GNU bug report logs - #46441
GNU ELPA feature request: host .lz archives (as well as uncompressed) for current versions

Previous Next

Full log

View this message in rfc822 format

From: Mauricio Collares <mauricio <at> collares.org>
To: Stefan Monnier <monnier <at> iro.umontreal.ca>
Cc: "Basil L. Contovounesios" <contovob <at> tcd.ie>, 46441 <at> debbugs.gnu.org
Subject: bug#46441: GNU ELPA feature request: host .lz archives (as well as uncompressed) for current versions
Date: Fri, 12 Feb 2021 15:36:22 -0300

Stefan Monnier <monnier <at> iro.umontreal.ca> writes:

>>> Currently, there's no way to get a permanent link to a package version
>>> that happens to be the current one.
>
> FWIW, the situation is even worse because there's no way to get
> a permanent link at all: while we do keep some old versions, we don't
> keep them all.  Currently, the limit is set at 20, meaning that we keep
> up to 20 old versions around per package, and once we hit that limit we
> start pruning the old versions according to a heuristic that intends to
> guess which versions are more important to keep.
>
> So that makes me question your "upstream" need.
>
>>> For example, auctex is currently at
>>> version 13.0.4; today I can download it from
>>> https://elpa.gnu.org/packages/auctex-13.0.4.tar, but this link will stop
>>> working as soon as a new version of auctex is released and the old
>>> version gets compressed. This makes it slightly annoying to pin a
>>> particular version of an ELPA package by URL.
>
> Could you expand a bit on why you need to keep references to old
> versions, and why you decided to use URLs for that?
> That will hopefully help us see what is the best course of action
> from here.

Hi Stefan,

Thanks for the reply! The particular use case here is to have a
reproducible environment via the Nix package manager. Omitting
irrelevant details, Nix is a source-based package manager whose
"recipes" for building packages typically start by doing the equivalent
of "download this file with this sha256 from this URL" (actually, this
is typically done by fetching a specific commit from a repository, but
in this case I believe tarballs are the only option); that is, all
packages are pinned. This is done for emacs packages too, so it is
possible to have the same exact emacs setup on several machines or to
recover the exact same state if you have to reinstall everything from
scratch for some reason.

No one that uses Nix expects things to work "forevermore" since source
tarballs frequently disappear (people are working on that, though [0]),
but frequently-updated ELPA packages basically "break" reproducibility
every week. More concretely, if I commit my Nix configuration to a Git
repo and a co-worker wants to use it a week from now, it's likely that
the auctex fetch step will fail. Since NixOS releases happen every six
months, it's fair to say a "year's worth" of stability would reduce
user-facing problems to almost zero -- and I guess archiving 20 releases
provides that with room to spare.

Best,
Mauricio

[0] https://www.tweag.io/blog/2020-06-18-software-heritage/

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.