> One easy improvement, when using github, is to allow/ensure package owners point to a > specific release/tag .zip file and not worry about the checksum as nothing is going to > change until a new release/tag is specified.
It is not as easy as it seems. Let's say I write module A which uses specific versions of packages B and C. Packages B and C both use package D. Here is the twist: package B is written to use the latest version of package D and C uses version 42. Now package D is updated. The checksums of B and C do not change, but the behavior of B might. /Jens Axel 2013/8/26 Lawrence Woodman <lwood...@vlifesystems.com> > Hello, > > I have been really impressed with Racket after using it for a month, but am > worried about the move away from a central repository for storing each > version of a package. I can see the advantage and simplicity of the new > system, but worry that relying on package creators to manage their packages > correctly could be creating a house of cards and see several problems with > this: > > i. If a package owner releases a change that breaks the API > (intentionally or > unintentionally), then the packages and applications that depend > on it will no > longer function and will be unable to do anything about it. If > each package > version was stored then anything that depended on it could specify > that it > needs a previous version to work. > > ii. If the owner of a package stops hosting it then the scenario above > would again > happen. > > iii. When used with github, most people will point to their master > branch, which > if being used collaboratively could be quite unstable. The users > of the package > probably won't have any knowledge of this and will only find out > when their > applications or packages keep breaking. The easiest way of > thinking about this > is if we were all forced to work with the latest commits from the > master branch > of Racket and there were no versioned releases. > > iv. It is hard to identify bugs and fix bugs while supporting users > of a package if > you can't identify which version they are using. > > This is such a cause for concern to me because I'm developing an open > source > application to be used commercially and need to be able to maintain a > certain level > of stability. I could just keep copies of stable packages, but this > strikes me as > going against the simplicity intended for the new package manager. If > Racket > is to have any level of success commercially then there will be a lot more > people > and companies worried about this and hence it could really stifle > commercial adoption. > > Has any thought been given to any of these problems and are there any plans > to mitigate them? > > One easy improvement, when using github, is to allow/ensure package owners > point to a > specific release/tag .zip file and not worry about the checksum as nothing > is going to > change until a new release/tag is specified. > > > Best wishes > > > > Lorry > > > -- > vLife Systems Ltd > Registered Office: The Meridian, 4 Copthall House, Station Square, > Coventry, CV1 2FL > Registered in England and Wales No. 06477649 > http://vlifesystems.com > > ____________________ > Racket Users list: > http://lists.racket-lang.org/**users <http://lists.racket-lang.org/users> > -- -- Jens Axel Søgaard
____________________ Racket Users list: http://lists.racket-lang.org/users
