[racket] revoking PLaneT packages?

From: Neil Van Dyke (neil at neilvandyke.org)
Date: Tue Oct 26 22:12:08 EDT 2010

Danny Yoo wrote at 10/26/2010 09:50 PM:
> Is there a procedure ready for revoking old PLaneT packages?  Some of my packages are obsolete or dead enough that I'd like to disable them from being served by PLaneT, or at the very least, I'd like PLaneT to warn the user that the package is dead.  Is there a standard procedure for doing marking a PLaneT package so?

Probably we should characterize the ways that a package might be 
"obsolete" or "dead".  Examples:

* Package was trojan.

* Package has stopped working completely, due to some change in the 
world.  (Example: package's only use was to scrape a live eBay site, but 
eBay changed their HTML and broke the scraper, and package has zero 
possible use now.)

* Package no longer works with current Racket version, due to changes in 
Racket.

* A grave defect has been discovered in package, such as a security 
vulnerability or erroneous calculation, and cannot or will not be fixed.

* Core Racket functionality now makes the package redundant.

* Package works, but developer no longer wishes to maintain package.

I would say that most of these are grounds for a "deprecated" metadata 
flag, and perhaps new minor version that documents the issue.

Only in the case of a trojan would I suggest removing the package, however.

Even in the second case (i.e., change in the world, and no other use), 
we could imagine someone's research needing the package, perhaps in a 
simulated world.

Separately, in the case of a developer no longer wishing to maintain a 
package, but someone else taking it over, there could be a final minor 
version under the authority of the original developer's account that 
requires and re-exports a version under the authority of the new 
developer's account.

-- 
http://www.neilvandyke.org/


Posted on the users mailing list.