Looking for more metadata

A few days ago I linked to a report showing a lot of systems that failed to build. They failed because I added an option in the Quicklisp build environment that signals an error if a system lacks the description, author, and license metadata.

This isn't a standard feature of ASDF or Quicklisp. No projects are going to be dropped next month because of it. It's an optional piece of the build system, one that I added so I could see how many systems are missing that useful data and how likely it is that people will care.

I really want to use the :description option and show it as output in the REPL when searching for systems with something like system-apropos. I also want to make it easy to quickly determine the license of a given system, so you can figure out if it's compatible with your project. And having author information readily available will make it easier to contact someone regarding the project.

ASDF system metadata is a good choice for storing this information because it's not Quicklisp-specific. Anyone can gather and use this data if it's present in the systems. I hope that in the future every system in every project will have as much useful and accurate metadata as possible.

So what should you do if you want to help with this goal?

First, if you maintain a system and it's in the report, please update each of its system definitions with :description, :author, and :license information. A good description should be no longer than a tweet,and give an idea of what the system is for. The author information should include a name and email address. The license should be short and refer to a well-known license if possible, or give information about where to read the full license otherwise.

If you're not the maintainer of a system, but you want to file an issue or bug report, consider making a polite request to the author that they update their systems to include the extra info. (If you can, make sure nobody else has submitted the request first.)


ASDF 3 is coming to Quicklisp soon

In the next week or two, I'm going to update Quicklisp so that if ASDF is missing, or not at least version 3.1, it will fetch and load ASDF 3.1.4. This should be a pretty conservative change. Almost all implementations already include ASDF 3.

If you'd like to try the new Quicklisp client that fetches ASDF 3 if needed, see this post to the Quicklisp mailing list.


May 2015 Quicklisp dist update now available

This Quicklisp update is supported by my employer, Clozure Associates. If you need commercial support for Quicklisp, or any other Common Lisp programming needs, it's available via Clozure Associates.

New projects:

  • bytecurry.asdf-ext — ASDF extension(s) for generating atdoc documentation. — MIT
  • cl-durian — dynamic html generation from list structures (interpolation friendly) — WTFPL
  • cl-marklogic — Common Lisp library for accessing MarkLogic Server. — LGPL3
  • cl-pslib — A CFFI wrapper for the pslib library, a library for generating PostScript files. — LLGPL
  • cl-pslib-barcode — A barcode generator for the cl-pslib library. — LLGPL
  • cl-simple-concurrent-jobs — A simple API for running concurrent jobs and collecting the results — BSD 2-Clause
  • cl-sophia — High-level API for Sophia key-value storage — WTFPL
  • cl-strftime — Common Lisp compiler for the strftime language. — MIT
  • cl-tga — TGA file loader — MIT
  • erudite — Literate Programming System for Common Lisp — MIT
  • intel-hex — A library to handle Intel HEX format. — MIT
  • snakes — Python style generators for Common Lisp. — Apache 2.0

Updated projects: alexandria, antik, arrow-macros, babel, beirc, birch, blackbird, buffalo, bytecurry.mocks, caveman, chanl, chipz, cl+ssl, cl-ana, cl-async, cl-charms, cl-enumeration, cl-gobject-introspection, cl-grace, cl-graph, cl-i18n, cl-launch, cl-mtgnet, cl-netstring-plus, cl-ply, cl-quickcheck, cl-rabbit, cl-read-macro-tokens, cl-readline, cl-rethinkdb, cl-sdl2, cl-singleton-mixin, cl-slug, cl-voxelize, cl-yaml, clack, clack-errors, clim-widgets, climacs, clinch, clipper, closer-mop, colleen, common-doc, common-html, common-lisp-stat, commonqt, corona, dartsclhashtree, dartsclmessagepack, defclass-std, dyna, eazy-process, exscribe, f2cl, fare-csv, fast-http, function-cache, gbbopen, generic-comparability, gsll, hu.dwim.delico, hu.dwim.stefil, hu.dwim.syntax-sugar, hu.dwim.util, immutable-struct, inferior-shell, jonathan, json-responses, lass, let-over-lambda, lev, lisp-interface-library, lisp-invocation, lisp-matrix, lquery, lucerne, metap, mexpr, mgl-pax, nibbles, ningle, nsort, perlre, plump, proc-parse, qlot, qtools, quadtree, quasiquote-2.0, scalpl, scriba, scribble, serapeum, shellpool, should-test, shuffletron, staple, stmx, stumpwm, thorn, transparent-wrap, trivial-download, usocket, with-c-syntax, wookie.

To get this update, use (ql:update-dist "quicklisp").


April 2015 download stats

Here are the top 100 downloads for last month:
 4230  alexandria
 3401  trivial-features
 3377  babel
 3366  cl-ppcre
 3102  cffi
 2717  bordeaux-threads
 2620  closer-mop
 2611  trivial-garbage
 2605  cl-fad
 2575  flexi-streams
 2574  trivial-gray-streams
 2471  cl+ssl
 2366  nibbles
 2245  usocket
 2228  cl-base64
 2210  split-sequence
 2191  chunga
 2087  slime
 2047  iterate
 2046  trivial-backtrace
 2042  drakma
 2002  anaphora
 1925  ironclad
 1691  puri
 1682  chipz
 1653  local-time
 1520  named-readtables
 1455  md5
 1399  hunchentoot
 1259  metabang-bind
 1152  cl-colors
 1124  let-plus
 1070  optima
 1051  cl-unicode
 1020  trivial-utf-8
  992  cl-syntax
  950  rfc2388
  946  cl-interpol
  943  trivial-types
  941  cl-annot
  934  cl-ansi-text
  846  postmodern
  839  prove
  803  parse-number
  799  asdf-system-connections
  791  uuid
  780  cl-utilities
  765  cl-containers
  765  metatilities-base
  760  quicklisp-slime-helper
  701  fast-io
  695  jsown
  672  ieee-floats
  671  lparallel
  664  static-vectors
  658  cl-json
  640  plump
  605  fiveam
  601  zpng
  594  lquery
  590  trivial-indent
  587  clss
  578  buildapp
  566  array-utils
  559  xsubseq
  557  cl-sqlite
  547  salza2
  546  quri
  542  command-line-arguments
  540  osicat
  521  garbage-pools
  520  fast-http
  515  cl-mssql
  509  cl-who
  508  cl-vectors
  506  clx
  505  iolib
  503  py-configparser
  499  dynamic-classes
  497  asdf-finalizers
  497  cl-log
  496  cl-marshal
  494  cl-markdown
  484  trivial-mimes
  483  cl-abnf
  477  clack
  465  fare-utils
  450  ningle
  418  zpb-ttf
  408  cl-dbi
  408  st-json
  404  http-body
  403  circular-streams
  398  closure-common
  392  fare-quasiquote
  380  cl-csv
  380  cxml
  377  parenscript
  373  myway
  352  map-set


A small step in the right direction: https for quicklisp.org

I had a joke slide at ELS last week that explained why Quicklisp was so easy to install: just use curl install.quicklisp.net | sudo sh.  (Don't try this.) Although Quicklisp's installation isn't as risky as piping random code into a root shell, it does have its own problems. Several people at the conference asked me when I would add more security features to Quicklisp.

As of this week, www.quicklisp.org is available through an https connection. Any requests that come in over http are redirected to the equivalent https location. That means you can have some confidence that the information there is provided by me, rather than intercepted and replaced by a third party.

The main Quicklisp website is only part of the story. The software to install and use Quicklisp is hosted on another domain, beta.quicklisp.org. That domain now has optional https access, so that any URL may be accessed either through https or http.

That means the bootstrap file quicklisp.lisp is available via https, and so is the PGP key I use to sign client software and dist metadata. (That key is also available via various PGP keyservers.) If you have programs that fetch quicklisp.lisp or software archives directly from beta.quicklisp.org, I encourage you to update them to use https instead of http.

Why doesn't beta.quicklisp.org use https exclusively? Unfortunately, the Quicklisp client code itself does not know how to connect via https, so turning off http access would break Quicklisp completely. It will take more time to update the Quicklisp client code to use https.

Implementing https for quicklisp.org is a small, but important, first step toward making the use of Quicklisp safer. If you have any questions or concerns, please get in touch via zach@quicklisp.org.