Closed jhrcek closed 3 years ago
Bodigrim
commented
3 years ago I'm sorry, but my personal take is that non-maintainer's upload is not quite justified in this case. This is an extreme measure for special cases, not just for an abandoned package with a dozen of dependencies. If we do this, we'll have to make new releases in line with base indefinitely long, which is not a burden I wish to take.
jhrcek
commented
3 years ago Closing this as this was mostly my misunderstanding about the purpose of this repo. I'm pasting @Bodigrim 's explanation posted on Haskell foundation slack:
I think there is a certain misunderstanding what Hackage Trustees are for. They are not any kind of global maintainers. I like to think of them as a counterpart of Stackage Curators, but for Cabal, who are mainly responsible for helping Cabal find valid build plans by restricting or relaxing dependency bounds. While non-maintainer uploads are theoretically possible for Hackage Trustees, this is an extreme measure for extreme cases. I do not recall a single occasion when NMU was actually performed. Possible justifications are either a package holding back GHC release, or a huge security breach in a core package, and only if all other means were exhausted.
Instead I'll try to take over maintainership of base-noprelude and release it myself.
jneira
commented
3 years ago They can do non-maintainer uploads (NMU) with small bug fixes if a package maintainer is unreachable
from the wiki https://wiki.haskell.org/Hackage_trustees, maybe it should be changed to add @Bodigrim paragraph about those small bug fixes are only for extreme cases such the mentioned ones, serious security issue or blocking a ghc release
There are couple of issues opened for bumping dependency versions of
base-noprelude:https://github.com/haskell-hvr/base-noprelude/pull/12 https://github.com/haskell-hvr/base-noprelude/pull/13
This package is special in that each of its versions it depends on exact version of base. It would be nice not only for us (and other users judging by the thumb ups on those PRs) if the new versions were released to hackage as we want to update to GHC 8.10.4 (https://github.com/haskell-hvr/base-noprelude/pull/13 in particular). The impact of this is not critical, but we could simplify our build configuration by not having to depend on forked versions of this package.
I've been trying to reach @hvr via github and on haskell IRC for couple of weeks now without success.