ColPrac icon indicating copy to clipboard operation
ColPrac copied to clipboard

Published 20 hours ago verified publisher icon SciML

update yank section

Open rafaqz opened this issue 1 year ago • 7 comments
trafficstars

yanked = true is rarely merged in the general registry these days, so we should edit the recomendations to point towards editing Compat.toml instead.

Possible a concrete example will help here?

rafaqz avatar May 06 '24 17:05 rafaqz

Some comments from @StefanKarpinski on slack regarding the current permissible context for yanking:

  • If a version is actually dangerous to use, it should be yanked
  • Like it has a security vulnerability or someone accidentally committed an rm -rf / call
  • “Oops, I released a version with a bug” is not a reason

And in response to: "But the readmes for general registry and ColPrac still both say to yank if you register a version with too wide compat bounds"

  • No, that’s not right. You should just fix the compat bounds in the registry
  • And ideally, also make a release that has the right bounds in the project file
  • Largely just because it’s confusing when those don’t match

rafaqz avatar May 06 '24 18:05 rafaqz

See also:

Add guidance recommending yanking in General part 1: JuliaRegistries/General#102636 part 2: JuliaRegistries/General#104800

Ongoing difficulties of retroactive compat bounds adjustment: JuliaRegistries/General#104849

Parallel PR to General: JuliaRegistries/General#106278

I recommend that this PR follows the course of JuliaRegistries/General#106278, whatever that happens to be.

LilithHafner avatar May 06 '24 23:05 LilithHafner

But in practice compat bounds are preferred, and yanks are rejected: https://github.com/JuliaRegistries/General/pull/102850 https://github.com/JuliaRegistries/General/pull/104235

These guidelines should match practice?

@giordano

rafaqz avatar May 07 '24 06:05 rafaqz

That is inconsistent with what's normally done. Normally the compat bounds are not manually updated. As @LilithHafner points out, it's recommended that devs don't manually muck with compat bounds like that because there's many issues that can crop up and no tools. That's just weird. That should've been a yank.

ChrisRackauckas avatar May 07 '24 06:05 ChrisRackauckas

See comments by @StefanKarpinsky above too... he said compat bounds! This is all very confusing.

rafaqz avatar May 07 '24 06:05 rafaqz

That's not how it's generally done in General though? Compat bounds changes to General are not merged because they aren't even adequately tested: you have to manually test whether the registry version you get will be installable. If you do it wrong then CI can pass but you can then crash all installations. That's why it stopped being recommended.

ChrisRackauckas avatar May 07 '24 06:05 ChrisRackauckas

The compat changes above were first reccomended and then merged by @giordano

The yank was closed. I had another yank merged only after seriously pestering people on slack.

(I prefer the yank too Im just trying to resolve guidelines with practical experience)

rafaqz avatar May 07 '24 06:05 rafaqz