You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi! I wanted to mirror some package existing elsewhere to https://www.nuget.org/ to make it accessible with nuget install.
If I understand correctly, when you upload let's say package with version 1.0.0 to nuget, then it's typically stuck there and there's no way to replace it for security reasons.
Is there some best practice for cases when someone is mirroring package from another place to nuget and there was some kind of issue not related to the package itself, but to how it was packaged? E.g. 1.0.0 was published but files were misplaced or some files were not included by accident.
Since we're just mirroring the package, we're not in control of it's versions - so 1.0.1 is not an option.
The only option I can think of is to unlist the previous package and to upload the fixed package as 1.0.0.1. In that case if someone installs package with nuget install package they will get the fixed version. But it still of course won't solve the cases if someone pinned package by the version - e.g. nuget install package -Version 1.0 or -version 1.0.0. And not sure if adding .1 to the version can have some other unexpected consequences.
I've also found it's possible to provide deprecation message when unlisting a version. But not sure if users that just use cli will be able to see it.
What would be the best way to fix the issue? Have you seen package amending cases like this - what was the practice they used?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hi! I wanted to mirror some package existing elsewhere to https://www.nuget.org/ to make it accessible with
nuget install.If I understand correctly, when you upload let's say
packagewith version1.0.0to nuget, then it's typically stuck there and there's no way to replace it for security reasons.Is there some best practice for cases when someone is mirroring package from another place to nuget and there was some kind of issue not related to the package itself, but to how it was packaged? E.g.
1.0.0was published but files were misplaced or some files were not included by accident.Since we're just mirroring the package, we're not in control of it's versions - so
1.0.1is not an option.The only option I can think of is to unlist the previous package and to upload the fixed package as
1.0.0.1. In that case if someone installs package withnuget install packagethey will get the fixed version. But it still of course won't solve the cases if someone pinned package by the version - e.g.nuget install package -Version 1.0or-version 1.0.0. And not sure if adding.1to the version can have some other unexpected consequences.I've also found it's possible to provide deprecation message when unlisting a version. But not sure if users that just use cli will be able to see it.
What would be the best way to fix the issue? Have you seen package amending cases like this - what was the practice they used?
Beta Was this translation helpful? Give feedback.
All reactions