[PD] some repo house cleaning

[Jonathan Wilkes]

On 06/07/2015 09:54 PM, Chris McCormick wrote:
> Hi Jonathan,
>
> Whoops, looks like more words were needed after all, heh. :)
>
> On 07/06/15 23:51, Jonathan Wilkes via Pd-list wrote:
>> I'm using github for the nw.js port atm, too.  But I see way less
>> potential for future shenanigans from a non-commercial host
>> with a long track record.
> I don't think we should just move the current setup to Github.
>
> I think that as a community it would be good to move to a less fragile
> setup than a centralized repository with centralized build farms where
> people get access to their own code revoked and one or two people have
> to be responsible for keeping the whole thing building and running. As
> we have seen, that is not sustainable.

How does what you're working on compare to apt?

I'd really prefer a decentralized repo to match or exceed the security
properties of apt.  (I know apt isn't cross-platform, I just use it as a
reference point because it seems to do things the right way.)  But apt
(at least as it functions in Debian) isn't frictionless.

Probably I'm thinking of the word "frictionless" in a different way than
you mean it.  For example, if you make the external publishing system
frictionless, you greatly decrease the cost of attack.  Someone can try
to upload an evil external, and if they fail, they can just try again later.

Additionally, you raise the value of a successful attack.  For example,
an evil external could rename your tcl procs and redirect requests for
any subsequent externals to an evil mirror.  (And even if you don't allow
writing over the tcl plugin file, those evil externals can rename the procs
on Pd startup every time the user loads one of them in a patch.)

-Jonathan