[Lazarus] Online Package Manager question

[silvioprog]

On Mon, Apr 13, 2020 at 6:11 PM Michael Van Canneyt via lazarus <
lazarus at lists.lazarus-ide.org> wrote:

> On Mon, 13 Apr 2020, Juha Manninen via lazarus wrote:
>
> > On Mon, Apr 13, 2020 at 8:47 PM silvioprog via lazarus <
> > lazarus at lists.lazarus-ide.org> wrote:
> >
> >> What do you think about to create a new project "OPM"
> >> at bugs.freepascal? ☺ This way, the package's author just opens an new
> >> issue categorized with "OPM" providing steps/requirements he wants to
> >> upgrade his package, making it public and available for
> >> future consultation/reference.
> >>
> >
> > That sounds dangerous. We would get bug reports of components delivered
> by
> > OPM although they are maintained elsewhere. Actually it has happened
> > already.
>
> I am also not in favour of such an approach.
> It's a bugtracker, not an upgrade manager.
>
> I have not used the OPM extensively, but I think that once a package has
> been registered/accepted, I think the original author must be able to
> upload his
> own changes.
>

Me too. Many other PMs allows the component/library authors to upgrade
their packages. I personally would like to use any procedure instead of
sending e-mail.

Part of the registration procedure could be uploading a public key for
> packages, which could be used to verify an upload. The OPM can generate
> this
> key (together with a private key, obviously) and sign the zips.
>
> I have seen that you can also have a JSON file with update instructions,
> but
> this seems a little abnormal to me, forcing the package creator to have
> some
> infrastructure in place for downloads.
>
> Michael.


Signed packages (tar.gz or zips) really would be very useful.

-- 
Silvio Clécio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lazarus-ide.org/pipermail/lazarus/attachments/20200413/e58c0a06/attachment.html>