hex.pm publishing should not HTTP 500 on unexpected data in metadata.config

[inoas]

mix hex.build
inspect contained metadata.config:

{<<"links">>,[]}.
{<<"name">>,<<"foobar">>}.
{<<"version">>,<<"0.0.1">>}.
{<<"description">>,<<"Testing · Middot · Character"/utf8>>}.
{<<"elixir">>,<<"~> 1.16">>}.
{<<"app">>,<<"foobar">>}.
{<<"licenses">>,[<<"MIT">>]}.
{<<"requirements">>,[]}.
{<<"files">>,
 [<<"lib">>,<<"lib/foobar.ex">>,<<".formatter.exs">>,<<"mix.exs">>,
  <<"README.md">>]}.
{<<"build_tools">>,[<<"mix">>]}.

versus
gleam export hex-tarball
inspect contained metadata.config

{<<"name">>, <<"foobar">>}.
{<<"app">>, <<"foobar">>}.
{<<"version">>, <<"0.0.1">>}.
{<<"description">>, <<"Testing · Middot · Character">>}.
{<<"licenses">>, [<<"Apache-2.0">>]}.
{<<"build_tools">>, [<<"gleam">>]}.
{<<"links">>, [
]}.
{<<"requirements">>, [
  {<<"gleam_stdlib">>, [
    {<<"app">>, <<"gleam_stdlib">>},
    {<<"optional">>, false},
    {<<"requirement">>, <<">= 0.34.0 and < 2.0.0">>}
  ]}
]}.
{<<"files">>, [
  <<"README.md">>,
  <<"gleam.toml">>,
  <<"src/foobar.app.src">>,
  <<"src/foobar.erl">>,
  <<"src/foobar.gleam">>
]}.

When publishing these tarballs via API to hex.pm it would return an HTTP 500 error.

... /utf8 was missing from the description value, but that should result in an HTTP 400 error instead of an HTTP 500, right?

[ericmj]

Unfortunately Ecto does not validate UTF8 for strings, in addition Postgresql does not allow null <<0>> bytes even though it's valid UTF8. Maybe we can do a custom Ecto type everywhere we use :string today that adds the validation, but ideally Ecto would do this out of the box. I will bring it up with the Ecto team.

[ericmj]

Implemented in phoenixframework/phoenix_ecto#175.