[ocaml-platform] OPAM: signing the repository
Hannes Mehnert
hannes at mehnert.org
Fri Jun 5 13:45:10 BST 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA384
Daniel,
On 06/05/2015 13:32, Daniel Bünzli wrote:
> Here are a few comments.
>
> * It seems to me that you introduce the concepts of "developer",
> "package maintainer" and "author" which are all the same. It would
> be clearer if a single name was kept and used consistently.
>
> * I'm not sure that "Date is in the ISO 8601 standard" is what you
> actually want as this is an incredibly flexible standard to
> represent date and time (e.g. you can use a year, week number and
> week day). What you are likely meaning is that the date is in the
> RFC 3339 standard, a sane subset of the ISO 8601 standard.
>
> * Wouldn't it be better to bring the compiler-as-package work to an
> end before doing this so that you don't have to special case for
> them (and thus reduce the complexity, attack surface, etc.) ?
Thanks. You're right on all three points. Sorry for the inconsistency.
I haven't looked too deeply into the compiler-as-package or how
compilers are handled by opam atm (and hope Louis or someone else will
have a good idea how to deal with that).
Hannes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCQAGBQJVcZnWAAoJELyJZYjffCjuMaEP/3xhF37yHG/+UGzBwrQHmSzo
KuQ45poZZRJ3ZOtARlMmneNwsH+zTK/lMKUlDJJhgqSNOOb+2VyuC3SneKlpbbwK
10Z5GblGeX5kZ1xULvqbq/i+xO9ttP5kRDy21+O/2jqQa3TWCzAvKoRYNkkAmOmu
UT7QlBqubi3zur/hsWeFo489r420SAzJgG7375nNrMMCtg02NUh2/TPDNA/c8Ywl
F5MQUFJH2WPsuG4HUODp9+WAzbpMjtPkDeq90WNCf1TVjHNTOfPgZxOX1uq1zA8A
WD4QQ+fiPkS3UU66oNbo7+mNn5hCK6esdsBF0F5M5hGiIAhbZwcyPnR7TWCiU4yY
lYnLa3a/uMf9ijS90mcDgrxiBmmS76tEStbPPse7TkngLQmPJzDYCjAnrwcfgb8+
osf3gHuxGrokGR/u5DijBREFT4r+EpeynDINm9xdhpDx5yx8MCBS/ez92LXg9Clf
SvhyDPYUCQGo0Qvv5/rzb5i45ZghQWJDKwZ9OhjJDpYgrqIh/DulglW+A1XTs2p0
ZANn6atKwtgYMF3Rwe2DXSdtdI22dQre0X+Oi/Q7h59vIeFJ9yRtUNsxmCclvCuu
GyZZBHQeyqcblWd+1t2KX64WvWLndQlO3tAwLaLrMolg4Fj167QbiQvTNIy6yK0n
4+94lSM48nKbin8PlJVr
=DNJt
-----END PGP SIGNATURE-----
More information about the Platform
mailing list