Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revisit the design of legacy packages #338

Open
zkat opened this issue Dec 10, 2019 · 2 comments
Open

Revisit the design of legacy packages #338

zkat opened this issue Dec 10, 2019 · 2 comments

Comments

@zkat
Copy link
Contributor

zkat commented Dec 10, 2019

No description provided.

@chrisdickinson
Copy link
Collaborator

From ITA conversation: legacy namespace is too restrictive: there are many registries that speak the npm protocol, and we want to support those. @zkat recommended using an npm:registry.npmjs.org/lodash-style specifier (I'm probably getting the specifics wrong), this would allow for packages from arbitrary npm-style registries instead of the single "legacy" namespace.

Separate item from Rebecca: should legacy packages be synced between Entropics or pulled fresh each time? Right now the server can verify & advertise the fact that a particular package was signed, but clients must trust that server not to have done anything untowards when translating the package into Entropic format. Counterpoint: if the originating registry goes away, we must fall back on trusting the pre-translated package.

@zkat
Copy link
Contributor Author

zkat commented Dec 10, 2019

@zkat recommended using an npm:registry.npmjs.org/lodash-style specifier

This is exactly what I meant 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zkat @chrisdickinson