Closed cgewecke closed 6 years ago
We can completely abandon this (allow backfilling). That was when we were working under a single centralized registry model, and backfilling felt like a potential security issue.
With the new federated model of everyone gets a registry, registries can do whatever they deem appropriate with how they manage releases.
Thanks @pipermerriam!
Hi @pipermerriam,
Last summer in truffle 511 Manuel Araoz opened an issue saying that he had several versions of Zeppelin published to npm and wanted to replicate this history at ethpm. He had begun publishing these packages without realizing he needed to proceed in sequential order because the current registry prohibits back-filling.
You responded:
Do you have any further thoughts about this?
(For reference I checked npm and it looks like it allows arbitrary back-filling).
Also happens occasionally with large projects that an earlier version continues to be supported with security patches or bug-fixes after the release of a later version.[Edit - irrelevant])