CPAN6 Mark Overmeer & Sam Vilain YAPC::EU 2006, Aug 31 Birmingham UK

CPAN6

Mark Overmeer & Sam VilainYAPC::EU 2006, Aug 31 Birmingham UK

CPAN is..

“CPAN is the best thingthat ever happened

to Perl”

CPAN is..


to Perl”

CPAN is..


to Perl5”

CPAN is...

Just over 10 years youngyounger than Perl5 WWW UNIX

CPAN is...

Just over 10 years youngyounger than Perl5 WWW UNIX

Just over 10 years olddeveloped before break-through of XML/SOAP/WSDL CVS/SVN/SVK/GIT spam, viruses unicode

...concerns...

10k modules, a lot is bad quality orpoorly maintained

3500 authors, who is who?

who is making the rules of CPAN?

...concerns...

10k modules, a lot is bad quality orpoorly maintained

3500 authors, who is who?

who is making the rules of CPAN? GBD#2

What will happen when infected code is detected on CPAN? Will Perl lose itsbest thing?

...future...

Where will we store Perl6 modules pir, pbc, pil, pod,… modules

name-space battles! parTcl? Brainf*ck?

...future...

Where will we store Perl6 modules pir, pbc, pil, pod,… modules

name-space battles! parTcl? Brainf*ck?

Can we improve security = trust professionalism = regulation/deregulation deployment = less content independent platform integration = YaST, apt, ... capacity = name-space

management

Releases ≠ Revisions

Revisions a logical sequence of development steps of a file each step may solve some bugs each step extends the code and documentation steps are created by a single person

Releases are created to be distributed a defined `frozen' state of the software

(some combination of file versions) published by someone who is responsible

CPAN ≠ YA VCS

CPAN is a collection of releases distributing information name-spaces and trust searching in the collection

Version Control Systems manage (related) (development) revisions of files collecting pieces of information traceable changes tracing and solving bugs

Needs

improved security: alternatives to Pause-ID

Needs


professional approach: described rules, especially how to resolve disputes/problems.

Needs



extended deployment: support for other programming languages (and other data)

Needs




platform integration: environment friendly

Needs




platform integration: environment friendly

capacity growth: more name-spaces

NO QUICK FIX!but a good alternative

Split CPAN

CPAN6: idea of having a collection of releases,

combined into archives

uploading releases downloading releases

distributing the archives like mirrors combining archives like ftp sites filtering archives sub-sets

CPAN6 is the DISTRIBUTION

Split CPAN

CPAN6 is the distribution Pause6:

one archiveis one name-spaceis set of releases (with some relation)

a group of releases relate to a project(name) projects are allocated to authors authors have an defined identity an archive has well-defined rules

Pause6 is ADMINISTRATION

Split CPAN

CPAN6 is the distribution (network) Pause6 is the administration (archives) CPAN6.pm

installs Perl5, Perl6 etc distributions blends into the platform collects meta-data to publish releases programming language specific component

CPAN6.pm for INSTALLATION

Split CPAN

CPAN6 is the distribution Pause6 is the administration CPAN6.pm installs releases locally

Of courseperl -MCPAN6 'install Test::More'

will work!

CPAN

CPAN6 concept

CPAN6 structure

One system can host multiple archives, as commissioner and/or deployer; combined in one service (daemon)

Multiple repositories are combined into a store

Stores (data) are not protected, and can therefore be kept on other systems than the related daemons.

Pause6 Implementation

Pause6 implementation

Allocates the name-space project names are taken by a few authors entrusting board members limits to project names and version labels

Pause6 implementation

Allocates the name-space project names are taken by a few authors entrusting board members limits to project names and version labels

User identities PKI based signing publisher, authors, board, processes proof right

to make changes with signatures. keeps track on trust

Pause6 projects

Release has project-name, version and state Each state change requires signatures

The release states are uploading, initiated by publisher published, distributable to deployers embargo, download blocked released, by the authors deprecated, by the authors expired, by the authors rejected, by the board/authors installed, by the end-user

Pause6 projects

Projects are sets of releases

Each release is a set of files

The archive collects per release checksums of each file (SHA-256 or better) location of each file in the store state of the release user provided meta-data, like description for

searching transport traces etc

Pause6 projects

Any set of files can be a release of a project, not only Perl5 tar-ball distributions.

Other “project” types are:

Pause6 projects


Other “project” types are: constitution user and daemon identities archive references license description ...

Pause6 projects


Other “project” types are: constitution user and daemon identities archive references license description, etc

therefore everything follows same release protocol one transport implementation covers all aspects

Release trails

Release trails

CPAN6 archives

Hierarchy

Scribes can be configured to create archive hierarchies, for example: global cpan-perl5 business level sub-set department sub-set system local personal installed personal development

CPAN6 service daemon

Manage a set of archives as commissioner as deployer trigger scribe processes local or remote stores

Configuration an archive with archive-references archive board are the system administrators

CPAN6 Scribes

Copy published releases from commissioner to deployers

Copy releases between archives, allowing selection rules, like “only last”, “license

GPL” auditing, content checks trust calculation, signature checks transport protocol conversions

Used to build virtual hierarchies of archives

Example: project

perl -MCPAN6 'install DBD::Oracle'

is something like

LOC=$(pause6 project get http://cpan.org?project=DBD::Oracle)cd $LOCtar xzf *.tar.gzperl Makefile.PLmake test install

Example: project

pause6 initpause6 archive use http://cpan6.net/perl5pause6 archive use http://pause-id.cpan.org as pauseidpause6 identity default pauseid/MARKOV

pause6 archive create ~/perl/devel as myperl

pause6 project create perl5/DBD::Oraclemkdir ~/perl/dbd-oracle; cd $_vi <anything>make dist

pause6 release create DBD::Oracle 0.01 as orapause6 release add ora DBD-Oracle-0.01.tar.gzpause6 release edit orapause6 release publish ora to perl5 # or myperl

DIR=$(pause6 release get perl5/DBD::Oracle)

Syntax subject to change

Example: service CPANTS

pause6 archive create http://archives.cpan6.net/cpants

# Triggered daily by cronpause6 archive query perl5 -c name,version release=last \| while read NAME VERSION do LOC=$(pause6 release get “pause6/$NAME;$VERSION”) Q=$(calculate_kwalitee $LOC)

pause6 project create cpants/$NAME 2>/dev/null pause6 release create $NAME $VERSION as new pause6 release add new $Q pause6 release publish new to cpants done

Status

CPAN6/Pause6 global design document

CPAN6 design and implementation doc

Pause6 design and implementation doc

platform integrated install tools

Needed...

... discussion and attention

extensions to the design, use-cases

contacts with other potential user groups

signing, licensing, trust algorithms

funding to create base implementation

Plans...

implement local archives (daemon-less) implement network archives (daemon) implement scribes (cron tasks)

Plans...


create CPAN mirror in CPAN6/Pause6 create CPAN6.pm, based on CPAN.pm

Plans...


create CPAN mirror in CPAN6/Pause6 create CPAN6.pm, based on CPAN.pm

start pir, pasm, partcl,... archives start javascript, python, php, ... archives create ftp-server wrappers (get public)

Documents

CPAN6 Mark Overmeer & Sam Vilain YAPC::EU 2006, Aug 31 Birmingham UK