You'd think this would be common sense (Java solved this problem 25 years ago) but apparently some people are extremely opposed to non-flat package namespaces.
See e.g. Rust, where the idea of hierarchical crate namespaces has been politely but firmly shot down every time it's been requested.
Java took an approach with one set of trade-offs. Each approach has its pros and cons.
> It's less difficult (though still far from easy) to handle name squatting on organization/corporate names as qualifiers for packages than to try and prevent name squatting on package names.
I do think Rust will get some form of namespaces, but it'll be quite a bit less powerful than what most proponents of namespaces want. There's been a bit of a disagreement (IIRC) about what a namespace signifies (would signify) in the Rust ecosystem.
Edit: I will say, it has been quite the contentious and has been re-hashed ad-naseum. For anyone interested in reliving arguments, search for "namespace" on https://internals.rust-lang.org - There will be a good half-dozen results to read through, though there is a fair bit of re-hashing and talking past each other.
Lack of namespacing is a trap most language package managers have fallen into sadly: even Cargo sees it as an “advantage” not to have them, apparently.
I think that is extremely short sighted, and that all packages including standard ones should be namespaced.
Well, what's wrong with namespacing, exactly? Github, java, etc, show us that namespaces are perfectly fine. Not perfect, but fine.
The rest of Rust is extremely pleasant to work with; a lot of thought has been put into ergonomics and I love it as a result.
But with crates.io it feels like the opposite. I have to deal with name-squatting and a much more difficult naming process for crates as pretty much every short, meaningful name in English is taken at this point. For what gains? Less forks, less fracturing -in theory-?
I feel like a lot of the arguments for no namespaces are strawmans or make big stretches. For example, figuring out which fork of a project to use is really not a problem. And a lack of namespaces does not fix that anyways, because it's not a code problem... Importing two crates with the same name would be fairly rare, and rust easily solves that with `use crate::... as ...`. Etc.
Anyway, this discussion has been trod to death. There's no point having it, as I'll just be told why I'm wrong and why namespaces are just -impossible-.
What's right with package namespaces? How do they help at all? Where's the benifit? The cost is that package paths are longer and hard to remember. Also confusing because multiple packages can have the same name
> I have to deal with name-squatting and a much more difficult naming process for crates as pretty much every short, meaningful name in English is taken at this point
Squatting is not a major problem just name your package yourname-xml or randomname instead of yourname.xml
Not really. You should have seen the discussion about the new Rust package manager. Putting everything top level means that good package names are taken forever by what is possibly abandonware. With namespacing everything is equal, first comers don't take over everything. Especially with the Maven/Java "use your reversed domain name" as groupId/package. Maybe it's a bit too verbose, but I'd still keep a group layer above the actual package name.
This is passing the buck in the worst possible way.
Not implementing namespaces is fantastically lazy, to the point of outright professional negligence.
If you can't be bothered to lift a finger to type in the few hundred lines of code it takes to implement namespaces, then by definition you're not responsible enough to run a public package repository.
"How do they help at all? Where's the benifit? [sic]"
The obvious one is people can put packages under their own namespace and not worry about naming collisions. If this were really such an issue, things like github,maven, or just about any other library manager would be impossible to work with. But that isn't the case.
"The cost is that package paths are longer and hard to remember. Also confusing because multiple packages can have the same name"
In 5+ years of programming I have not once had an issue due to namespaces. In both systems you still need to remember the author + repo name. Both systems would have multiple competing projects for a problem space. Etc. It's up to you (the engineer) to do your research before adding a library to your project. Namespaces or the lack of them will never fix that.
Name length? Really? Is ~5-15 chars vs ~20-25 so important? It's not like we're memorizing these things. This is not worth removing namespaces for.
Both systems have issues due to things being named the same. One example in rust is `http` and its related types, which get referred to by multiple crates. I ran into that recently when I pulled in various networking crates into the same project. Removing namespaces doesn't fix this.
"Squatting is not a major problem just name your package yourname-xml or randomname instead of yourname.xml"
I'm sorry but I cannot agree with this. Naming should not be a compromise. There's a reason we don't use random names or just random numbers.
You seem to be right in large parts, however other econsystems and package managers don't have the same kinds of problems to that degree, since their package names are namespaced.
I'm not sure if this would solve this particular issue, it actually might, but name squatting in general seems to be far less of an issue with other package repositories.
I'm not sure I necessarily agree with that... But yeah I specifically did not want to get into what namespaces do solve, and so was instead vague and just acknowledged that they're good for something. :-)
I will also say this: at the level of personal preference, and given my understanding of many other package ecosystems, I would have preferred namespaces from the start. But I don't feel very strongly one way or the other to be honest.
> "packages can impersonate other packages with typos" problems
I was pointing out that this is specifically not solved at all by namespacing. A package's name includes its namespace, and the namespace can be typo-squatted. (EDIT: Or wait, maybe I'm misunderstanding what you're saying. Perhaps I'm confused by what "these" refers to in your last sentence.)
I've worked on various package management ecosystems for close to a decade now, and I wouldn't qualify this (if 'burntsushi had done it) as namespace squatting. It's clearly not an attempt to reserve a name for unspecified future use (or as a potential typosquatting target); it's the name of the binary installed by the crate and an obvious mistake for an installing user to make.
Even flat namespaces are virtually infinite; a couple of extra names that correct user error do not pose a serious exhaustion risk.
Conversely the arguments I've heard for namespaces is that multiple people want to reimplement or make bindings for the same C library.
In maven central, in my anecdotal experience, namespaces usually either distinguish forks of the same library, or to group related libraries. There has never been, in my experience, a case where I wanted two packages with the same name in different namespaces.
I think a better system of handling unmaintained crates; with the possibility of reclaiming a name would go a long way with the author's use case. I don't have any great ideas here: package with no update in some time (a year?) is eligible. Someone requests to take over name - the author is notified and has a period of time to click an "I'm still here" button. If they don't - new author gets the name. Some 'super version' number is incremented so crate authors opt into the new or old foo. That last part is where I'm the most hesitant.
I can understand not liking it, but I don't understand why you find it strange: global namespaces are the norm in language package distribution. RubyGems, NPM, PyPI, and Crates all use flat namespaces (either by default or as their only supported mode).
Namespace partitioning has advantages, but it also doesn't solve squatting problems on its own: anybody (or any process) that's fooled by `requests` vs `pyrequests` is also going to be fooled by `some-owner/requests` vs. `requests-org/requests` (the latter being the fake one).
> Yet to see any proof that namespacing has made things better in other ecosystems
It's really as simple as this: many libraries are generic enough implementing something that already exists. Let's say you want a library to manage the SMTP protocol. On crates.io, of course someone has already taken the "smtp" crate (ironically, this one is abandoned, but has the highest download counts, because it's the most obvious name). Let's say you disagree with the direction this smtp crate has gone, and you make your own. What do you call it?
Namespaces solve this problem. You'd instead of have user1/smtp and user2/smtp competing in feature sets. You can even be user3/smtp if you don't like the first two.
This is precisely what Java enables too. The standard library is in com.java.*; if you don't like how the standard library does something, you can make com.grimburger.smtp and do it yourself. If you choose to publish to the world, all the more power to you. It doesn't conflict with the standard library's smtp implementation.
See e.g. Rust, where the idea of hierarchical crate namespaces has been politely but firmly shot down every time it's been requested.
reply