Commit messages in package update notifications


#1

It would be nice to see all the commit messages since the last update when package update notifications come in.


I can't read (the changelog)!
#2

I seem to remember seeing something like this request before, but can’t remember where. Are you asking for a list before you install the latest version of a package? Or after?


#3

Before installing. I’d like to see it right next to the update notification in the settings tab.


#4

I did search first, but didn’t see the same request.


#5

Yes, requiring package authors to create release notes for each new version would be good practice.


#6

There is already support for CHANGELOGs:

I don’t want to have to have to type up both a CHANGELOG and release notes to be considered a good citizen.

I also feel that “encouraging” is a better word than “requiring”.


#7

Ah, I never noticed that button. Well, I got nothing then.

That depends on the context. But yea, agreed. I’ll restrain my authoritarianism.


#8

I never noticed that either, probably because it’s not where it makes most sense (at least to me).

Instead of requiring users to navigate to that package, why not put the Open CHANGELOG button in the update notification box that appears under Available Updates?

Current Flow

  1. Click on blue icon that notifies package updates are available.
  2. Look at the names of the packages that appear under Available Updates, and navigate to each one individually via the sidebar (with much gnashing of teeth).
  3. Click Open CHANGELOG.

#2 above requires scrolling and hunting or filtering with the provided text input which is arguably another step.

Proposed Flow

  1. Click on blue icon that notifies package updates are available.
  2. Click on the Open CHANGELOG button.

#9

Similarly, it’d be cool if apm upgrade printed the details of the changelog, just so you could read it all in one place (I almost ONLY use apm for upgrades).

Also, has there been any thought about auto pushing patch releases. The reason I say this is, if it’s just a patch, the end user should probably be upgrading, regardless of the changelog. Just a thought.

Forced pushes has it’s advantages, google does it with chrome heh.


#10

I can’t speak for the Atom team, but I’d rather that they either didn’t support this or it was off by default with a big glowing warning if you try to enable it. Given that the ownership of a package can change very easily … my trust of the original author versus the new author may be completely different and I may not want the new author dumping whatever random code they think is just a “patch” on my machine.


#11

So yeah especially in highly secure environments this would be bad as default. In practice though, how / when do authors change? Most of the big projects work by limiting contributors and doing pull requests still right? Not sure.


#12

You are probably correct that “the big projects” work that way. Atom definitely does. But a counter-example is that @abe was brought in as a collaborator on the minimap package and has been the sole maintainer since May 28th, even though the author of the package in the package view still says “fundon”. (To be clear, I trust @abe at least as much as I trust @fundon as a developer, I’m just pointing out that the authorship can change without one knowing.) I don’t know exactly how long it took me to notice … but it certainly wasn’t right away and was probably at least a few minor releases later.

Also, you point out that Chrome auto-pushes updates. Chrome also auto-pushes updates to extensions. And here’s exactly how bad actors have used that system to do bad things:


#13

I’d like to request a feature on top of the “Open Changelog” button for an individual package. That button is fine if my list of updates just has one package. But I have lots of packages, so most of the time my list of updates has multiple packages, and I need to be really careful if I want to read all the changelogs.

There was this twitter bot but it twitters new packages only, not updates to packages:


Clickable packages available for updates
#14

Since not every package has a changelog, I think it would also be useful to have a link (in the package title or with a button) to the package page or repo, so that we can check directly the commits.