At Mon, 12 Aug 2013 12:28:30 -0600, Jay McCarthy wrote: > > Building documentation requires running Racket code, so only ring-0 > packages can be trusted. BTW, the hope is that all packages will be > ring-0, unless they are on probation or deliberately malicious.
I agree that building the docs for untrusted packages would be a bad idea. If I remember correctly, though, the requirements for ring-0 packages included a code audit. If that's the case, then promoting most packages to ring-0 would require a lot of manpower. Since we're already having trouble processing pull requests in a timely manner (which are much lower volume than new packages), I'm not sure how realistic that goal would be. I like the idea of a ring-0 to showcase high-quality packages that are on par with the standard library. But I also like the idea of lower tiers with a lower barrier to entry, both for package authors and for Racket developers. Currently, a random github repository can be a package with minimal effort, which is great! It won't be (and shouln't be) ring-0 material, which is fine. The low barrier to entry is one of the things I like the most about the package system. If we're going to have different rings at all (which I think we should), then we should have a way to present documentation for all rings, not just ring 0. Allowing package authors to provide a link to external docs (as Asumu was suggesting) sounds like a good solution for non-ring-0 packages to me. Vincent ____________________ Racket Users list: http://lists.racket-lang.org/users
