-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathTODO.txt
More file actions
23 lines (21 loc) · 1.31 KB
/
TODO.txt
File metadata and controls
23 lines (21 loc) · 1.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Optional command line argument for download behavior:
-manifest=(local|remote) where local is the default value.
This would allow manifest files to be checked on the cloud side
but then never downloaded locally. During each run, the cloud version
would be considered canonical.
Allow packages to be signed. In other words, allow a non-interactive
GPG agent to sign the contents of a package and to add that signature
to...the manifest? (e.g. inline signatures). As long as a signature
cannot be forged, then it can safely live anywhere. This specifically
is for things such as "locally installed" packages that are end-user
accessible, e.g. local downloads for APIs and data.
Consider using a package pool to separate archives from the manifest.
the theoretical advantage of this is that you can now separate
the location of the archive and upload multiple manifests which
all point to the same archive. The archive itself would be named
using a hash for the contents to prevent any collisions. Further,
if the archive already exists remotely, it would skip the need to
re-upload it. The biggest potential advantage, again, comes from
the concept of putting simple manifest files in various directories
to have things like package aliases all while maintaining a single
location for the archive files.