Open Shelagh-Lewins opened 3 years ago
Unfortunately due to my personal life, I do not have the time to make such massive changes to the way that Package Control works.
You are suggesting changes to PC, the package schema, and the channel server, plus testing and putting out a release affecting millions of users.
Even if I did have free time, you are probably talking about a few weeks of work after work to pull it all off.
Hey Will, totally understandable 🙂
What does who need to do, to get sublimelinter-eslint reviewed and back into package control?
Is it just on you? Can I help?
Cheers.
I have to verify that the GitHub user account owning the package is the same one as who owned it when the package was added to the channel.
The check prevents package takeovers due to GitHub usernames changing hands.
I get that my first suggestion isn't practical, but is there any way to lessen the pain for users? I spent hours trying to figure out why the eslint tutorials no longer worked. For example could there be a Package Control update message listing any packages currently under review, so users know why they are missing and what they can do about it? Or some other method?
Practically, no, there is no sane way currently.
And popping up a message for every user listing the packages that are broken would be unuseful.
The package SublimeLinter-eslint is missing from the list of installable packages, as reported in this issue:
https://github.com/SublimeLinter/SublimeLinter-eslint/issues/306
It would seem that eslint requires review: https://packagecontrol.io/news#2021-02-24-Package_Takeover_Vulnerability_Notification
I think the Package Control behaviour is confusing because a user will try to follow standard instructions to install eslint and is given no clue in Package Manager as to why the package is missing. I assumed that it had been deprecated in favour of eslint_d, and it took me a long time to find the issue reported above and realise that eslint was still the package I should use.
I suggest that when a package requires review, instead of silently disappearing the package, Package Control should show it with a warning that the package requires review. The user would then have a choice of waiting for the review to happen, or installing it manually.