Be more careful about shadowing

[ctrueden]

From a discussion on Gitter:

Jan Eglinger @imagejan 05:22 I just noticed that I got opencsv-2.0.jar from the WormSizer update site. Fiji seems to ship version 2.4

Curtis Rueden @ctrueden 07:53 Would it make sense to stop allowing artifact shadowing on update sites, period? Or is that too restrictive? What is a legitimate use case for it? The only example I can think of is "experimental functionality" which could be done differently.

Jan Eglinger @imagejan 08:53 Hm, I fear that disallowing shadowing will break some current update sites, so there will be more complaints on the forum until all site maintainers get the idea but maybe it's worth the trouble for a more consistent state in the future??

Curtis Rueden @ctrueden 09:13 @imagejan I wouldn't retroactively disallow it. Just prevent new shadow uploads. It might even be sufficient to just issue a big "are you sure?" dialog where you have to opt in by checking a "I understand the consequences" box. Similarly, when a user enables an update site that installs a shadowed file, it could show a warning like "You have enabled update site(s) with overlapping files. Some features may not work as intended, and your ImageJ may even be left in an inconsistent or unusable state. Are you sure you wish to proceed?"

Jan Eglinger @imagejan 09:18 that sounds reasonable!

[tpietzsch]

Warning when uploading / enabling update sites is fine. But I'm strongly ooposed to disallowing shadowing completely. It is extremely useful to have the possibility. As an example: at last years EMBO lightsheet microscopy course we used this to distribute hot-fixes to Multiview Reconstruction via an update site for the course. These fixes were things that we needed locally and fast, but that would have been irresponsible to just push to the main update site.