DIP11: Automatic downloading of libraries

Steven Schveighoffer schveiguy at yahoo.com
Wed Jun 15 05:57:04 PDT 2011


On Tue, 14 Jun 2011 16:26:34 -0400, Andrei Alexandrescu  
<SeeWebsiteForEmail at erdani.org> wrote:

> On 6/14/11 2:34 PM, Robert Clipsham wrote:
>> On 14/06/2011 20:07, Andrei Alexandrescu wrote:
>>> On 6/14/11 1:22 PM, Robert Clipsham wrote:
>>>> On 14/06/2011 14:53, Andrei Alexandrescu wrote:
>>>>> http://www.wikiservice.at/d/wiki.cgi?LanguageDevel/DIPs/DIP11
>>>>>
>>>>> Destroy.
>>>>>
>>>>>
>>>>> Andrei
>>>>
>>>> This doesn't seem like the right solution to the problem - the correct
>>>> solution, in my opinion, is to have a build tool/package manager  
>>>> handle
>>>> this, not the compiler.
>>>>
>>>> Problems I see:
>>>> * Remote server gets hacked, everyone using the library now
>>>> executes malicious code
>>>
>>> This liability is not different from a traditional setup.
>>
>> Perhaps, but with a proper package management tool this can be avoided
>> with sha sums etc, this can't happen with a direct get. Admittedly this
>> line of defense falls if the intermediate server is hacked.
>
> You may want to update the proposal with the appropriate security  
> artifacts.
>
> [snip]
>> I don't have a problem with automatically downloading source during a
>> first build, I do see a problem with getting the compiler to do it
>> though. I don't believe the compiler should have anything to do with
>> getting source code, unless the compiler also becomes a package manager
>> and build tool.
>
> Would you agree with the setup in which the compiler interacts during  
> compilation with an external executable, placed in the same dir as the  
> compiler, and with this spec?
>
> dget "url"

I'd rather have it be dget "includepath" module1 [module2 module3 ...]

Then use -I to specify include paths that are url forms.  Then you specify  
the possible network include paths with:

-Ihttp://path/to/source

I think this goes well with the current dmd import model.

dget would be responsible for caching and updating the cache if the remote  
file changes.

-Steve


More information about the Digitalmars-d mailing list