Amazing work! I really like the package manager and I am looking forward to contributing a script.
> * Add a way for package’s to define “discoverability metadata”. > > E.g. following the original plan for this would involve putting something > like a “tags” field in each package’s pkg.meta file, but the problem with > this is the client would need to either download every package to be able to > search this data or have a third-party periodically aggregate it. I think this is a question about who should deal with the extra effort: On the one hand requiring to spread and sync information between two places introduces a burden for the contributors, on the other hand (automatic) aggregation of information makes it harder to maintain a source including metadata. I am in favor of putting that information into pkg.meta to make contributing as easy as possible. One note: I think the documentation should contain a tremendous warning pointing out that the users are responsible for what they are installing. One scenario that came instantly to my mind: Someone is contributing a small and useful script, waits for its distribution and than updates his repository, adding e.g. a malicious build command. In that context it would be nice if the package manager would ask the user before executing the build command. For the official repository also some automatic checks would be nice (e.g. indicating in case a script executes shell commands). I think that was discussed before. All in all I think the package manager design is intuitive and really easy to use. Having central repositories will be great! Thanks, Jan _______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
