Package Management - was: Translations / styles
Forum rules
Please do not post support questions regarding installing, updating, or upgrading phpBB 3.3.x. If you need support for phpBB 3.3.x please visit the 3.3.x Support Forum on phpbb.com.
If you have questions regarding writing extensions please post in Extension Writers Discussion to receive proper guidance from our staff and community.
Please do not post support questions regarding installing, updating, or upgrading phpBB 3.3.x. If you need support for phpBB 3.3.x please visit the 3.3.x Support Forum on phpbb.com.
If you have questions regarding writing extensions please post in Extension Writers Discussion to receive proper guidance from our staff and community.
Re: Package Management - was: Translations / styles
If additional repositories were to be developed, wouldn't this require defining a specific API format for cross-compatibility? Or, would a repository system be distributed/made available for use instead?
-
- Registered User
- Posts: 653
- Joined: Wed Sep 21, 2005 3:01 pm
Re: Package Management - was: Translations / styles
probably both, but maybe "api" sounds a bit more frightening that what's really needed.Desdenova wrote:....this require defining a specific API format for cross-compatibility? Or, would a repository system be distributed/made available for use instead?
as i see it, a well defined directory structure, and one file with fixed name and a well defined structure (maybe xml with known schema, but maybe something simpler) that describe the content of the repo should probably suffice.
the package-management potion of the ACP would go to all user-defined repos (in addition to hardcoded repos such as the canonical one at phpbb.com) and pull the repo-content" file from each, merge them (many entries might be present in multiple repos, no need to present to the user more than one, but you want to remember all possible sources for each package) and present the distilled combination to the user in a friendly, browsable and searchable form.
selecting a specific package for installation would automatically and recursively select all its not-yet-installed dependencies.
after pressing "fetch" all packages should be pulled, in case of pull failure an alternative source should be tried, and unless *all* selected packages and dependencies are successfully pulled, the "install" option is not enabled.
"successfully pulled" means more than successful ftp: the packages themselves are verifiable, and optionally also signed.
same goes for the metadata file, of course.
the same or similar system should be used for styles and translations, although the "installation" part may be different.
in short: do something similar to what RPM or dpkg or apt-get do.
once there is consensus about desired functionality, hammering down the specs should not be that difficult, although it may be a good idea to create this spec in the form of RFC and refine it based on feedback.
peace.
Re: Package Management - was: Translations / styles
I agree too.ToonArmy wrote:Agreed 100%. As far as I'm concerned a user should have full control of their package sources, prohibiting this ability is severely limiting.naderman wrote:My point of view on this: [...]
There really should be something similar to APT. MOD authors could provide their own repository for their MOD, which would allow installation of custom packages (eg. not from phpBB.com).
As to the question of cryptographically signing MODs. With any public-key cryptographic process, it is always about trust. If you trust a certain person, you can use his key to verify his signature. I've already had some thought about signing validated MODs. This would allow them to be distributed through other means than phpBB.com, but their validation status could still be verified. I'd like to see the extension/mod/whatever system of phpBB4 support this.
Re: [End user][Admin] Translations / styles
this is a fantastic idea, the ability to d/l, install, uninstall, and update styles/plugins from the acp would be very beneficial and time saving. Then, the ability to vote on the style/plugin from within the acp would be awesome, and its bringing back unity of the community with ease.bantu wrote:An apt-like package management system where you can download and install stuff from the administration control panel etc. would be great.
Re: Package Management - was: Translations / styles
For translation, I like how those Ubuntu and e107 works.
1. ACP editing
For e107, you can edit your language file from ACP. I think this is a better way to edit file and each "" is consider one item.
The advantages are 1) preserve the data encode (as sometime people save it other than UTF8, or transfer in a different mode) and 2) easy management
2. Better translation
(a) official language pack
Google Translator has this special feature. You can suggest your own revision and a special team will look over it. Our official translators are very good translators and have put a lot of efforts into it. From my experience, we have a central post just to correct translation errors. We should also build a system like this - let the translator knows.
(b) modification
This system is also good for modification. You see translators are not responsible to translate modifications. This "better translation" system also helps to create a community version of translation. People can vote on it and let majority people use the best translation (each "" item).
1. ACP editing
For e107, you can edit your language file from ACP. I think this is a better way to edit file and each "" is consider one item.
The advantages are 1) preserve the data encode (as sometime people save it other than UTF8, or transfer in a different mode) and 2) easy management
2. Better translation
(a) official language pack
Google Translator has this special feature. You can suggest your own revision and a special team will look over it. Our official translators are very good translators and have put a lot of efforts into it. From my experience, we have a central post just to correct translation errors. We should also build a system like this - let the translator knows.
(b) modification
This system is also good for modification. You see translators are not responsible to translate modifications. This "better translation" system also helps to create a community version of translation. People can vote on it and let majority people use the best translation (each "" item).
Re: Package Management - was: Translations / styles
The biggest issue is that of implementing the signing process. Would it be using something like RSA, then?eviL3 wrote:I agree too.ToonArmy wrote:Agreed 100%. As far as I'm concerned a user should have full control of their package sources, prohibiting this ability is severely limiting.naderman wrote:My point of view on this: [...]
There really should be something similar to APT. MOD authors could provide their own repository for their MOD, which would allow installation of custom packages (eg. not from phpBB.com).
As to the question of cryptographically signing MODs. With any public-key cryptographic process, it is always about trust. If you trust a certain person, you can use his key to verify his signature. I've already had some thought about signing validated MODs. This would allow them to be distributed through other means than phpBB.com, but their validation status could still be verified. I'd like to see the extension/mod/whatever system of phpBB4 support this.
Might be an issue securing the voting, or at least stopping people from stuffing the ballot boxes (like you can do on phpBB.com currently).bobtheman wrote:this is a fantastic idea, the ability to d/l, install, uninstall, and update styles/plugins from the acp would be very beneficial and time saving. Then, the ability to vote on the style/plugin from within the acp would be awesome, and its bringing back unity of the community with ease.bantu wrote:An apt-like package management system where you can download and install stuff from the administration control panel etc. would be great.
Re: Package Management - was: Translations / styles
Like RSA? We aren't in the cryptography business. RSA would be the easiest to support, the OpenSSL extension provides it and there are pure PHP implementations.Desdenova wrote:The biggest issue is that of implementing the signing process. Would it be using something like RSA, then?
Not exactly the biggest problem.Desdenova wrote:Might be an issue securing the voting, or at least stopping people from stuffing the ballot boxes (like you can do on phpBB.com currently).
Re: Package Management - was: Translations / styles
I disagree, the user shouldn't have to use multiple repositories, if they did it would create more issues than its solving by decreased security, support etc etc# The user should be able to add any number of custom repositories
# The user should be able to remove the phpbb.com repository
plugin/addon developers should be required to add their creation to the repo with some form of a phpbb validation process. Then, there should be a distinct indication of what plugins are phpbb supported, phpbb maintained, and third party. On top of this, there needs to be a user interaction within the acp where we can vote on the plugins for various reasons IE version compatibility
this does not exclude anyone from using any plugin developed for phpbb, all this does is ensures consistency by requiring the developers to follow the same rules and regulations by submitting them through for validation, and it gives the admins the opportunity to vote/comment on the plugin as whole. This is fair to the developers, and consistent for the end user.
Re: Package Management - was: Translations / styles
It's pointless people will just modify the plugin interface in phpBB to support their own repositories.bobtheman wrote:I disagree, the user shouldn't have to use multiple repositories, if they did it would create more issues than its solving by decreased security, support etc etc# The user should be able to add any number of custom repositories
# The user should be able to remove the phpbb.com repository
plugin/addon developers should be required to add their creation to the repo with some form of a phpbb validation process. Then, there should be a distinct indication of what plugins are phpbb supported, phpbb maintained, and third party. On top of this, there needs to be a user interaction within the acp where we can vote on the plugins for various reasons IE version compatibility
this does not exclude anyone from using any plugin developed for phpbb, all this does is ensures consistency by requiring the developers to follow the same rules and regulations by submitting them through for validation, and it gives the admins the opportunity to vote/comment on the plugin as whole. This is fair to the developers, and consistent for the end user.
-
- Registered User
- Posts: 653
- Joined: Wed Sep 21, 2005 3:01 pm
Re: Package Management - was: Translations / styles
i do not think it's a good idea to allow removal of the "canonical" or hardcoded repos from the list. (we might, eventually, have more than one "canonical" repo, e.g. one or more sanctioned mirrors)
this view is not based on some religious ground. i just think that such a removal, if exists, is much more likely to happen as a result of user error than as an intentional action, so providing an easy way to do so is mostly creating an obstacle for someone to fall and break their leg.
if someone *really* wants to do so they always can: after all, this is GPL, and anyone can take the code and do with it whatever they want (within the license stipulations)
peace.
this view is not based on some religious ground. i just think that such a removal, if exists, is much more likely to happen as a result of user error than as an intentional action, so providing an easy way to do so is mostly creating an obstacle for someone to fall and break their leg.
if someone *really* wants to do so they always can: after all, this is GPL, and anyone can take the code and do with it whatever they want (within the license stipulations)
peace.