[racket] Worried about the new package manager not storing each version of a package
> One easy improvement, when using github, is to allow/ensure package
owners point to a
> specific release/tag .zip file and not worry about the checksum as
nothing is going to
> change until a new release/tag is specified.
It is not as easy as it seems. Let's say I write module A which uses
specific versions of packages B and C.
Packages B and C both use package D. Here is the twist: package B is
written to use the latest version of
package D and C uses version 42.
Now package D is updated. The checksums of B and C do not change, but the
behavior of B might.
/Jens Axel
2013/8/26 Lawrence Woodman <lwoodman at vlifesystems.com>
> Hello,
>
> I have been really impressed with Racket after using it for a month, but am
> worried about the move away from a central repository for storing each
> version of a package. I can see the advantage and simplicity of the new
> system, but worry that relying on package creators to manage their packages
> correctly could be creating a house of cards and see several problems with
> this:
>
> i. If a package owner releases a change that breaks the API
> (intentionally or
> unintentionally), then the packages and applications that depend
> on it will no
> longer function and will be unable to do anything about it. If
> each package
> version was stored then anything that depended on it could specify
> that it
> needs a previous version to work.
>
> ii. If the owner of a package stops hosting it then the scenario above
> would again
> happen.
>
> iii. When used with github, most people will point to their master
> branch, which
> if being used collaboratively could be quite unstable. The users
> of the package
> probably won't have any knowledge of this and will only find out
> when their
> applications or packages keep breaking. The easiest way of
> thinking about this
> is if we were all forced to work with the latest commits from the
> master branch
> of Racket and there were no versioned releases.
>
> iv. It is hard to identify bugs and fix bugs while supporting users
> of a package if
> you can't identify which version they are using.
>
> This is such a cause for concern to me because I'm developing an open
> source
> application to be used commercially and need to be able to maintain a
> certain level
> of stability. I could just keep copies of stable packages, but this
> strikes me as
> going against the simplicity intended for the new package manager. If
> Racket
> is to have any level of success commercially then there will be a lot more
> people
> and companies worried about this and hence it could really stifle
> commercial adoption.
>
> Has any thought been given to any of these problems and are there any plans
> to mitigate them?
>
> One easy improvement, when using github, is to allow/ensure package owners
> point to a
> specific release/tag .zip file and not worry about the checksum as nothing
> is going to
> change until a new release/tag is specified.
>
>
> Best wishes
>
>
>
> Lorry
>
>
> --
> vLife Systems Ltd
> Registered Office: The Meridian, 4 Copthall House, Station Square,
> Coventry, CV1 2FL
> Registered in England and Wales No. 06477649
> http://vlifesystems.com
>
> ____________________
> Racket Users list:
> http://lists.racket-lang.org/**users <http://lists.racket-lang.org/users>
>
--
--
Jens Axel Søgaard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.racket-lang.org/users/archive/attachments/20130826/6dcf9fbb/attachment.html>
![[logo]](/logo.png){kind=logo}