[plt-scheme] Using PLaneT Packages in a Production Environment

From: Neil Van Dyke (neil at neilvandyke.org)
Date: Tue Jan 13 22:15:32 EST 2009

If one has a system that uses PLaneT packages, and for security reasons 
we absolutely do not want the deployed system fetching anything from a 
public PLaneT repository, what's the best way to manage that?

One question I'm debating is whether to: (1) have "planet" "require" 
specs in the code and to supply those packages in vetted form to a 
deployed system (via, e.g., a pre-constructed ".plt-scheme/planet/" 
cache); or (2) pull versions of PLaneT packages into normal collections 
in our configuration management system, and use non-"planet" "require" 
specs for them.

Our system does *not* need multiple versions of the same package, if 
that matters.

We'd also want to disable access to the PLaneT repository, such as by 
setting an environment variable or a Scheme parameter.

Any thoughts appreciated.

(There's a chance I asked this months ago, but I can't find it.)


Posted on the users mailing list.