Hi, On Mon, 28 May 2018, 19:02 Wade Chandler, <[email protected]> wrote:
> I think for the plugin portal, we could have a real simple registration > scheme that is a repository that has a particular structure for a publisher > with YAML files and images in it for plugin registration, and have a static > site generator for it. We could protect to a reasonable degree the > publishers files from anyone outside the Apache contributor organization by > validating the userid of the commit matches the folder structure of the > “publisher” or the publisher belongs to a GH organization. We could take > that a step further, and allow links to other repositories of similar > layout for publishers. We could easily pull in someones master repository > during build time of a static repository. > Agreed! I've suggested this a few times and was going to look at it a few months ago, but that was pending some work elsewhere that was looking at running the existing plugin portal on the VM. I've lost track of where that's got to, and still think licensing might be an issue with that anyway. One thing I'd add to your suggestion is I think the catalog should be enhanced with a checksum for the plugin so each update link can be checked and validated via PR to the catalog repo. Best wishes, Neil > -- Neil C Smith Artist & Technologist www.neilcsmith.net Praxis LIVE - hybrid visual IDE for creative coding - www.praxislive.org
