[opam-devel] more committers needed ?
anil at recoil.org
Wed Mar 30 12:03:39 BST 2016
> On 30 Mar 2016, at 12:02, Louis Gesbert <louis.gesbert at ocamlpro.com> wrote:
> Note that it would become more complicated with our upcoming signed
> repository, since the package maintainer needs to sign for each new release.
> Maybe we could find a way to re-use git signed commits as releases, but that
> sounds complicated and could be an attack vector.
> More simply, the mechanism could do all the work, and poll the package
> maintainer for a signature (assuming he wouldn't sign without actually
> checking ?) . Something like a mail with instructions and archive + cryptohash
> to verify, then a command to run and it's done.
> Le mercredi 30 mars 2016, 11:38:39 Thomas Gazagnaire a écrit :
>>> The OPAM tool indeed supports this model, but the automation
>>> infrastructure isn't fully written and deployed yet. There are various
>>> tools in-flight that do portions of this, but none exist that poll the
>>> --dev repository (e.g. for a new GitHub release) and autocreate a PR.
>> yes, that's a very good idea! (and not difficult to do actually)
>>> I think that's an interesting idea, as instead of the repository
>>> maintainer pushing a release and OPAM package, we could take the burden
>>> off the creator and poll for releases on the upstream GitHub repositories
>>> One advantage of this "pull" model is that it ensures that the upstream
>>> `opam` metadata is sane, since that would form the basis for the PR.
>>> Right now they can diverge due to manual intervention.
>>>> On 22 Feb 2016, at 22:14, Cheng Lou <chenglou92 at gmail.com
>>>> <mailto:chenglou92 at gmail.com>> wrote:
>>>> Sorry for hijacking the discussion. I'm new to OPAM, but is there a
>>>> reason why PRs for package upgrades can't be managed automatically? E.g.
>>>> asking for a git URL and either periodically check for new release tags,
>>>> or check on the fly when installing a library.
>>>> On Wednesday, February 17, 2016 at 7:27:49 AM UTC-5, Fabrice Le Fessant
>>>> wrote: Hi,
>>>> If there is some need to help managing PRs to the opam-repository,
>>>> Grégoire Henry (OCamlPro-Henry on Github) and myself (lefessan on
>>>> Github) are volunteers to spend some time doing it.>>
>>>> Best regards,
>>>> opam-devel mailing list
>>>> opam-devel at lists.ocaml.org <mailto:opam-devel at lists.ocaml.org>
>>> opam-devel mailing list
>>> opam-devel at lists.ocaml.org
More information about the opam-devel