Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Packages under review disappear from package control without explanation #1557

Open
Shelagh-Lewins opened this issue Mar 28, 2021 · 5 comments
Open

Packages under review disappear from package control without explanation #1557

Shelagh-Lewins opened this issue Mar 28, 2021 · 5 comments
Labels
question

Comments

@Shelagh-Lewins
Copy link

The package Sublime​Linter-eslint is missing from the list of installable packages, as reported in this issue:

SublimeLinter/SublimeLinter-eslint#306

It would seem that eslint requires review:
https://packagecontrol.io/news#2021-02-24-Package_Takeover_Vulnerability_Notification

I think the Package Control behaviour is confusing because a user will try to follow standard instructions to install eslint and is given no clue in Package Manager as to why the package is missing. I assumed that it had been deprecated in favour of eslint_d, and it took me a long time to find the issue reported above and realise that eslint was still the package I should use.

I suggest that when a package requires review, instead of silently disappearing the package, Package Control should show it with a warning that the package requires review. The user would then have a choice of waiting for the review to happen, or installing it manually.
@wbond
Copy link
Owner

wbond commented Mar 28, 2021

Unfortunately due to my personal life, I do not have the time to make such massive changes to the way that Package Control works.

You are suggesting changes to PC, the package schema, and the channel server, plus testing and putting out a release affecting millions of users.

Even if I did have free time, you are probably talking about a few weeks of work after work to pull it all off.

@DenizOkcu
Copy link

DenizOkcu commented Mar 29, 2021
edited
Loading

Hey Will, totally understandable 🙂

What does who need to do, to get sublimelinter-eslint reviewed and back into package control?

Is it just on you?
Can I help?

Cheers.

@wbond
Copy link
Owner

wbond commented Mar 29, 2021

I have to verify that the GitHub user account owning the package is the same one as who owned it when the package was added to the channel.

The check prevents package takeovers due to GitHub usernames changing hands.

@Shelagh-Lewins
Copy link
Author

I get that my first suggestion isn't practical, but is there any way to lessen the pain for users? I spent hours trying to figure out why the eslint tutorials no longer worked.
For example could there be a Package Control update message listing any packages currently under review, so users know why they are missing and what they can do about it? Or some other method?

@wbond
Copy link
Owner

wbond commented Mar 29, 2021

Practically, no, there is no sane way currently.

And popping up a message for every user listing the packages that are broken would be unuseful.

@isubasti isubasti mentioned this issue Apr 20, 2021
Closed
@deathaxe deathaxe mentioned this issue Nov 26, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@wbond @DenizOkcu @Shelagh-Lewins @deathaxe