f-f
commented
1 year ago I think this has been fixed?
Closed thomashoneyman closed 1 year ago
f-f
commented
1 year ago I think this has been fixed?
thomashoneyman
commented
1 year ago That’s right!
The legacy importer reads in the packages listed in the
new-packages.jsonandbower-packages.jsonfiles. For each package it looks up the available tags for the repository and attempts to package each one.However, it is possible for someone to register a package, publish a few versions, then transfer it on GitHub to a new location and register it again there. In this case, while the package location is nominally different (the URL is different), due to redirects they actually are the same location wrt the registry fetching the sources.
This causes the legacy importer to begin packaging both packages at every version. This produces duplicate tarballs for every version. We should disable following redirects in the legacy importer to avoid this behavior.
However, since we may have already registered packages at locations that are redirects, we need to fix #547 first.