* Collecting suggestions of Guildhall
@ 2013-01-12 15:21 Nala Ginrut
2013-01-22 11:30 ` Andy Wingo
0 siblings, 1 reply; 4+ messages in thread
From: Nala Ginrut @ 2013-01-12 15:21 UTC (permalink / raw)
To: guile-devel, guile-user
Hi folks!
We'd like to start up guildhall.gnu.org, which is a guilers community
MAYBE based on savannah to let you guys share/fetch Guile packages. Just
like rubygems.org does. ;-)
Since savannah provides many VCS-systems: CVS/subversion/GNU
Arch/Mercurial/Bazaar, guilers may choose their favorite to maintain
their works, and submit the package to guildhall repository.
IMO, a guildhall package must pass these two steps:
1. Package verify policy (PVP)
The rules to verify if package is valid/invalid.
And the package info specification. Include version-convention &
name-convention.
It can be checked automatically with a certain tools.
2. Package evaluate policy (PEP)
The rules to evaluate a submitted package, we need to classify them.
Current categories are: quality/freedom/maintainability/experimental
This step has to be checked by human.
Though PEP & PVP seems alike, but they are different. If a package can't
pass PVP, it can't be classified according to PEP. PEP is used to
evaluate the quality of the package, but PVP is about the health of a
package. A valid package must be healthy, then it has the qualification
to be evaluated.
** Package security policy (PSP)
The rules to check if a package security/vulnerability, or even
malicious.
This seems a hardcore one. I've no idea about it, but it's significant
though.
Now I'm inviting all folks to share your suggestions about the rules.
You may borrow some opinions from other communities anyway.
But not limit to the rules, any related suggestions are welcome and
appreciated. ;-)
Thanks!
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Collecting suggestions of Guildhall
2013-01-12 15:21 Collecting suggestions of Guildhall Nala Ginrut
@ 2013-01-22 11:30 ` Andy Wingo
2013-01-22 15:24 ` Nala Ginrut
0 siblings, 1 reply; 4+ messages in thread
From: Andy Wingo @ 2013-01-22 11:30 UTC (permalink / raw)
To: Nala Ginrut; +Cc: guile-user, guile-devel
On Sat 12 Jan 2013 16:21, Nala Ginrut <nalaginrut@gmail.com> writes:
> We'd like to start up guildhall.gnu.org, which is a guilers community
> MAYBE based on savannah to let you guys share/fetch Guile packages. Just
> like rubygems.org does. ;-)
FWIW we do have access to a guildhall.gnu.org and are in the process of
setting it up.
> 1. Package verify policy (PVP)
> 2. Package evaluate policy (PEP)
Sounds sensible to me. Would you like to start working on software to
do this?
WDYT about this workflow: we work via the GNU bug tracker that we
already have in Guile. When someone has a new package, they mail
bug-guile@gnu.org with the information, creating a ticket.
We will have a GPG keyring for guildhall maintainers. We can rig up
some special email account, perhaps at gnu.org, to queue jobs for the
guildhall. Guildhall maintainers can then queue the addition or update
of a package via mail, verified with their key. We should also write a
web application that lists recent updates to the guildhall.
WDYT?
Andy
--
http://wingolog.org/
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Collecting suggestions of Guildhall
2013-01-22 11:30 ` Andy Wingo
@ 2013-01-22 15:24 ` Nala Ginrut
2013-01-22 15:55 ` Andy Wingo
0 siblings, 1 reply; 4+ messages in thread
From: Nala Ginrut @ 2013-01-22 15:24 UTC (permalink / raw)
To: Andy Wingo; +Cc: Guile User, guile-devel
[-- Attachment #1: Type: text/plain, Size: 2072 bytes --]
On Tue, Jan 22, 2013 at 7:30 PM, Andy Wingo <wingo@pobox.com> wrote:
> On Sat 12 Jan 2013 16:21, Nala Ginrut <nalaginrut@gmail.com> writes:
>
> > We'd like to start up guildhall.gnu.org, which is a guilers community
> > MAYBE based on savannah to let you guys share/fetch Guile packages. Just
> > like rubygems.org does. ;-)
>
> FWIW we do have access to a guildhall.gnu.org and are in the process of
> setting it up.
>
> > 1. Package verify policy (PVP)
> > 2. Package evaluate policy (PEP)
>
> Sounds sensible to me. Would you like to start working on software to
> do this?
>
>
Yes, but do we have some kind of spec standard for guildhall packages?
If answer is no, I'll do some post-work before the policy discussion.
And another related question bothered me for a long time: which is
guildhall's upstream
repo now? ijp's? or andy's?
I think ijp's repo is newer now, maybe do a merge work is better.
> WDYT about this workflow: we work via the GNU bug tracker that we
> already have in Guile. When someone has a new package, they mail
> bug-guile@gnu.org with the information, creating a ticket.
>
>
It's fine to take advantage of the bug tracker, except for 'bug' ;-P
Isn't there any other way for the transaction with GNU things?
I'll throw it into my TODO list.
(error TODO "your list is overflow!")
> We will have a GPG keyring for guildhall maintainers. We can rig up
> some special email account, perhaps at gnu.org, to queue jobs for the
> guildhall. Guildhall maintainers can then queue the addition or update
> of a package via mail, verified with their key.
Mark and me both have GNU account, is it enough? Or we'll have an extra one?
> We should also write a
> web application that lists recent updates to the guildhall.
>
>
We may write a simple one for just working, and after my Glow(Guile Lauch
on Web) done, we may write a brand new site for a whole guildhall in a Ruby
on rails like way.
God knows when it's done...but in a long term, such a thing would be
expected by any folks.
Thanks!
> WDYT?
>
> Andy
> --
> http://wingolog.org/
>
[-- Attachment #2: Type: text/html, Size: 4251 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Collecting suggestions of Guildhall
2013-01-22 15:24 ` Nala Ginrut
@ 2013-01-22 15:55 ` Andy Wingo
0 siblings, 0 replies; 4+ messages in thread
From: Andy Wingo @ 2013-01-22 15:55 UTC (permalink / raw)
To: Nala Ginrut; +Cc: Guile User, guile-devel
On Tue 22 Jan 2013 16:24, Nala Ginrut <nalaginrut@gmail.com> writes:
> Yes, but do we have some kind of spec standard for guildhall packages?
The zip bundles, no? The guild tool should create the bundles.
I had another thought. When someone submits a bundle, they should HTTP
POST it to a URL on guildhall.gnu.org. The POST will create a new URL
for the incoming package. That way review can proceed around the one
copy of the bundle, and it's a place to do automated tests on the
bundle. We can add a "guild upload" command or so to upload a new
bundle. Maybe "guild upload" can sign the bundle as well.
> And another related question bothered me for a long time: which is
> guildhall's upstream
> repo now? ijp's? or andy's?
> I think ijp's repo is newer now, maybe do a merge work is better.
Probably ijp's, dunno; surely we should get this onto Savannah though?
> We will have a GPG keyring for guildhall maintainers. We can rig up
> some special email account, perhaps at gnu.org, to queue jobs for
> the
> guildhall. Guildhall maintainers can then queue the addition or
> update
> of a package via mail, verified with their key.
>
>
> Mark and me both have GNU account, is it enough? Or we'll have an extra
> one?
Dunno, I was thinking guildhall-uploads@gnu.org or something --
something like ftpuploads (see maintain.texi).
> We should also write a
> web application that lists recent updates to the guildhall.
>
> We may write a simple one for just working, and after my Glow(Guile
> Lauch on Web) done, we may write a brand new site for a whole guildhall
> in a Ruby on rails like way.
> God knows when it's done...but in a long term, such a thing would be
> expected by any folks.
:-)
Cheers,
Andy
--
http://wingolog.org/
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-01-22 15:55 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-01-12 15:21 Collecting suggestions of Guildhall Nala Ginrut
2013-01-22 11:30 ` Andy Wingo
2013-01-22 15:24 ` Nala Ginrut
2013-01-22 15:55 ` Andy Wingo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).