packagist
packagist copied to clipboard
composer
Projects deleted from GitHub should be removed from Packagist
I ran into a project on Packagist (kherge/doctrine) that refers to a GitHub project that no longer exists. As far as I can tell this makes this package broken as nobody will be able to install it.
I asked #composer-dev how things like this should be handled. kherge looks to be active so it would probably be easy enough to send a ping and request the maintainer delete the project (if it is within the limits), but in the case that a maintainer is not able to be contacted what should be done?
Igor suggested packages be removed if their repository is throwing known "this thing has been deleted" responses for at least a certain period of time.
maybe set a deletedAt flag the first time and if that exceeds 5 days, remove the package? — @igorw
Would 5 days be enough? Is there something already in place that we could bolt this onto? Maybe the "deleted branch" pass or something?
Of course the downside would be any project whose repository is legitimately down for an extended period of time and just happens to miss a couple of cycles of "are you still there?" requests.
I do get emails from the cron job with a bunch of links to packages that look gone, I just don't have time to go through them :)
I mean, I don't think it's good to make this automatic because sometimes the repo just got renamed and the guy forgot to update on packagist, stuff like that. But manually checking takes time.
Yeah, I guess that is what prompted my question in #composer-dev, what is the process for reporting issues like these when we find them? Pinging @Seldaek did not seem like a scalable solution. :)
Maybe we can find a way to crowdsource some of your timesinks? A small team of moderators could check a "these packages have been unreachable for 2+ weeks now, please verify they are actually missing and either [force update] or [delete] them." Only people with proper permissions can see the page and they would only ever be able to do these commands on repositories that have been unavailable for at least 2+ weeks.
On the other hand, humans meddling in the affairs of which packages should deleted might be worse than an automated process. :)
Maybe instead this can go in with #192? We could have an additional automated "possibly deleted/definitely broken the last time I checked" flag that would also show up on the UI and alter the search results accordingly (dim, red, "!" icon, whatever we decide is appropriate).
I have deleted the myak/component from the github, however it still visible in packagist.org, I need to delete it to from packagist.org. There was delete button but I can't see it now for some reason...
I think it would be useful to have the "Sync" button and it is how travis handles such case, it has "Sync now" button in its user interface (Accounts -> user name -> Repositories tab).
I have some packages that were deleted from github, some of them I have deleted manually from packagist with using of "Delete" button, but some of them I can't delete, because I don't see the "Delete" button for some reason for those packages. The packages that must be deleted from packagist are (all packages except myak/framework):
myak/base
myak/collection
myak/debug
myak/error
myak/fs
myak/log
myak/test
myak/xml
@Seldaek, could you resolve of this problem please? I don't want confuse peoples with broken links/packages.
Thanks ;)