[racket-dev] [plt] Push #27862: master branch updated

From: Jay McCarthy (jay at racket-lang.org)
Date: Thu Nov 28 09:57:47 EST 2013

And similarly, the package system is a social curation system to
monitor packages for good behavior, which planet does do (but could
have and could now.)

Jay

On Thu, Nov 28, 2013 at 7:56 AM, Robby Findler
<robby at eecs.northwestern.edu> wrote:
> In short "yes". But that short answer isn't where we should stop. :) Really,
> this is about a design decision that's different between planet and the
> package system: in planet, "running" a program was sufficient for installing
> packages. In the package system you have to take an explicit step to
> "install" the package.
>
> I used quotes there because the devil is a bit in the details here (as Jay
> points out with his "some macro tricks" comment) but really what we're
> talking about is that design difference and UX issues. Overall, I feel like
> the package system's different design decisions are the right way to go but
> that we should keep planet being planet (and Jay and I had a discussion
> about that offline), which is why he reverted one of those commits.
>
> And to clear up the check syntax thing: there is no way that online check
> syntax could have installed a planet package (or, for that matter, made any
> changes to your file system). You would have had to Run the program or
> explicitly ask for it to be compiled or something like that.
>
> Make more sense?
>
> Robby
>
>
> On Thu, Nov 28, 2013 at 8:44 AM, Matthias Felleisen <matthias at ccs.neu.edu>
> wrote:
>>
>>
>> Am I naive or isn't any download of any package opening the door to such
>> tricks?
>>
>>
>> On Nov 27, 2013, at 8:46 PM, Jay McCarthy wrote:
>>
>> > On Wed, Nov 27, 2013 at 6:27 PM, Robby Findler
>> > <robby at eecs.northwestern.edu> wrote:
>> >>
>> >>
>> >>
>> >> On Wed, Nov 27, 2013 at 7:21 PM, Jay McCarthy <jay at racket-lang.org>
>> >> wrote:
>> >>>
>> >>> If I have background expansion on, then when I open that file it
>> >>> installs the package.
>> >>>
>> >>
>> >> As I wrote in my previous message, it doesn't do that for me. And I
>> >> don't
>> >> see how it could do that, actually. Are you saying that you tried this?
>> >
>> > Yes. I put that in a file and opened it up with DrRacket then got the
>> > "Can't download a Planet package" error message as-if the install were
>> > stopped.
>> >
>> >> Can you explain how you have configured DrRacket to disable the
>> >> security
>> >> guard that is installed by the background expansion process, please?
>> >
>> > Perhaps my trial was bad because the security guard would have stopped
>> > the network access but my error stopped the library from attempting
>> > the network access?
>> >
>> > Regardless, "Check Syntax" (I think?) or compilation in Racket would
>> > have installed it. [Now, obviously the same macro tricks could
>> > explicitly call download/install-pkg... but I think it is a bit feeble
>> > to say "Check Syntax" should make no attempt to prevent package
>> > installation.]
>> >
>> >> Meanwhile, I would like to point out that your commit has completely
>> >> disabled planet. No packages can be installed. Did you run any test
>> >> suites
>> >> after making this change?
>> >
>> > I tried to install and fetch some packages. I see now that I committed
>> > in the "racket/collects" directory but the changes to make that work
>> > were in the "pkgs/planet-pkgs" directory so I stupidly missed them.
>> >
>> > Jay
>> >
>> >> Robby
>> >>
>> > _________________________
>> >  Racket Developers list:
>> >  http://lists.racket-lang.org/dev
>>
>

Posted on the dev mailing list.