-
-
Notifications
You must be signed in to change notification settings - Fork 7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Serious issue with Library manager allows forked libraries to supercede original library #5058
Comments
As the creator of the forked repo, I'd sure like to know ASAP how to unwind this. Jeff tells me that anyone attempting to update ConfigurableFirmata now gets a copy of my fork, not the mainline version. That is NOT the intention. |
I confirm that there is surely a bug on the indexer, I'm working on it. |
FYI. I requested that my fork be included in the library manager with issue #5039. At that time the latest tag was 0.9.0 and the library had the new name (FirmataWithDeviceFeature) in library.properties. However, the repo contains other, earlier tags that were created when library.properties in my fork still reflected the original name (ConfigurableFirmata) and the original version (2.8.2). I changed the name and version before I requested the addition to the library manager, but I did not delete the older tags. Perhaps the indexer tied my fork to ConfigurableFirmata based on those early tags, and then did not detach it when the name changed? In any event, I can delete all the pre-library-manager-request tags if that would resolve this (or at least be a workaround). No action until directed, though! |
I would use caution deleting tags (especially pre 2.9.0 tags) now in case that would result in those versions in the ConfigurableFirmata library disappearing from the Library Manager. |
!! |
@soundanalogous I'm tagging you here since I can't in the other issue. Please have a look to this |
I've already (temporary) removed the library made by @finson from the library manager so at the moment there are no "ghost" releases of ConfigurableFirmata. As I said the bug is in our indexer not in @finson's library, but it turns out to be quite tricky bug and needed a bit of refactoring. I'm almost ready to deploy the fix, I just need a bit more time :-) |
Cristian: No hurry at my end. I'm the only user of my fork at the moment, and it's Thanks. Doug On Wed, 22 Jun 2016 01:58:16 -0700, Cristian Maglie
Using Opera's mail client: http://www.opera.com/mail/ |
Ok, I've fixed the indexer. This update has removed a lot of duplicates and revealed a pair of "hidden" releases (where the original library "covered" the fork, basically the opposite of what happened to ConfigurableFirmata). Previously it was possible to change name between releases, now this is no more allowed and libraries must keep the name they used when registered. If the name in There is a bunch of libraries that have already changed their name for some reason, here the list:
for these libraries I've selected the name used in the latest release, in bold in the table above, as the official name. Even for those, starting from now, is no more possible to change name without admin intervention. Here the resulting changes in the library_index.json: https://gist.github.com/cmaglie/987c0d73b469fd0707c1618abc7fafa1 @finson |
Thanks Cristian. Will do. Doug |
Thanks Christian for your timely attention and solution to this issue! |
I wonder if this is the right approach - perhaps a release with a different name should b ignored by the indexer? Imagine a fork that synchronises with the original, including tags, which would now be published with a combination of the fork's name and the original's version. Actually ignoring these would mostly work if there is some kind of feedback mechanism from the indexer to the library authors, but perhaps this might be a good idea anyway (e.g. a webpage that lists, per repository/library, an indexer log or status display? That might also help to let people self-diagnose other library problems. |
I noticed today that the ConfigurableFirmata library I maintain is updatable via the library manager to v2.9.0. Strange thing is I've never published a version 2.9.0. Latest version is v2.8.2. Looking into this, it appears that a fork of ConfigurableFirmata was renamed and then published separately. In the library manager, this ends up superseding the original library. I'm not even sure how this is possible, but it seems to be a serious bug and should be prevented going forward.
The text was updated successfully, but these errors were encountered: