems a natural thing to do for your users.