On 6/14/11 9:35 AM, Daniel Gibson wrote:
Am 14.06.2011 16:09, schrieb Vladimir Panteleev:
On Tue, 14 Jun 2011 16:53:16 +0300, Andrei Alexandrescu
<[email protected]> wrote:
http://www.wikiservice.at/d/wiki.cgi?LanguageDevel/DIPs/DIP11
Why this is a bad idea:
1) It hard-codes URLs in source code. Projects often move to other
code-hosting services. PHP, Python, Perl, not sure about Ruby all have a
central website which stores package metadata.
2) It requires that the raw source code be available via HTTP. Not all
code hosting services allow this. GitHub will redirect all HTTP requests
to HTTPS.
It should support HTTPS anyway, to prevent DNS spoofing attacks and such
(i.e. most attacks that don't need your own machine to be compromised).
But maybe additional support for signing the code would be even better,
to be able to detect compromised code on the server.
Yah, I thought of a SHA1 optional parameter:
pragma(liburl, mylib, "myurl", "mysha1");
3) It only solves the problem for D modules, but not any other possible
dependencies.
I understand that this is a very urgent problem, but my opinion is that
this half-arsed solution will only delay implementing and cause
migration problems to a real solution, which should be able to handle
svn/hg/git checkout, proper packages with custom build scripts,
versioning, miscellaneous dependencies, publishing, etc.
I personally think that a standard build tool that does this (and
possibly also ships with DMD) would be better than support directly in
the language.
Especially the case that the projects website changes could be handled
more easily by adjusting the URL in a config file instead of changing
your code.
This is still possible with D config files that contain pragmas.
Andrei
