[erlang-questions] Coon - new tool for building Erlang packages, dependency management and deploying Erlang services
Eric des Courtis
eric.des.courtis@REDACTED
Mon Feb 12 23:55:29 CET 2018
Everyone, stop acting like a bunch of Java programmers and get back to work!
On Mon, Feb 12, 2018 at 4:58 PM, Joe Armstrong <erlang@REDACTED> wrote:
> On Mon, Feb 12, 2018 at 10:06 PM, Vlad Dumitrescu <vladdu55@REDACTED>
> wrote:
> >
> > On Mon, Feb 12, 2018 at 9:06 PM, Jesper Louis Andersen
> > <jesper.louis.andersen@REDACTED> wrote:
> >>
> >> On Mon, Feb 12, 2018 at 6:58 PM Joe Armstrong <erlang@REDACTED> wrote:
> >>>
> >>>
> >>> I have said on many occasions that code should be named by the SHA1
> >>> checksum of
> >>> the content - as far as I know this would not offend people - apart
> >>> from those who thought the name could be a tad simpler.
> >>>
> >>
> >> I might have said this before, but here goes:
> >> Using a cryptographic checksum for a package and then pointing the name
> to
> >> the checksum would have saved Node.js npm package manager a lot of
> headaches
> >> when people remove, rename or otherwise destroy packages.
> >> It also allows you to comply with legal requests with a sunset period.
> As
> >> in "I hear you, and the name will be given to you. But we give people 6
> >> months time to upgrade before we remove the old checksummed packages".
> >> I'm interested in why someone did not try this yet. Or if one tried, why
> >> it didn't work out. It seems very obvious to build a
> >> content-addressable-store for your packages.
> >
> >
> > I'm not sure I understand this completely. Using the checksum of a
> package
> > as identifier is IMHO only useful if it is used in the dependencies list
> of
> > other packages. If the deps list uses names (and people will use names
> > anyway, not checksums), then the problem remains that in case a package
> is
> > renamed and another one reuses the name, we don't know to which one a
> > reference points.
>
> The dependency list should be a list of checksums and NOT a list of
> names - this list of
> checksums has itself a checksum (the "true" name of the package).
>
> A human readable name is just an alias to a checksum - two different
> human readable names
> are the "same" if they are aliases to the same checksum.
>
> Basically files should be named by their checksums - for fairly
> obvious reasons of
> convenience tools should hide or reveal these names when necessary or
> appropriate.
>
> For a given content the checksum is unique.
>
> To handle renamings you just need a lookup table of
>
> {Name, Time, Checksum} tuples that tracks changes to the name of
> the checksum over time
>
> Should be easy (Famous last words rule applies here)
>
> Cheers
>
> /Joe
>
>
>
>
> >
> > Anyway, hex.pm has a field named "checksum" and it is that value that is
> > stored in rebar.lock. So the hash key is there, but I don't see how it is
> > useful except for tools.
> >
> > best regards,
> > Vlad
> >
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20180212/ab1a53f3/attachment.htm>
More information about the erlang-questions
mailing list