Peter TB Brett wrote:
On 18/03/2016 20:26, Richard Gaskin wrote:
Separate from the question of security is a larger one:
Is a stack repository even something we need/want the core dev team to
be tasked with maintaining?
R's CRAN, Python's PyPI, Perls CPAN, and others are all maintained by
the communities of those languages, leaving the core dev teams to keep
their focus on the scripting engines they produce.
As far as I know, we plan to introduce a package management system (with
all of the capabilities that one might expect, such as version
management, dependency management, checksums, cryptographic signatures,
etc. etc.) as part of the delayed Extension Store feature.
It won't be a small or easy job but it's very important that we get it
right when we do it. Don't expect anything that you can try out for a
few months yet.
Excellent. The security part of that is a hard nut to crack. The best
we could do would be to limit access by using a standalone running with
securityPermissions, which is a faulty way to test many things because
unless a stack is written with specific securityPermissions in mind it
just breaks a lot. :)
Happy to have you folks do it. And given the challenge of doing it
well, I don't think anyone will mind waiting.
Of course, if someone else comes up with something first then there's a
good chance we might adopt and contribute to that, so don't let our
ideas (there's no code yet!) put you off starting something.
If you do, you will find this to be relevant and useful reading material:
https://medium.com/@sdboyer/so-you-want-to-write-a-package-manager-4ae9c17d9527
Thanks, but I'm hoping to avoid this:
https://xkcd.com/927/
The Yum/Deb schism has already caused enough gray hairs, and while Snaps
are IMO a great (if not long overdue) solution to many of the
limitations of those earlier PMs Canonical's already taking heat for
making yet-another-package-manager.
I'm happy to leave such controversies to other camps. If you folks are
working on a broad-scope package management solution for LC, I'm sure
it'll be well worth waiting for.
--
Richard Gaskin
Fourth World Systems
Software Design and Development for the Desktop, Mobile, and the Web
____________________________________________________________________
ambassa...@fourthworld.com http://www.FourthWorld.com
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
