How to delete/undo an incorrectly uploaded package?

[cdbattags]

How do I go about doing this? I can't find this anywhere in documentation.

[cdbattags]

Would love to get this solved because I'd like to match version numbers on LuaRocks and OPM ASAP trying to take over an abandoned repo and botched the upload.

@agentzh, any help?

[agentzh]

@cdbattags Deleting an opm package is still a TODO. Pull requests are welcome for the opm repo:

https://github.com/openresty/opm

Because deleting uploaded packages is a dangerous operation, we need to delay the deletion request for at least 7 days and also send an email notification to the email address associated with the current github account used to upload those packages being deleted.

[cdbattags]

@agentzh, any chance for now someone can manually delete everything I've uploaded so far?

[cdbattags]

If it's your own package you should be able to remove it right away, no?

[agentzh]

What package do you want us to remove from the opm index?

[agentzh]

Yes we can remove it manually for you. But it has to be under your own GitHub accounts.

[cdbattags]

Please remove all packages under the username cdbattags there should be 5 of them:

• cdbattags/lua-resty-jwt | v0.1.14
• cdbattags/lua-resty-jwt | v0.1.13
• cdbattags/lua-resty-openidc | v1.6.0
• cdbattags/lua-resty-jwt | v0.1.12
• cdbattags/lua-resty-jwt | v0.1.11

Thank you!

Also, moving forward might I add a PR that will remove packages if they are under your own GitHub account name? What other things for security purposes do you want for this?

[cdbattags]

Please do not remove the latest one:

cdbattags/lua-resty-jwt | v0.2.0

This is the most recent and what is correct!

[agentzh]

@cdbattags Done.

Regarding to the removal feature of opm itself, as I said, there are 2 requirements:

1. we need to delay the deletion request for at least 7 days and also send an email notification to the email address associated with the current github account used to upload those packages being deleted.
2. the user can only delete package uploaded by himself (this also applies to packages under a github organization account where person A in the org W cannot delete packages puloaded by person B even if B is in the same org W).

[keyur9]

@agentzh It looks like deleting an opm package is still a TODO, couldn't find in the documentation. Is there any chance, someone could manually delete the opm package I've uploaded so far?

OPM package - keyur9/openresty-plugin-moesif

Any help is much appreciated. Thank you.

[jvanasco]

I believe there are 3 different features needed:

• Hide a Package Version - low danger. The package is still available by directly requesting the version, but does not show up otherwise.
• Delete a Package Version - medium danger. The package is no longer available, even when directly requesting the version, but older/newer versions may be.
• Delete a Package - high danger.

I would very much like to see "Delete a Package Version" happen. I accidentally did a build from the wrong checkout, and ugh.

[agentzh]

Yeah, we'll add this feature. Like Perl's CPAN, we will do delayed deletion to avoid accidental operations (and also for security). @xlibor Please look into this.

[agentzh]

@jvanasco I think we will delete the version info from the database as well. But we won't allow uploading the same file same version.

[jvanasco]

@agentzh I believe that is what Python's PyPi does.

[agentzh]

BTW, we'll also look into adding support for C components (compiling to .so or .dylib files) in opm packages soon.