[erlang-questions] Erlang package manager
Tue Dec 16 20:12:38 CET 2014
1) It needs to be simple, allowing you to publish a package within less than 1 hour of usage. Good examples are https://hex.pm/ for elixir, https://pypi.python.org/pypi for python, https://rubygems.org/ for ruby, https://www.npmjs.com/ for node.js. Bad examples are http://search.maven.org/ for java, http://www.cpan.org/ for perl. Maven is probably the best example of what is worst, due to the process being as complex as possible and taking as long as possible. The goal of the package manager is not to earn more consulting money (I hope), i.e., consultant-ware.
2) It needs to use source code in the packages, not binaries, to make sure everything is transparent, avoiding black-box binary blobs which lack any ability to be examined easily. Past erlang package managers have had trouble here. Along with this, there needs to be signing of the package for the identity of the publisher and the integrity of the package.
3) We don't need package dictators which attempt to decide what packages are important, since that just limits the size of the community, making this less of an open source effort (unless that is the goal). You will notice the large open source communities don't need to do this.
4) It should be easy to utilize external build tools (like autoconf/automake/makefiles) in a way that is the same as things like rebar and emake due to the obvious problems doing non-Erlang builds within an Erlang package (port, NIF and port driver compilation support is unable to cover complex usage, i.e., it lacks cross-platform support and dependency checking, these shortcomings are likely to always be there, due to the effort involved in tackling them seriously). It would be good to avoid bikeshedding here and the potential for lock-in.
5) It should not require a server running locally, just basic client usage of a tool. If the package manager tool's execution lasts beyond its usage, it doesn't look as simple as it should (instead it just looks like a potential security problem). This could include leaving epmd running which has been an issue with past erlang package managers (puzzling potential users).
6) Ideally, it should be easy to create a private package index for private corporate usage of internal packages. It would be nice to keep all the programming language usage in Erlang for the sake of simplicity (there have been issues in the past with mixing Python and other programming languages into the tool) and to keep the dependencies limited. This is a great opportunity to show how Erlang can shine to provide the community with simple package management.
On 12/16/2014 03:41 AM, Bruce Yinhe wrote:
> Hi everyone,
> Industrial Erlang User Group (IEUG) has been working together with the Erlang/OTP team to investigate and create a package management system for Erlang/OTP.
> The lack of a package management system for Erlang has been discussed for a long time in the community. In essence, a straightforward package management system is believed to take Erlang programming language a step forward. Multiple tools will appear in the community. It needs to be supported by a highly visible community behind it.
> In order to increase the adoption and to result in a tool widely used in the Erlang ecosystem, we are identifying the most important user categories and use cases, based on what the majority of the community want in a package manager. Therefore we would like to invite an open discussion.
> Now you are welcome to share your thoughts, suggestions or proposals about an Erlang package manager. It would be great if you could reply with your motivation, explaining why a feature is necessary to have. There are some example questions to begin the dicussion with, including, but not limited to the following.
> * What metadata information should an Erlang package include?
> * What functionality do you need in a package manager for Erlang in order to use it in production?
> * What other concerns do you have about an Erlang package management system?
> Erlang package manager's brief wish list of features:
> * Console interface
> * Web interface
> * Package Index and Repository
> * Fetch, Install and Remove Packages
> * Publish packages
> * Versioning and Dependency Management
> We are aware of several previous efforts and existing tools that attempt to achieve the similar goal. We want to look at existing things, both from Erlang and Elixir, to see if they fit the requirements. If not, we will then have to make something new, perhaps as a rewrite of an existing tool.
> The IEUG members are putting together requirements for a package manager and will work with the community and Ericsson to create a standard and address any voids which exists in the existing tooling, funding necessary efforts required.
> Best regards
> Bruce Yinhe
> Erlang Community Manager
> Industrial Erlang User Group
> community-manager@REDACTED <mailto:community-manager@REDACTED>
> +46 72 311 43 89
> erlang-questions mailing list
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the erlang-questions