New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add equivalent to NPMs `private` field #298

Open
sol opened this Issue Jul 11, 2018 · 2 comments

Comments

Projects
None yet
2 participants
@sol
Owner

sol commented Jul 11, 2018

NOTE: This is an idea. Feedback is very much welcome!

https://docs.npmjs.com/files/package.json#private

When a user adds

private: true

to package.yaml he wants to guard against accidental publication of the package.

Build tools like stack can look at this information and refuse to publish it if it's set to true.

An other method, that does not require any support from build tools, would be to generate a .cabal file that will be rejected by Hackage when private: true.

@sol sol added the idea label Jul 11, 2018

@sol sol changed the title from Add equivalent NPMs `private` field to Add equivalent to NPMs `private` field Jul 11, 2018

@tfausak

This comment has been minimized.

Collaborator

tfausak commented Jul 11, 2018

I used to use license: AllRightsReserved to mark a package as "private". However it looks like the SPDX changes in Cabal have made that invalid:

unexpected Unknown SPDX license identifier: 'AllRightsReserved' You can use
NONE as a value of license field.

Setting license: NONE and running cabal check spits this out:

The following errors will cause portability problems on other environments:
* The 'license' field is missing or is NONE.

Hackage would reject this package.

So maybe setting private: true could set license: NONE?

@sol

This comment has been minimized.

Owner

sol commented Jul 11, 2018

So maybe setting private: true could set license: NONE

That is a good point; omiting license all together should have the same effect I guess.

This also means that a user can already simulate this feature by simply omitting license from package.yaml. Maybe this is already good enough?

I used to use license: AllRightsReserved to mark a package as "private". However it looks like the SPDX changes in Cabal have made that invalid:

hpack will continue to support traditional cabal license identifiers, including AllRightsReserved, alongside SPDX license expression. If cabal-version is >= 2.2 traditional license identifiers are mapped to SPDX license expressions. AllRightsReserved is mapped to NONE. I updated the README f549945.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment