Speaking of package managers...

Wed Mar 23 03:02:07 EDT 2016

Yes but I wasn't referring to this case in particular. Let's say something has been put out as open source but actually infringes on someone's copyright. Allowing people to replace it after a takedown is unhelpful. Either way here's hoping we end up with hundreds of thousands of packages so we can worry about this stuff :-)

Sent from my iPhone

> On 23 Mar 2016, at 5:52 PM, Mark Wieder <mwieder at ahsoftware.net> wrote:
> 
>> On 03/22/2016 11:00 PM, Monte Goulding wrote:
>> 
>>> On 23 Mar 2016, at 4:39 PM, Mark Wieder <mwieder at ahsoftware.net> wrote:
>>> 
>>> Well, yes, but this seems like an npm registry problem. If you're going to allow something silly like "unpublish" after something's already out in the wild, and then not allow republishing the same version, then that's just asking for trouble.
>> 
>> 
>> I suspect there would need to be some kind of takedown procedure. None of us need LiveCode Ltd. to be on the hook for someone’s copyright infringement.
> 
> Well, first of all, there's nothing in this about copyright infringment. The takedown request was about a trademarked name, and that's a pretty ridiculous charge (IANAL) since there's no possible confusion between the two packages.
> 
> Secondly, the part I'm railing about is the "unpublish" mechanism in particular... in an open source world, it should be possible to replace a package with a different package. Allowing a developer to remove a package from a public repository *and* expressly forbidding its replacement is dumb and shortsighted. There. I've said it.
> 
> -- 
> Mark Wieder
> ahsoftware at gmail.com
> 
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode