I have been looking for a way to use Racket at work, and we’ve found a couple places where it might be useful for documentation or tooling. As part of this, it would be very nice to keep our source code private, but it would still be helpful to make use of the package manager to handle dependency resolution. We explored creating a custom catalog that would contain our packages, which has worked reasonably well, but the Racket package system does not appear to be capable of fetching packages backed by private repositories.
Glancing over the git protocol documentation and interacting with a private repository via HTTP client, implementing this on the technical side doesn’t look too difficult. GitHub uses the “smart” HTTP protocol as documented here[1], and authorization is done using HTTP Basic Authentication. Implementing this without using libgit or the git CLI might be a little difficult, but distributing libgit would not be hard if it ended up being a problem. The trickier issue is the social side, as well as the user interface. How would git credentials be provided to the package manager so that it could actually access these packages? More importantly, is it actually okay for the success of package installation to be dependent on some configuration that lives on a user’s local machine? If these sorts of packages were uploaded to the main package catalog, what would be the policy for handling them? Ultimately, I think it’s important for the package manager to support private package distribution mechanisms for me to be able to comfortably adopt Racket in a corporate setting, so I think having some solution to this problem that does not involve out-of-band trickery would be nice. I’m just not sure what that solution might look like or how it would mesh with the current, open-source centric package management strategies. I’m curious about how other people feel about these issues. Thanks, Alexis [1]: https://git-scm.com/book/en/v2/Git-Internals-Transfer-Protocols -- You received this message because you are subscribed to the Google Groups "Racket Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/racket-dev/367855D6-5D7E-4772-8240-1699B2AF1342%40gmail.com. For more options, visit https://groups.google.com/d/optout.
