Peter TB Brett wrote:

On 18/03/2016 20:26, Richard Gaskin wrote:
Separate from the question of security is a larger one:

Is a stack repository even something we need/want the core dev team to
be tasked with maintaining?

R's CRAN, Python's PyPI, Perls CPAN, and others are all maintained by
the communities of those languages, leaving the core dev teams to keep
their focus on the scripting engines they produce.

As far as I know, we plan to introduce a package management system (with
all of the capabilities that one might expect, such as version
management, dependency management, checksums, cryptographic signatures,
etc. etc.) as part of the delayed Extension Store feature.

It won't be a small or easy job but it's very important that we get it
right when we do it.  Don't expect anything that you can try out for a
few months yet.

Excellent. The security part of that is a hard nut to crack. The best we could do would be to limit access by using a standalone running with securityPermissions, which is a faulty way to test many things because unless a stack is written with specific securityPermissions in mind it just breaks a lot. :)

Happy to have you folks do it. And given the challenge of doing it well, I don't think anyone will mind waiting.


Of course, if someone else comes up with something first then there's a
good chance we might adopt and contribute to that, so don't let our
ideas (there's no code yet!) put you off starting something.

If you do, you will find this to be relevant and useful reading material:

https://medium.com/@sdboyer/so-you-want-to-write-a-package-manager-4ae9c17d9527

Thanks, but I'm hoping to avoid this:
https://xkcd.com/927/

The Yum/Deb schism has already caused enough gray hairs, and while Snaps are IMO a great (if not long overdue) solution to many of the limitations of those earlier PMs Canonical's already taking heat for making yet-another-package-manager.

I'm happy to leave such controversies to other camps. If you folks are working on a broad-scope package management solution for LC, I'm sure it'll be well worth waiting for.

--
 Richard Gaskin
 Fourth World Systems
 Software Design and Development for the Desktop, Mobile, and the Web
 ____________________________________________________________________
 ambassa...@fourthworld.com                http://www.FourthWorld.com

_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Reply via email to