DIP11: Automatic downloading of libraries
Daniel Gibson
metalcaedes at gmail.com
Tue Jun 14 07:35:54 PDT 2011
Am 14.06.2011 16:09, schrieb Vladimir Panteleev:
> On Tue, 14 Jun 2011 16:53:16 +0300, Andrei Alexandrescu
> <SeeWebsiteForEmail at erdani.org> wrote:
>
>> http://www.wikiservice.at/d/wiki.cgi?LanguageDevel/DIPs/DIP11
>
> Why this is a bad idea:
> 1) It hard-codes URLs in source code. Projects often move to other
> code-hosting services. PHP, Python, Perl, not sure about Ruby all have a
> central website which stores package metadata.
> 2) It requires that the raw source code be available via HTTP. Not all
> code hosting services allow this. GitHub will redirect all HTTP requests
> to HTTPS.
It should support HTTPS anyway, to prevent DNS spoofing attacks and such
(i.e. most attacks that don't need your own machine to be compromised).
But maybe additional support for signing the code would be even better,
to be able to detect compromised code on the server.
> 3) It only solves the problem for D modules, but not any other possible
> dependencies.
>
> I understand that this is a very urgent problem, but my opinion is that
> this half-arsed solution will only delay implementing and cause
> migration problems to a real solution, which should be able to handle
> svn/hg/git checkout, proper packages with custom build scripts,
> versioning, miscellaneous dependencies, publishing, etc.
>
I personally think that a standard build tool that does this (and
possibly also ships with DMD) would be better than support directly in
the language.
Especially the case that the projects website changes could be handled
more easily by adjusting the URL in a config file instead of changing
your code.
Cheers,
- Daniel
More information about the Digitalmars-d
mailing list