I bet the orig dev was considered a known friendly until he decided to unpublish.
Relying on the notion of a "known friendly" to protect packages and namespace does not strike me as a sound practice.
As others may have mentioned, publishing packages really should be fire and forget. If something bad goes out, a replacement should be sent out. And for the life of me, I don't understand why they did not go with the <author/package> scheme.
Relying on the notion of a "known friendly" to protect packages and namespace does not strike me as a sound practice.
As others may have mentioned, publishing packages really should be fire and forget. If something bad goes out, a replacement should be sent out. And for the life of me, I don't understand why they did not go with the <author/package> scheme.