And similarly, the package system is a social curation system to monitor packages for good behavior, which planet does do (but could have and could now.)
Jay On Thu, Nov 28, 2013 at 7:56 AM, Robby Findler <ro...@eecs.northwestern.edu> wrote: > In short "yes". But that short answer isn't where we should stop. :) Really, > this is about a design decision that's different between planet and the > package system: in planet, "running" a program was sufficient for installing > packages. In the package system you have to take an explicit step to > "install" the package. > > I used quotes there because the devil is a bit in the details here (as Jay > points out with his "some macro tricks" comment) but really what we're > talking about is that design difference and UX issues. Overall, I feel like > the package system's different design decisions are the right way to go but > that we should keep planet being planet (and Jay and I had a discussion > about that offline), which is why he reverted one of those commits. > > And to clear up the check syntax thing: there is no way that online check > syntax could have installed a planet package (or, for that matter, made any > changes to your file system). You would have had to Run the program or > explicitly ask for it to be compiled or something like that. > > Make more sense? > > Robby > > > On Thu, Nov 28, 2013 at 8:44 AM, Matthias Felleisen <matth...@ccs.neu.edu> > wrote: >> >> >> Am I naive or isn't any download of any package opening the door to such >> tricks? >> >> >> On Nov 27, 2013, at 8:46 PM, Jay McCarthy wrote: >> >> > On Wed, Nov 27, 2013 at 6:27 PM, Robby Findler >> > <ro...@eecs.northwestern.edu> wrote: >> >> >> >> >> >> >> >> On Wed, Nov 27, 2013 at 7:21 PM, Jay McCarthy <j...@racket-lang.org> >> >> wrote: >> >>> >> >>> If I have background expansion on, then when I open that file it >> >>> installs the package. >> >>> >> >> >> >> As I wrote in my previous message, it doesn't do that for me. And I >> >> don't >> >> see how it could do that, actually. Are you saying that you tried this? >> > >> > Yes. I put that in a file and opened it up with DrRacket then got the >> > "Can't download a Planet package" error message as-if the install were >> > stopped. >> > >> >> Can you explain how you have configured DrRacket to disable the >> >> security >> >> guard that is installed by the background expansion process, please? >> > >> > Perhaps my trial was bad because the security guard would have stopped >> > the network access but my error stopped the library from attempting >> > the network access? >> > >> > Regardless, "Check Syntax" (I think?) or compilation in Racket would >> > have installed it. [Now, obviously the same macro tricks could >> > explicitly call download/install-pkg... but I think it is a bit feeble >> > to say "Check Syntax" should make no attempt to prevent package >> > installation.] >> > >> >> Meanwhile, I would like to point out that your commit has completely >> >> disabled planet. No packages can be installed. Did you run any test >> >> suites >> >> after making this change? >> > >> > I tried to install and fetch some packages. I see now that I committed >> > in the "racket/collects" directory but the changes to make that work >> > were in the "pkgs/planet-pkgs" directory so I stupidly missed them. >> > >> > Jay >> > >> >> Robby >> >> >> > _________________________ >> > Racket Developers list: >> > http://lists.racket-lang.org/dev >> > _________________________ Racket Developers list: http://lists.racket-lang.org/dev
