Hackage is flooded with old package versions reuploads

[Vincent Hanquez]

On 18/01/2015 15:49, Edward Kmett wrote:
> The alternative is just that cabal will continue indefinitely to try 
> to install completely broken combinations, and more people will be 
> driven to a fixed package set like stackage LTS.
That strikes me as probably-a-good-thing.
> Most of these problems are caused by people being too optimistic about 
> upper bounds and when they realize their mistake and upload a new 
> version, they'll often leave the old versions with the lying bounds 
> intact, which causes cabal to pick old versions without bug fixes, and 
> then give strange build errors.
>
> To my knowledge, the few cases where Herbert has actively done a patch 
> to the .cabal file like this without author communication is because 
> the package is in very very widespread use and the author has been 
> incommunicado for many months. As I recall, Max Bolingbroke has a some 
> packages that fit this bill.
A simple counter example, that I noticed after the fact [1]
> If you have an example of a package you've written that he's patched 
> that you'd rather he left alone, I'm sure he'd be happy to oblige. I 
> am, however, as of yet unaware of any such overreach and I'm rather 
> disinclined to view the enormous amount of effort Herbert has poured 
> into keeping the ecosystem working smoothly as anything but a good 
> thing. The price of doing nothing here is quite high.
I strongly object to the current mechanism of silent updates (for the 
downloader), and I would much rather have all my packages left alone 
until this changes at the very least (if ever). The maintenance 
overriding is another sad point (which might be warranted in some case, 
although haskell already have a procedure in place for that), but in any 
case not as critical as the first point.

[1] https://hackage.haskell.org/package/hourglass

-- 
Vincent