On 22 May 2014 14:02, Jack Lawson <ajacksif...@gmail.com> wrote: > I'm excited. One problem I've had when using NPM in production is that > packages are unsigned, and the ability to overwrite a package version can > cause security concerns.
Ideally package versions should never be overwritten (we have revision suffixes for that: 1.0-1, 1.0-2, etc.), and only the module owner can post a new version/revision of a module in the main MoonRocks manifest. > Is there interest in implementing package signing? If anyone wants to implement it, the feature is welcome, but I don't want to make package signing mandatory. -- Hisham ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ Luarocks-developers mailing list Luarocks-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/luarocks-developers
