Deleting packages from SymbolSource

Before you get discouraged by this long (although we feel needed) introduction, please know that we are introducing a feature to delete packages from SymbolSource. Well, sort of.

When we were initially designing SymbolSource, we didn't believe there was much need for deleting symbols and sources once they were published. The reasoning behind this is that when you build up the expectation that symbols of all the libraries that you use can be easily loaded on-demand and that it's possible to likewise step into all of their sources, everything should be done to avoid breaking that expectation. It's a matter of trust. If you see a project name mentioned on the site, you should expect all its symbols to be available. Symbols are quite different than binaries. You may want to have binaries of various versions of your library available for download, and you may want to remove a version altogether, e.g. when if you discover a critical problem with it. But that's only valid for the distribution side of things: be it your website, NuGet or any other channel. By the time that you remove your package from distribution it might already be referenced in countless projects and there is no way to force users to upgrade from the flawed version. Those projects at some point will surely benefit from a symbol/source server. Leaving symbols behind does not cause any harm, it can only be beneficial.

One of the possible reasons to remove a package is to keep versions in sync between and a repository like Imagine that you uploaded a binary package, then discovered and fixed a problem with it and reuploaded it to the repository without changing its version number. There would be nothing wrong with this approach, if the new package contained the exact same binaries - perhaps just more or less of them. There is nothing at, however, that prevents you from uploading completely different binaries for the same package. Also note that good practice of versioning (you might want to take a look at for an example) dictates that once you publish a package, you should never ever make modify it - instead bump up the version number and upload again. This has been always supported at

Nevertheless, many of our users requested the feature to delete packages. And there are of course situations when this is appropriate: you might have only uploaded to SymbolSource for testing, so you are sure that the binaries did not leak into the world, or you might really need the version number to stay at some value. That's why from now on you can use nuget.exe to delete packages from the same way you can from

nuget.exe delete MyLibrary 1.0 -source

But since we still believe this is a bad thing to do, a package deleted this way will only really be hidden. It will not be shown anywhere on the site, and you will be able to upload again using the same version number, but symbols will still be served for the hidden package. As its maintainer you will be the only person to see its metadate on the site and you will be able to restore to it to a fully available state, provided that the same version has not been uploaded in the meantime.

A way to pernamently delete all resources that came with a package will be also soon made available.

Please let us know your thoughts on this matter.

Posted by Marcin Mikołajczak (TripleEmcoder) on Monday, June 27, 2011

blog comments powered by Disqus