@khady, who regularly checks our links on ocamlverse, alerted me to the fact that bitbucket mercurial repos are no longer supported at all. A few OCaml repos are linked to on ocamlverse:
These repos are all dead now but are available via opam (temporarily?), and I imagine there are many more with this issue. I’d rather not delete these from ocamlverse but have the authors transition to git repos we can link to instead, as well as fixing the opam sources.
I the tarballs are no longer reachable, in opam we can retrieve them from the opam cache. These could be useful for the authors if they are moving their repository and want to preserve the old releases
An incredibly dumb grepping of the opam-repository repository revealed something like ~300 opam files across 67 projects mentioning tarballs previously hosted by bitbucket.org, which indeed are all gone at this point:
I wonder if there is a “safe” place that’s been set aside for such orphaned libraries to be relocated to (presuming tarballs matching the published hashes are recoverable somewhere)?
Given the inevitability of broken links like this (and also the security implications of package repositories not retaining released artifacts themselves, immutably), has there been any consideration of having the opam repository capture and retain tarballs permanently? I know this is a bit off topic for this thread, but seeing changes like this (where both upstream tarballs and their hashes are being changed) gives me flashbacks to some bad old days with Maven, npm, and PyPI when those package managers had a similar laissez-faire approach to artifact retention and integrity.
Oh, very nice then, that’s good to know. I had checked a half-dozen of them that happened to come back 404, and I guess I made a poor assumption on that (unlucky) basis.