-
-
Notifications
You must be signed in to change notification settings - Fork 907
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent deletion of ineligible gems with validations. #4631
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #4631 +/- ##
=======================================
Coverage 97.09% 97.09%
=======================================
Files 392 392
Lines 8254 8270 +16
=======================================
+ Hits 8014 8030 +16
Misses 240 240 ☔ View full report in Codecov by Sentry. |
01715f7
to
2fe3e08
Compare
Good to delete controller check now? |
2fe3e08
to
149f5d1
Compare
149f5d1
to
6f6ebc8
Compare
The primary problem I see here is that rubygems.org takes away control from gem authors, without rubygems.org itself providing (and maintaining) these gems on their own. So, one "workaround" for this, even though it is not a very good one, is account deletion; and then subsequent re-publishing of the code on e. g. github, gitlab or anywhere else where it may be hosted then. Different gem authors handle their own gems differently, of course. Some never delete their old gems, such as hexapdf's author: https://rubygems.org/gems/hexapdf/versions Others sometimes delete old gems, for different reasons - see Andy's glimmer project: https://rubygems.org/gems/glimmer/versions From about 120 versions or so, Andy deleted only six releases. And then others only want to maintain one version officially, which means older versions I am not necessarily saying that rubygems.org has no valid opinion here, mind you. You However had, what this change factually means is that control is shifted away from gem Correct me if I am wrong, but on other code hosting platforms such as Microsoft's github, we https://bundler.io/guides/git.html (Technically we can say that all versions on github.com are always logged due to how git itself The 30 days limitation is also an awkward limitation. What is the rationale for that? With The best solution would have been to not handicap gem authors with such changes Naturally I understand that the policy is aimed towards giving gem USERS more These strange policy changes started to happen in the last few years; in the Another problem I have is that these changes seem to come from (semi?) By the way, one thing I also realised ... if people host on github, and bundler Irrespective of the above, differences of opinion, I believe we should propose
And this, in theory, can exist multiple times. So, one is created by user Joe, the
And it would return :Joe or :Fred depending on who created the module initially. People can still merge such modules together, such as "module Configuration", Unfortunately ruby core requires authenticator apps these days to make suggestions, (Ruby core can also have such ownership, e. g. the core stdlib and bundled gems Last but not least, I also think ruby core should help oversee rubygems.org in "spirit". |
I believe you that this has inconvenienced you. Even though you disregard me as if I'm some "random" person, I hear where you're coming from and respect your input. We plan to implement ways for authors to disavow ownership of gem versions or mark them deprecated, partly because of your feedback. The fact is that we're dealing with other issues and we're making these policies to address larger risks. You decided to delete your account within 24 hours of the policy being enacted and ultimately decided to attack many of the people involved. I would have appreciated a more measured approach but you are free to leave (and you helped us discover that we had not enacted policies around account deletion, thanks) Rubygems.org has the right to retain and distribute work that is licensed to us for distribution. If you do not wish to participate in the community in the way is constructive for everyone, then you may host your code elsewhere. I understand your feedback despite your insults. If you choose to come back we will make your gems available to you again if you wish. We plan to allow version and gem deprecation with messages to address your and other's concerns, however we were faced with other threats that made it necessary for us to make this change immediately and then take feedback afterwards. Ultimately, I'm sorry that this struck a nerve for you and I wish we could have done this in a way that hurt no one. It just happens that you're also the very highest user of yank on all of rubygems.org by a wide margin. If anyone was going to be impacted, it's you. I'm sorry for that and we will continue to work to make rubygems better for everyone. |
No description provided.