Created
September 18, 2015 05:08
Revisions
-
dominictarr revised this gist
Sep 18, 2015 . 1 changed file with 1 addition and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,9 +1,5 @@ Git tracks the history of changes, but in a pm we don't really care about the history, at least not when we are installing. This is the properties that I think we _do need_. * security: It must be possible to check the current deps, and know if a single bit has been flipped. * replication: It must be possible to share that hash, and someone else would do `pm checkout <hash>` -
Sep 18, 2015 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,20 @@ It must be possible to for two people to install _exactly_ the same code. Git tracks the history of changes, but in a pm we don't really care about the history, at least not when we are installing. But what we do need is to be able to install some things, and get a hash that represents the exact tree of code that we have installed. # part 1. necessary features. * security: It must be possible to check the current deps, and know if a single bit has been flipped. * replication: It must be possible to share that hash, and someone else would do `pm checkout <hash>` and get _exactly_ the same code as you. * determinism: If I install X, Y then Z, and you install Z, then X then Y, we should get the same dep tree. If those deps have deps that need to be shuffeled around, then it should do that and keep it always optimal. * portability: package management is too hard a problem to roll another one for every language. They all suck, more or less. This should be usable for any language, or things that have dependencies. * conflicts: the best thing about npm is that it allows two modules to depend on different versions of another module. This generally makes development easier. but sometimes there is a global module that there can only be one of (framework, type definition, etc) also, some languages only support singly-versioned modules. Also, sometimes you might want to resolve a flat tree to optimize file sizes. * speed. it must be fast. if an install takes too long, I get distracted.