First of all: OPM was written and maintained by Balazs Szekely (aka
GetMem). For a year, however, I have not heard from him any more - I
really really hope that he is doing fine. For the moment OPM is
maintained by myself.
Your questions:
Am 11.01.2025 um 16:17 schrieb Tony Whyman via lazarus:
1. Who makes the decision about what is uploaded to the OPM repository?
2. How is a package put there and what precautions are taken to ensure
that the package is genuine and does not contain malicious code -
especially when the upload was not done by the original author.?
3. How are the OPM repository maintainers told that a new version of a
package is now available?
When the package owner has the feeling that a new version should be
released to OPM he notifies the OPM maintainer by mail to
o...@lazarus-ide.com containing a link to the new version or a zipped
file as attachment. I look over the code, compile it and run some of the
sample projects provided.
Anybody can submit packages for inclusion in OPM. Of course, I don't
know any of the submitters personally, and I have no idea whether he/she
is the original author. So, sorry that the your IBX files made it into
OPM without your knowledge. But I don't see a way how to improve that
without building up a huge beaurocracy.
Criteria to accept a package are for me (maybe they were different for
Balasz):
* The library must be a package. Individual, isolated units cannot be
handled by OPM.
* It must contain a brief description in the meta data and package file.
* It must contain a statement on the license. Commercial licenses are
rejected. I also reject packages which "smell" like being pirated
(for example, when there is the original Borland header in the units).
* The package and its files must be in English - this is an
international community, and there is no other way to communicate.
* It must compile at least under the current releases of Lazarus/FPC.
Of course, the more combinations are welcome. The working
combinations should be specified in the meta-data (json), as well as
the widgetset for which it works.
* There should be at least one sample project. Otherwise I have no way
to test whether the code is working (I am not willing to write test
projects for foreign code).
* Ideally there should be some documentation, either included as help
files in the package, or as a separate wiki page, or similar.
* The package submitter must express his/her commitment to maintain
the package if, for example, it does not compile any more due to
compiler or widgetset changes. Unfortunately we have many
unmaintained packages already now, and I tend to remove a
non-functioning unmaintained package.
--
_______________________________________________
lazarus mailing list
lazarus@lists.lazarus-ide.org
https://lists.lazarus-ide.org/listinfo/lazarus
