Open ivxvm opened 4 years ago
cdepillabout
commented
4 years ago @ivxvm I'd argue that this is more of an upstream problem with Hackage, since nixpkgs (well hackage2nix) just pulls directly from Hackage.
Maybe you could get the Hackage maintainers to just remove the packages?
peti
commented
4 years ago Look what I found: https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/haskell-modules/configuration-hackage2nix.yaml#L4832
What do you think is wrong with that entry? That entry refers to http://hackage.haskell.org/package/Frank, which looks like a legitimate package to me. Am I missing something?
cdepillabout
commented
4 years ago @peti Ah, I think the confusion here is because @ivxvm is linking to files in master instead of a commit directly.
Originally, they tried to link to a few packages like the following:
https://hackage.haskell.org/package/f-ree-hack-cheats-free-v-bucks-generator
These are obviously spam, but I'm not sure exactly what we should be doing about this on the nixpkgs side.
peti
commented
4 years ago I see two options we could pursue:
1) Ignore all packages that have been placed into the Spam category on Hackage. Currently, that's 5 packages which would be removed from our package set.
2) Blacklist packages that we consider as spam in the hackage2nix generator source code. That way, the names won't show up in the public Nixpkgs repository. They would still show up in the public cabal2nix repository, though, so I don't think it would make much of a difference over the current state.
I guess, doing (1) seems uncontroversial?
Look what I found: https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/haskell-modules/configuration-hackage2nix.yaml#L4832
And there are a lot of other similar entries: https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/haskell-modules/configuration-hackage2nix.yaml#L4627 https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/haskell-modules/configuration-hackage2nix.yaml#L4628 https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/haskell-modules/configuration-hackage2nix.yaml#L7322 https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/haskell-modules/configuration-hackage2nix.yaml#L3687 https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/haskell-modules/configuration-hackage2nix.yaml#L4463
It seems on hackage side these packages are getting labeled as spam and deprecated: https://hackage.haskell.org/packages/search?terms=bucks
Maybe hackage2nix should skip such packages? Or do you think it doesn't matter? I'm not sure what are the global implications of keeping them. I found these lines in configs by doing google search "fortnite nixos". I can imagine one day google may ban the repo for using forbidden SEO.