Package Management - was: Translations / styles

General discussion of development ideas and the approaches taken in the 3.x branch of phpBB. The current feature release of phpBB 3 is 3.3/Proteus.
Forum rules
Please do not post support questions regarding installing, updating, or upgrading phpBB 3.3.x. If you need support for phpBB 3.3.x please visit the 3.3.x Support Forum on phpbb.com.

If you have questions regarding writing extensions please post in Extension Writers Discussion to receive proper guidance from our staff and community.
Desdenova
Registered User
Posts: 13
Joined: Wed Jul 22, 2009 6:45 pm

Re: Package Management - was: Translations / styles

Post by Desdenova »

If additional repositories were to be developed, wouldn't this require defining a specific API format for cross-compatibility? Or, would a repository system be distributed/made available for use instead?

code reader
Registered User
Posts: 653
Joined: Wed Sep 21, 2005 3:01 pm

Re: Package Management - was: Translations / styles

Post by code reader »

Desdenova wrote:....this require defining a specific API format for cross-compatibility? Or, would a repository system be distributed/made available for use instead?
probably both, but maybe "api" sounds a bit more frightening that what's really needed.
as i see it, a well defined directory structure, and one file with fixed name and a well defined structure (maybe xml with known schema, but maybe something simpler) that describe the content of the repo should probably suffice.

the package-management potion of the ACP would go to all user-defined repos (in addition to hardcoded repos such as the canonical one at phpbb.com) and pull the repo-content" file from each, merge them (many entries might be present in multiple repos, no need to present to the user more than one, but you want to remember all possible sources for each package) and present the distilled combination to the user in a friendly, browsable and searchable form.
selecting a specific package for installation would automatically and recursively select all its not-yet-installed dependencies.

after pressing "fetch" all packages should be pulled, in case of pull failure an alternative source should be tried, and unless *all* selected packages and dependencies are successfully pulled, the "install" option is not enabled.
"successfully pulled" means more than successful ftp: the packages themselves are verifiable, and optionally also signed.
same goes for the metadata file, of course.

the same or similar system should be used for styles and translations, although the "installation" part may be different.

in short: do something similar to what RPM or dpkg or apt-get do.

once there is consensus about desired functionality, hammering down the specs should not be that difficult, although it may be a good idea to create this spec in the form of RFC and refine it based on feedback.

peace.

igorw
Registered User
Posts: 500
Joined: Thu Jan 04, 2007 11:47 pm

Re: Package Management - was: Translations / styles

Post by igorw »

ToonArmy wrote:
naderman wrote:My point of view on this: [...]
Agreed 100%. As far as I'm concerned a user should have full control of their package sources, prohibiting this ability is severely limiting.
I agree too.

There really should be something similar to APT. MOD authors could provide their own repository for their MOD, which would allow installation of custom packages (eg. not from phpBB.com).

As to the question of cryptographically signing MODs. With any public-key cryptographic process, it is always about trust. If you trust a certain person, you can use his key to verify his signature. I've already had some thought about signing validated MODs. This would allow them to be distributed through other means than phpBB.com, but their validation status could still be verified. I'd like to see the extension/mod/whatever system of phpBB4 support this.

bobtheman
Registered User
Posts: 63
Joined: Sat Dec 19, 2009 4:00 pm

Re: [End user][Admin] Translations / styles

Post by bobtheman »

bantu wrote:An apt-like package management system where you can download and install stuff from the administration control panel etc. would be great.
this is a fantastic idea, the ability to d/l, install, uninstall, and update styles/plugins from the acp would be very beneficial and time saving. Then, the ability to vote on the style/plugin from within the acp would be awesome, and its bringing back unity of the community with ease.

jwxie
Registered User
Posts: 57
Joined: Mon Jan 23, 2006 3:38 am

Re: Package Management - was: Translations / styles

Post by jwxie »

For translation, I like how those Ubuntu and e107 works.

1. ACP editing
For e107, you can edit your language file from ACP. I think this is a better way to edit file and each "" is consider one item.

The advantages are 1) preserve the data encode (as sometime people save it other than UTF8, or transfer in a different mode) and 2) easy management

2. Better translation
(a) official language pack
Google Translator has this special feature. You can suggest your own revision and a special team will look over it. Our official translators are very good translators and have put a lot of efforts into it. From my experience, we have a central post just to correct translation errors. We should also build a system like this - let the translator knows.

(b) modification
This system is also good for modification. You see translators are not responsible to translate modifications. This "better translation" system also helps to create a community version of translation. People can vote on it and let majority people use the best translation (each "" item).

Desdenova
Registered User
Posts: 13
Joined: Wed Jul 22, 2009 6:45 pm

Re: Package Management - was: Translations / styles

Post by Desdenova »

eviL3 wrote:
ToonArmy wrote:
naderman wrote:My point of view on this: [...]
Agreed 100%. As far as I'm concerned a user should have full control of their package sources, prohibiting this ability is severely limiting.
I agree too.

There really should be something similar to APT. MOD authors could provide their own repository for their MOD, which would allow installation of custom packages (eg. not from phpBB.com).

As to the question of cryptographically signing MODs. With any public-key cryptographic process, it is always about trust. If you trust a certain person, you can use his key to verify his signature. I've already had some thought about signing validated MODs. This would allow them to be distributed through other means than phpBB.com, but their validation status could still be verified. I'd like to see the extension/mod/whatever system of phpBB4 support this.
The biggest issue is that of implementing the signing process. Would it be using something like RSA, then?
bobtheman wrote:
bantu wrote:An apt-like package management system where you can download and install stuff from the administration control panel etc. would be great.
this is a fantastic idea, the ability to d/l, install, uninstall, and update styles/plugins from the acp would be very beneficial and time saving. Then, the ability to vote on the style/plugin from within the acp would be awesome, and its bringing back unity of the community with ease.
Might be an issue securing the voting, or at least stopping people from stuffing the ballot boxes (like you can do on phpBB.com currently).

ToonArmy
Registered User
Posts: 335
Joined: Fri Mar 26, 2004 7:31 pm
Location: Bristol, UK
Contact:

Re: Package Management - was: Translations / styles

Post by ToonArmy »

Desdenova wrote:The biggest issue is that of implementing the signing process. Would it be using something like RSA, then?
Like RSA? We aren't in the cryptography business. RSA would be the easiest to support, the OpenSSL extension provides it and there are pure PHP implementations.
Desdenova wrote:Might be an issue securing the voting, or at least stopping people from stuffing the ballot boxes (like you can do on phpBB.com currently).
Not exactly the biggest problem. ;)
Chris SmithBlogXMOOhlohArea51WikiNo support via PM/IM
Image

bobtheman
Registered User
Posts: 63
Joined: Sat Dec 19, 2009 4:00 pm

Re: Package Management - was: Translations / styles

Post by bobtheman »

# The user should be able to add any number of custom repositories
# The user should be able to remove the phpbb.com repository
I disagree, the user shouldn't have to use multiple repositories, if they did it would create more issues than its solving by decreased security, support etc etc

plugin/addon developers should be required to add their creation to the repo with some form of a phpbb validation process. Then, there should be a distinct indication of what plugins are phpbb supported, phpbb maintained, and third party. On top of this, there needs to be a user interaction within the acp where we can vote on the plugins for various reasons IE version compatibility

this does not exclude anyone from using any plugin developed for phpbb, all this does is ensures consistency by requiring the developers to follow the same rules and regulations by submitting them through for validation, and it gives the admins the opportunity to vote/comment on the plugin as whole. This is fair to the developers, and consistent for the end user.

ToonArmy
Registered User
Posts: 335
Joined: Fri Mar 26, 2004 7:31 pm
Location: Bristol, UK
Contact:

Re: Package Management - was: Translations / styles

Post by ToonArmy »

bobtheman wrote:
# The user should be able to add any number of custom repositories
# The user should be able to remove the phpbb.com repository
I disagree, the user shouldn't have to use multiple repositories, if they did it would create more issues than its solving by decreased security, support etc etc

plugin/addon developers should be required to add their creation to the repo with some form of a phpbb validation process. Then, there should be a distinct indication of what plugins are phpbb supported, phpbb maintained, and third party. On top of this, there needs to be a user interaction within the acp where we can vote on the plugins for various reasons IE version compatibility

this does not exclude anyone from using any plugin developed for phpbb, all this does is ensures consistency by requiring the developers to follow the same rules and regulations by submitting them through for validation, and it gives the admins the opportunity to vote/comment on the plugin as whole. This is fair to the developers, and consistent for the end user.
It's pointless people will just modify the plugin interface in phpBB to support their own repositories.
Chris SmithBlogXMOOhlohArea51WikiNo support via PM/IM
Image

code reader
Registered User
Posts: 653
Joined: Wed Sep 21, 2005 3:01 pm

Re: Package Management - was: Translations / styles

Post by code reader »

i do not think it's a good idea to allow removal of the "canonical" or hardcoded repos from the list. (we might, eventually, have more than one "canonical" repo, e.g. one or more sanctioned mirrors)


this view is not based on some religious ground. i just think that such a removal, if exists, is much more likely to happen as a result of user error than as an intentional action, so providing an easy way to do so is mostly creating an obstacle for someone to fall and break their leg.
if someone *really* wants to do so they always can: after all, this is GPL, and anyone can take the code and do with it whatever they want (within the license stipulations)

peace.

Post Reply