I'm excited. One problem I've had when using NPM in production is that
packages are unsigned, and the ability to overwrite a package version can
cause security concerns. Is there interest in implementing package signing?
On Thu, May 22, 2014 at 7:53 AM, Hisham <h...@hisham.hm> wrote:
> On 22 May 2014 05:51, Pierre Chapuis <catw...@archlinux.us> wrote:
> > On Wed, 21 May 2014 18:36:05 -0300
> > Hisham <h...@hisham.hm> wrote:
> >
> >> As mentioned before in this list, we have a plan of making MoonRocks
> >> the default rocks repository, effectively moving LuaRocks to a
> >> non-curated repository model (like the vast majority of programming
> >> language repositories out there).
> >
> > Great.
> >
> >> We still need to figure out how to make the existing mirror sites of
> >> the repository fetch from the MoonRocks repository (they currently
> >> rsync from luarocks.org). Current mirrors and their contact persons
> >> (all cc'd here) are:
> >>
> >> * http://luarocks.giga.puc-rio.br/ - GIGA Lab at PUC-Rio
> >> * http://luafr.org/luarocks/rocks - Pierre Chapuis
> >> * http://liblua.so/luarocks/repositories/rocks - Rob Kendrick
> >> * http://luarocks.logiceditor.com/rocks - Alexander Gladysh
> >>
> >> I'll try to figure out how to make the current main server address —
> >> http://luarocks.org/repositories/rocks/ — redirect to MoonRocks or
> >> also become a mirror of its repo.
> >
> > Actually I already mirror MoonRocks as well as LuaRocks for the
> > purpose of feeding the Lua Toolbox monster. It is just not publicly
> > exposed but it should be easy to switch. I just git pull the
> > repository to mirror.
> >
> > I would be in favor of introducing stricter automated checks before
> > accepting a rockspec on MoonRocks, and maybe removing old rockspecs
> > that do not comply from the repository. From what I can remember some
> > rockspecs in there cannot even be parsed by LuaRocks, and several
> > have no description at all for instance.
> >
> > Also, I think if MoonRocks and LuaRocks merge, the usefulness of
> > Lua Toolbox will decrease a lot. Its defining features
> > (endorsements and tags) should probably be fed back into MoonRocks
> instead.
> >
> > My only issue with the MoonRocks website is that it is written entirely
> > in MoonScript, which makes it harder for me (and probably most Lua users)
> > to contribute. But if Leaf is OK and I can find some time, I will look
> > at how feasible it is.
>
> Merging Lua Toolbox into MoonRocks would be awesome. In the long term,
> this could even become the actual LuaRocks website and people's dreams
> of a resurrected LuaForge would materialize in another shape. :)
>
> Still, I think MoonRocks is good as it is to take over as a default —
> my greatest concern right now is how to ensure that every .rockspec
> has its corresponding .src.rock. I discussed with Leaf about enforcing
> that at submission time. Shifting the burden to generate the .src.rock
> on the developer ensures that they ran their rockspec at least once,
> ensuring that the URL is correct, etc. A `luarocks upload
> foo-1.0-1.rockspec` command that does this could streamline the whole
> thing (there's a similar command in the `moonrocks` script already; so
> it's a matter of converting/merging it into LuaRocks).
>
> Community moderation, ratings, mirror balancing, etc. are all nice
> features but they could come after the release.
>
> -- Hisham
>
>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos.
> Get unparalleled scalability from the best Selenium testing platform
> available
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
> _______________________________________________
> Luarocks-developers mailing list
> Luarocks-developers@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/luarocks-developers
>
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Luarocks-developers mailing list
Luarocks-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/luarocks-developers
