Please don't use github pkgs in the syson dependency tree

[wucke13]

Currently, the lock file contains GitHub pkgs dependencies. GitHub forces everyone to provide an auth token when accessing even public pkgs:

• https://github.com/orgs/community/discussions/33875
• https://github.com/orgs/community/discussions/19037
• https://stackoverflow.com/questions/58919401/installing-packages-from-github-npm-registry-auth-error-401
• https://stackoverflow.com/questions/58621862/use-github-package-registry-without-authtoken

Now despite there being quite some unhappiness on the community, GitHub seems to be committed to keep this policy. Now this creates friction, wherever one builds CI pipelines, automation or build support around Syson, because this always requires an access token to be provided. In practical terms, packaging syson over at https://github.com/dlr-ft/sysml-v2-nix is a huge pain/not possible in idiomatic ways for me because of this.

At least to me it would be quite helpful if syson can be compiled/built from scratch without providing any authentication token to access (semi) private assets.

[AxelRICHARD]

Hello, We don't plan to change that. We are quite happy with the Github packages, either as consumer (for Sirius Web) or provider (for anyone who want to consume SysON). I'm sorry if your technical stack forbids you to consume SysON through the Github Packages Repository. Nevertheless, it is possible that we publish our artifacts on maven central and npm repositories in the future, but it is not planned yet. Regards,

[wucke13]

@AxelRICHARD Thank you for the answer! That is quite unfortunate to hear. I have to insist that I think its weird for an open source project (eclipse-syson) to require users to create an account with a commercial entity (GitHub) to access a authentication protected API (GitHub Node Package Repository) simply for the user to be able to compile the project.

However, I don't want to bother further with the issue. I'd be happy to hear if this decision ever gets revised :smile:.