Open patrickbkr opened 1 year ago
One issue here is this goes into the "zef should validate META6 data" which I've generally been opposed to, instead insisting META6 validation should be occurring at the authoring level using e.g. Test::META
. Ecosystems should be validating regardless of if zef does, and if/when that is the case there is little reason for zef to do the same (other than local validation for authoring modules, but again zef is not an authoring tool).
One consideration is the following is (surprisingly) not considered invalid:
raku -e 'use Test:auth:<Bar>;'
===SORRY!=== Error while compiling -e
Could not find Test:<Bar> in:
so it could even be questionable if the dependency spec is invalid and argue instead that zef should have failed to find Timezone::ZoneInfo:<zef:guifa>:ver<0.4.1+>
or some such (which I agree with due to typically choosing consistency with raku use
statements as much as possible).
We could also consider that dependency specs could technically exist for e.g. Java modules, although that is mostly moot as I imagine the spirit of this issue is for validating those with an explicit or implicit :from<Raku>
Ecosystems should be validating regardless of if zef does
That's what the fez ticket is about: https://github.com/tony-o/raku-fez/issues/70
I guess I'm fine with closing this ticket if the fez eco can guarantee that it's data is sane.
One issue here is this goes into the "zef should validate META6 data" which I've generally been opposed to
I agree. Zef shouldn't need to validate. It's just that in this case the data did not only look invalid, but erroneous and I expected some kind of error, wondering how zef managed to accept that strange dep spec. It feels like there is some "swallow all exceptions" going on, it should have failed somewhere even without a validation step.
so it could even be questionable if the dependency spec is invalid and argue instead that zef should have failed to find
Timezone::ZoneInfo:<zef:guifa>:ver<0.4.1+>
or some such
I agree.
Context
https://360.zef.pm/ currently has:
Notice the depends which has an extra
:
afterauth
.When running
zef --debug info -v 'DateTime::Timezones:ver<0.4.1>:auth<zef:guifa>'
that dependency is not listed:I would have expected some kind of error hinting at the malformed dependency spec.
Related to: https://github.com/tony-o/raku-fez/issues/70
Your Environment