Late in December 2011, I stuck my oar into a conversation on twitter (as I usually do) between Scott Koon, David Ebbo, Sumit Maitra and Eric Ridgeway. This conversation was about why Nuget.org was not the best place for a Northwind DB Sample package. My comment was as follows:
@lazycoder @davidebbo @sumitkm @Ang3lFir3 maybe have the ability for codeplex to have a nuget style feed of its own for sample libraries?
I thought I should clarify my thoughts further. Nuget (and OpenWrap) have set the .net world into a new era for dependency management but there are not many enforced rules or moderation of the packages you can upload. For example, I maintain the NUnit package. This means I submit updates to the package when a new version is released by NUnit. I once received a comment on how I should split the package up into just a dll package and then have a full package.I really had to think hard about why I should do this. Who am I to change the way the guys who create NUnit distribute the package. All I do is to get the contents of their .zip and redistribute that – and I do struggle to think how I have the authority to do that sometimes. This led me to a very prudent question:
Is Nuget.org a site that should have strict regulations about the packages that get uploaded there?
I have heard about a few broken packages and actually sample applications. Is this the correct place for these packages to go to?Has it become a dumping ground for software. Sites like codeplex, github and bitbucket are used more frequently for source control. Are these sites the correct areas for the sample applications? I would argue yes. I feel that Nuget should contain only packages that I can download and use immediately. I don’t want to have to download a 12mb sample application when I could view the source in github or codeplex. Maybe a way to take this further would be to set up the ability for nuget to hook into these types of systems:
nuget install-sample <path to codeplex>
This would keep the nuget library free of the packages not deemed useful. Who can classify a package as useful in this theory I hear you say? Well the users of the site, via a stackoverflow style voting system. A broken package gets a downvote, then any packages below –4 (for example) would get archived by the system and the package owner to get notified. There would have to be some sort of moderation of this though or people with rival packages could eliminate the competition
I do believe that uploads to the nuget library should be regulated. There are more than enough people in the .net community that would spend a few minutes a day clearing out / verifying packages. If we regulate the packages then developers will continue to use for nuget. If it continues with the following types of packages then this may not be the case:
The naming conventions of these packages contain the letters ‘–ci’. How on earth can I work out what the different between MvcContrib.MVC3-ci is? Is it a special kind of package for CI use only or was it built with a CI system? This is exactly the issue. Some kind of visual check around this would have stopped – for the record I actually installed MvcContrib before I realised it was not compatible with MVC3 – this should have been noted in the description, in my opinion.
I enjoy using nuget and I really want to continue enjoying it. All we (as a community) need to do is to be respectful of other developers when we create a package. When delivering software to paying customers, do we release potentially untested applications or do we make sure that they work?