You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Invalid packages must be able to be removed from registry.
The usual way of doing this is to publish a "nuke".
The cleanest would probably be to look for a "nukes" branch (tag?) and find description files (or just a list of versions) in the nukes directory.
These descriptions should shared (as nukes) and then be ignored in all other package management operations.
Alternatively, we could for a meta branch/tag, which publishes more information. This could be used to warn of security flaws in older packages (not as strong as a nuke, but should be avoided), or to signal LTS releases.
The text was updated successfully, but these errors were encountered:
Invalid packages must be able to be removed from registry.
The usual way of doing this is to publish a "nuke".
The cleanest would probably be to look for a "nukes" branch (tag?) and find description files (or just a list of versions) in the
nukesdirectory.These descriptions should shared (as nukes) and then be ignored in all other package management operations.
Alternatively, we could for a
metabranch/tag, which publishes more information. This could be used to warn of security flaws in older packages (not as strong as a nuke, but should be avoided), or to signal LTS releases.The text was updated successfully, but these errors were encountered: