Bob Kuszewski
Bob Kuszewski
The package manager should be unpacking a package's resources into a predictable, defined location as a default for all packages. I suggest a system as follows, but am open to...
Packages requiring specific software to be installed no the host machine should have a clear place in the Module where those dependencies can be easily described and ZPM should check...
In order to use ZPM in an unsupervised environment (CI/CD, Dockerfile) we need to provide a way to easily and reliably install packages from OUTSIDE IRIS without there being the...
The language gateways are the keys to using external languages with IRIS. Packages should have an easy way of describing that a gateway for the package should be created and...
The package will need to be able to install dependencies from third-party package managers. We can do that with running a system command today, but it'd be good to make...
It is absolutely critical that we have clear and verifiable sightlines into the source code supply chains. Software supply chain is one of the most common attack vectors for hackers....
Once we have package signing completed, we would like a method by which to distribute IRIS base functionality in ZPM packages. One piece of this is the ability to make...
Embedded Python adds another wrinkle where a package may need to add python packages into the packages' installation directory (/zpm///python, for example). It should also feed this into the rest...
ZPM, like package managers across the board, need to encourage best practices for securing the software supply chain. The https://in-toto.io/ project creates a framework for part of the puzzle and...
Enhance install to let the user name the repo the package should be installed from. As the number of repositories grows, the chances of name collision happening occurs. From a...