[opam-devel] OPAM 1.3 roadmap
Louis Gesbert
louis.gesbert at ocamlpro.com
Sat Feb 21 04:01:56 GMT 2015
With 1.2.1 almost out of the door, time has come to review the roadmap discussed back in December and choose where we'll be going for 1.3. Original mail attached for reference.
The topic that is burning hot at the moment is, specially after the Debian Haskell build host has been compromised, security: we have no signing at all at the moment, and we need to improve on this before it becomes a problem. TUF [1] has devised a sane amount of rules for repository management and signing that should make it easier to get it right in OPAM. Hannes has mentionned writing an OCaml implementation for TUF, which could get very helpful.
Also of importance is Windows support. It should at least be straighforward and documented to get a basic Cygwin setup working. That goes with adding automated tests (appveyor can now be added in Github alongside Travis). Related is cleaning up external command usage (even if not really justified by a Windows port only, as David Allsopp pointed out) -- replacing curl calls by cohttp, use ocaml-fileutils...
These are the other main features, that'll probably take more time if we are to focus eg. on security:
* a plugin mechanism with plugins for example for OCaml (for better agnosticity), external dependency handling [2], documentation generation...
* a 'provides:' field in OPAM files [3]. This is a loose requirement if we want to switch the repository to have OCaml itself in a package (which is already possible, but the system compiler may yet be an issue).
* More flexible switch handling (multi-switch packages, per-switch remotes, layered switches for cross-compilation...)
* Tracking of files installed by packages. While unrelated to repo signing, this might have some security implications, so we might want to bring it in.
* With file tracking, generating a binary repo (with some limitations) could be quite straight-forward.
Which of these do you think is most important ? Have I forgotten anything ?
Cheers,
Louis
[1] http://theupdateframework.com/
[2] https://github.com/ocaml/opam/blob/master/doc/design/depexts-plugins
[3] https://github.com/ocaml/opam/blob/master/doc/design/provides.md
-------------- next part --------------
An embedded message was scrubbed...
From: Louis Gesbert <louis.gesbert at ocamlpro.com>
Subject: [opam-devel] OPAM Roadmap -- what next ?
Date: Wed, 17 Dec 2014 19:07:40 +0900
Size: 20373
URL: <http://lists.ocaml.org/pipermail/opam-devel/attachments/20150221/93d1b692/attachment.mht>
More information about the opam-devel
mailing list