-
-
Notifications
You must be signed in to change notification settings - Fork 902
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Versions published more than 30 days ago cannot be deleted. Please contact RubyGems support to request deletion of this version if it represents a legal or security risk. #4630
Comments
Hi @rubyFeedback, We expected that the time constraint might need adjusting, so thank you for reaching out. The goal is to cause as little disruption as possible to the community and the maintainers while setting boundaries on acceptable use. We chose these specific constraints to allow most yanks, but to require communication with our security team when they are likely to have a large impact on the users of rubygems.org. The decision was made by the Ruby Central Open Source Committee. The aim of the committee is to ensure that we act in the best interest of the community as a whole. I'm happy to explain the reasoning behind our decision. Our logic is as follows:
Old versions are known and even expected to have bugs. That's the purpose of patch versions. A single maintainer choosing to delete publicly distributed versions breaks untold numbers of people and forces an immediate halt to their processes. Instead of allowing people to go through normal upgrade processes, a maintainer can unilaterally dictate the breakage of any package they maintain. We ask that maintainers include rubygems.org in this decision when their gem meets certain criteria. We are open to evolving these constraints collaboratively if we are not meeting our goals. For anything urgent, we have a 24 hour on call rotation ready to help with emergencies that may arise. |
Versions published more than 30 days ago cannot be deleted. Please contact RubyGems support to request deletion of this version if it represents a legal or security risk.
^^^ just had that now when I tried to remove an older version of a gem I maintain that had a few bugs.
Could someone let us know who made that decision?
I do not want to be associated with old code that I no longer maintain, so the only option I now have is to remove my
account at rubygems completely, rather than receive emails asking about old, buggy code here; and "contacting" xyz random person at rubygems.org is a no-go, not sure who at rubygems.org had that strange idea. Before I do so, I'd like to know whether that decision will be reverted or not. Either way is fine for me but I would like to know.
The text was updated successfully, but these errors were encountered: