If we will add support to anyone registered in the OPM website to add packages in the future, what prevents that me or anyone else fork and publish any kind of projects, even abandoned projects or 1 line of code projects, empty packages and so on?
For sure that could pose a problem.
However, and please correct me if wrong, there would also be a supervisor/admin (or other trusted member(s)) that has/have the capability of noticing such attempts and block the account.
How does this work with access to Free Pascal sources ? Am I able to apply for access ? If I am, am I then granted access to the core components right from the start ?
There would be something serious wrong, in case I could (I would create havoc there, intended or not
)
Usually in such cases you are only granted access to particular parts of the source-tree (if at all) after some form of validation process.
Of course, even then things could go wrong in case of a serious dispute between people.
If we keep thinking that GetMem will do all the job, everything is up to him finally don't you think that?
Personaly I would like to see a solution where getmem is able to deligate most if his current work, preferably in a safe manner. At least to a degree where he is able to feel comfortable.
If the website will have a package asociated with an author, that doesn't add the relationship of maintainer of the package?
The author should be the one that authored the code. Of course this doesn't necessarily mean that the author is the maintainer (although in my book it is, otherwise don't supply the package for OPM in case you are not willing to be so).
You can see that in the example of benibela's internet-tools. He is the actual author of the used code, but as far as I am able to tell he has nothing to do with the packages that is/was present in OPM.
That is a big concern because of the following reasons:
- code used for the OPM package is not available (anymore), e.g. modified source-code
- original developer isn't responsible for the state of the OPM package and in this case doesn't even has any knowledge it was part of OPM.
Despite that the package happily pointed the user to the original repo and original developer, misleading me as end-user in the process.
Let's say we start adding all packages to GetMem, as new members register they can take his projects. Finally the projects that are still owned by GetMem are the 'not maintained' by his original author at least.
Well, GetMem mentioned not wanting to go through the complete list of packages in order to determine the abandoned ones.
I understand that perfectly.
I made some small steps in going through the list and see if the source in OPM matches those of the original project repo/author and it is tedious to do so.