Jon,
I am changing the package delete page in the APM UI so that it unmounts and deletes all instances before deleting the package. That way, by using APM Tcl callbacks we are able to cleanly delete workflow and bug tracker from the APM UI.
IMHO permissions should cascade, or if we don't want to cascade, why don't we delete them in acs_object__delete? Analogously I just set up lang_message_keys to cascade from package_key.
I think non-cascading constraints are a major headache and I also think they can cause serious problems. What if package A sets a constraint on an object in package B. When package B tries to delete its object it fails because package A (that package B has no knowledge of) has it referenced. Isn't this just plain wrong? I think all composite relationships should be cascading constraints (permissions are a perfect example, they can't exist without the party, privilege, or object that they are made up of).
The only thing that could convince me that cascading is bad is the warning I got from Jeff Davis that cascading can cause locking issues or other problems. I don't understand yet why that would happen but if somebody can explain it to me or even better show how it happens in OpenACS in practice I would be more than willing to change my mind.
