Daniel Farina wrote at 12/29/2011 07:59 PM:
The goal is that a program written, say, three years ago should be able to run the same way it did when it was written, so it's really useful to freeze all the dependencies into the file system somehow and preserve it.
Someone else can comment on any automated ways of ``compiling in'' PLaneT packages, and solutions like that.
A so-so solution I *don't* recommend... If you preserved the exact PLaneT linkage table, and were very careful, then I think you could preserve the exact versions of PLaneT modules used ("required" directly, and indirectly). This assumes either: (1) integrity of the PLaneT server, and trust in your connection to it; or (2) preservation of the pertinent parts of "~/.racket". Then you'd want to disable attempts to access the PLaneT server. Perhaps, if you were to automate this, it could be done safely and reliably.
Something that has been done for a large Racket-based Web app on production servers is to manually determine all the PLaneT packages that are used, downloaded and extract these packages (in a directory scheme that preserves naming and version info), check it all into their configuration management system, change all the PLaneT module references to filesystem ones, check it into CM again, and audit. PLaneT server access is always blocked, except for the manual download. You can make simple tools to help automate the more mechanical parts of this (I don't know of any such tools publicly available at this time), but the audit is mostly human expertise-intensive. This cloning of PLaneT packages is not something that most people need to do, and it totally spoils the buzz of ``I'll just add a "(require (planet ...))" and bam!,'' but it's not too hard to do if you choose to.
PLaneT isn't my baby (I think Jay and Eli are leading it right now), but I'm looking into funding so that I can put solid chunks of time into helping with ways to improve PLaneT security. Security is usually a constant consideration in my Internet consulting work. Part of this tentative work will address your concerns about stability, and (in my current thinking) about having the option of removing PLaneT server dependencies for an app. Much of this work has implications for some other network software distribution methods, so PLaneT is both a research testbed and an early practical beneficiary (much like Racket in general). Stay tuned (I have a lot more experience in solving problems than in writing research grant proposals).
-- http://www.neilvandyke.org/ _________________________ Racket Developers list: http://lists.racket-lang.org/dev
