Re: [racket-users] Should I stop sending packages to the catalog?

2020-06-19 Thread Neil Van Dyke
For an important production system, you probably want the source of any 
third-party packages on which you depend to be in Git (or another SCM 
system) that you control.


You might also want to audit those packages yourself, as well as audit 
any new version changes to them, before you push to production.


After you do those things in SCM, depending how you do it, you *might* 
find it's more convenient to simply load the third-party code you need 
using the module system `require` only, without an additional package 
system.


--
You received this message because you are subscribed to the Google Groups "Racket 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/racket-users/3abb676b-a9b2-7578-1246-5e58446faa8d%40neilvandyke.org.


Re: [racket-users] Should I stop sending packages to the catalog?

2020-06-19 Thread Brian Adkins
On Friday, June 19, 2020 at 8:09:04 AM UTC-4, Neil Van Dyke wrote:
>
> For an important production system, you probably want the source of any 
> third-party packages on which you depend to be in Git (or another SCM 
> system) that you control. 
>
> You might also want to audit those packages yourself, as well as audit 
> any new version changes to them, before you push to production. 
>
> After you do those things in SCM, depending how you do it, you *might* 
> find it's more convenient to simply load the third-party code you need 
> using the module system `require` only, without an additional package 
> system. 
>

While I see some benefits of this approach, I just looked at a typical 
Rails project of mine, and it has over 160 packages with some packages 
depending on different versions of other packages, etc., so I think 
managing all of this myself in git might be overly burdensome. Granted, my 
current Racket apps have far fewer dependencies, but I expect that may 
increase over time. 

-- 
You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/racket-users/32b8f70a-4033-43db-aca3-b30b9023f3a3o%40googlegroups.com.


[racket-users] about 《Revenge of the Son of the Lisp Machine》 Appendix

2020-06-19 Thread Yuki Lee
https://www2.ccs.neu.edu/racket/pubs/icfp99-ffkf.pdf 

I have read this paper.
I encountered a problem when I tried to run the code at the end.

[image: Image.png]
After reading this article

, I added at the beginning

#lang racket
(require (lib "unitsig.ss")) ;;<- that's what i added

(define SchemeEsq
  (unit/sig () ;; no exports
(import mredˆ)
;; The repl editor class
(define esq-text%
Then the problem becomes
unit/sig: signature not defined in: mredˆ  
Does anyone know what should I do?I don't know how to solve it. The f1 page 
doesn't work,

-- 
You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/racket-users/4074fbf3-0b4f-4a65-a260-5e0c8f48a7b4o%40googlegroups.com.


[racket-users] about 《Revenge of the Son of the Lisp Machine》 Appendix

2020-06-19 Thread Yuki Lee
https://www2.ccs.neu.edu/racket/pubs/icfp99-ffkf.pdf
I have read this paper.
I encountered a problem when I tried to run the code at the end.
After reading this article, I added at the beginning

#lang racket
(require (lib "unitsig.ss")) ;;<- that's what i added

(define SchemeEsq
  (unit/sig () ;; no exports
(import mredˆ)
;; The repl editor class
(define esq-text%
Then the problem becomes
unit/sig: signature not defined in: mredˆ  
Does anyone know what should I do?I don't know how to solve it. The f1 page 
doesn't work,

-- 
You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/racket-users/0cac4758-b334-42c7-b62b-b92139c43361o%40googlegroups.com.


Re: [racket-users] Should I stop sending packages to the catalog?

2020-06-19 Thread Hendrik Boom
On Fri, Jun 19, 2020 at 01:09:08PM -0700, Brian Adkins wrote:
> 
> I'm hoping the main scenario I'm concerned about (a bug is introduced in an 
> update of a package) is rare, although that's exactly what motivated Alex 
> to create his system. If it is a rare scenario for me, then I'd like to do 
> the following:
> 
> 1) Develop & test locally while updating packages as needed
> 2) Prior to releasing to production, so *something* that effectively 
> snapshots my environment
> 3) Use the snapshot to deploy to production
> 
> Although I have some ideas about the "something" task, I still have to 
> finalize the procedure and try it out. One option is to simply use a 
> racksnap snapshot. What I'd like to do is to create a personal catalog that 
> represents the packages I currently have installed, but it doesn't appear 
> there's a super easy `raco pkg` command to do that - I still need to 
> research a bit. Either there is a command, or it seems like a relatively 
> straightforward thing to add.

Making a complete copy of everything stored under ~/.racket might make 
enough of a racket system snapshot on a GNU/Linux system.  I have no 
idea what to do on Windows, though.

-- hendrik

-- 
You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/racket-users/20200619204945.rj6kckxwmsvutag6%40topoi.pooq.com.


Re: [racket-users] Should I stop sending packages to the catalog?

2020-06-19 Thread Brian Adkins
On Friday, June 19, 2020 at 3:36:55 PM UTC-4, Hendrik Boom wrote:
>
> On Fri, Jun 19, 2020 at 07:54:29AM -0700, Brian Adkins wrote: 
> > On Friday, June 19, 2020 at 8:09:04 AM UTC-4, Neil Van Dyke wrote: 
> > > 
> > > For an important production system, you probably want the source of 
> any 
> > > third-party packages on which you depend to be in Git (or another SCM 
> > > system) that you control. 
> > > 
> > > You might also want to audit those packages yourself, as well as audit 
> > > any new version changes to them, before you push to production. 
> > > 
> > > After you do those things in SCM, depending how you do it, you *might* 
> > > find it's more convenient to simply load the third-party code you need 
> > > using the module system `require` only, without an additional package 
> > > system. 
> > > 
> > 
> > While I see some benefits of this approach, I just looked at a typical 
> > Rails project of mine, and it has over 160 packages with some packages 
> > depending on different versions of other packages, etc., so I think 
> > managing all of this myself in git might be overly burdensome. Granted, 
> my 
> > current Racket apps have far fewer dependencies, but I expect that may 
> > increase over time. 
>
> If you want to avoid problems with software you use changing 
> unpredictably, you will have to have use your own copy that does not 
> change at all. 
>
> I don't see another alternative if your upstream source might change at 
> any time. 
>
> And you will likely have to vet any chaanges that appear upstream in 
> case they actually do fix security-related issues that might already 
> be affect you.  It will be up to you to determine the risks of leaving 
> your local copy unchanged. 
>

I'm hoping the main scenario I'm concerned about (a bug is introduced in an 
update of a package) is rare, although that's exactly what motivated Alex 
to create his system. If it is a rare scenario for me, then I'd like to do 
the following:

1) Develop & test locally while updating packages as needed
2) Prior to releasing to production, so *something* that effectively 
snapshots my environment
3) Use the snapshot to deploy to production

Although I have some ideas about the "something" task, I still have to 
finalize the procedure and try it out. One option is to simply use a 
racksnap snapshot. What I'd like to do is to create a personal catalog that 
represents the packages I currently have installed, but it doesn't appear 
there's a super easy `raco pkg` command to do that - I still need to 
research a bit. Either there is a command, or it seems like a relatively 
straightforward thing to add.

-- 
You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/racket-users/65039c0a-a001-46f6-af24-a9321a5750bao%40googlegroups.com.


Re: [racket-users] Should I stop sending packages to the catalog?

2020-06-19 Thread Hendrik Boom
On Fri, Jun 19, 2020 at 07:54:29AM -0700, Brian Adkins wrote:
> On Friday, June 19, 2020 at 8:09:04 AM UTC-4, Neil Van Dyke wrote:
> >
> > For an important production system, you probably want the source of any 
> > third-party packages on which you depend to be in Git (or another SCM 
> > system) that you control. 
> >
> > You might also want to audit those packages yourself, as well as audit 
> > any new version changes to them, before you push to production. 
> >
> > After you do those things in SCM, depending how you do it, you *might* 
> > find it's more convenient to simply load the third-party code you need 
> > using the module system `require` only, without an additional package 
> > system. 
> >
> 
> While I see some benefits of this approach, I just looked at a typical 
> Rails project of mine, and it has over 160 packages with some packages 
> depending on different versions of other packages, etc., so I think 
> managing all of this myself in git might be overly burdensome. Granted, my 
> current Racket apps have far fewer dependencies, but I expect that may 
> increase over time. 

If you want to avoid problems with software you use changing 
unpredictably, you will have to have use your own copy that does not 
change at all.

I don't see another alternative if your upstream source might change at 
any time.

And you will likely have to vet any chaanges that appear upstream in 
case they actually do fix security-related issues that might already 
be affect you.  It will be up to you to determine the risks of leaving 
your local copy unchanged.

-- hendrik

> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Racket Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to racket-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/racket-users/32b8f70a-4033-43db-aca3-b30b9023f3a3o%40googlegroups.com.

-- 
You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/racket-users/20200619193649.ks3gffy7wfggakkg%40topoi.pooq.com.