On Mon, Apr 13, 2020 at 6:11 PM Michael Van Canneyt via lazarus < lazarus@lists.lazarus-ide.org> wrote:
> On Mon, 13 Apr 2020, Juha Manninen via lazarus wrote: > > > On Mon, Apr 13, 2020 at 8:47 PM silvioprog via lazarus < > > lazarus@lists.lazarus-ide.org> wrote: > > > >> What do you think about to create a new project "OPM" > >> at bugs.freepascal? ☺ This way, the package's author just opens an new > >> issue categorized with "OPM" providing steps/requirements he wants to > >> upgrade his package, making it public and available for > >> future consultation/reference. > >> > > > > That sounds dangerous. We would get bug reports of components delivered > by > > OPM although they are maintained elsewhere. Actually it has happened > > already. > > I am also not in favour of such an approach. > It's a bugtracker, not an upgrade manager. > > I have not used the OPM extensively, but I think that once a package has > been registered/accepted, I think the original author must be able to > upload his > own changes. > Me too. Many other PMs allows the component/library authors to upgrade their packages. I personally would like to use any procedure instead of sending e-mail. Part of the registration procedure could be uploading a public key for > packages, which could be used to verify an upload. The OPM can generate > this > key (together with a private key, obviously) and sign the zips. > > I have seen that you can also have a JSON file with update instructions, > but > this seems a little abnormal to me, forcing the package creator to have > some > infrastructure in place for downloads. > > Michael. Signed packages (tar.gz or zips) really would be very useful. -- Silvio Clécio
-- _______________________________________________ lazarus mailing list lazarus@lists.lazarus-ide.org https://lists.lazarus-ide.org/listinfo/lazarus
