Maybe a max-age field for the package manifest? For things like programs that are expected to be finished, this can be infinity, but for things that are expected to move with a complex ecosysten, could set it to 6 months? Past that point, a prompt is shown to confirm the user wants to install a likely-depreciated package? That way people won't be accidentally exposed to issues from downstream package maintainers being rendered unable to maintain their packages
Wouldn’t it be possible to automate creating these packages ? I know that it is not the thing that the curl creator needs to do. But if he does not do it, I’m not sure who will. Also I’m not even sure who will use curl via nuget?!
I also think that nuget should be namespaced…
Also as long as you don’t use it to curl random things the security impact is not that high and I doubt that there a tons of uses for that.. you probably won’t attack yourself?
Maybe a max-age field for the package manifest? For things like programs that are expected to be finished, this can be infinity, but for things that are expected to move with a complex ecosysten, could set it to 6 months? Past that point, a prompt is shown to confirm the user wants to install a likely-depreciated package? That way people won't be accidentally exposed to issues from downstream package maintainers being rendered unable to maintain their packages
Wouldn’t it be possible to automate creating these packages ? I know that it is not the thing that the curl creator needs to do. But if he does not do it, I’m not sure who will. Also I’m not even sure who will use curl via nuget?! I also think that nuget should be namespaced…
Also as long as you don’t use it to curl random things the security impact is not that high and I doubt that there a tons of uses for that.. you probably won’t attack yourself?
It seems hard to donate a trademark application to someone.
Trademarks seem like a sore spot for successful OSS but probably useful for solving this problem.
Or perhaps a license change? Might be tricky to do what the author means and still meet the definition of /open/. Maybe that's ok?
Daiel is too nice and should should just file DMCA reports instead. That is likely a language that Microsoft speaks.
>Also, that would imply a never-ending wack-a-mole game for me since people obviously keep doing this. I think I have better things to do in my life.
Uh-huh, and what makes that any different if someone else is doing it?
This feels like someone who discovered package managers for the first time.