[Lazarus] Online Package Manager question
Michael Van Canneyt
michael at freepascal.org
Mon Apr 13 23:11:16 CEST 2020
On Mon, 13 Apr 2020, Juha Manninen via lazarus wrote:
> On Mon, Apr 13, 2020 at 8:47 PM silvioprog via lazarus <
> lazarus at lists.lazarus-ide.org> wrote:
>
>> What do you think about to create a new project "OPM"
>> at bugs.freepascal? ☺ This way, the package's author just opens an new
>> issue categorized with "OPM" providing steps/requirements he wants to
>> upgrade his package, making it public and available for
>> future consultation/reference.
>>
>
> That sounds dangerous. We would get bug reports of components delivered by
> OPM although they are maintained elsewhere. Actually it has happened
> already.
I am also not in favour of such an approach.
It's a bugtracker, not an upgrade manager.
I have not used the OPM extensively, but I think that once a package has
been registered/accepted, I think the original author must be able to upload his
own changes.
Part of the registration procedure could be uploading a public key for
packages, which could be used to verify an upload. The OPM can generate this
key (together with a private key, obviously) and sign the zips.
I have seen that you can also have a JSON file with update instructions, but
this seems a little abnormal to me, forcing the package creator to have some
infrastructure in place for downloads.
Michael.
More information about the lazarus
mailing list