location of package dependencies

goran.krampe at bluefish.se goran.krampe at bluefish.se
Mon Aug 4 10:28:04 UTC 2003


"Lex Spoon" <lex at cc.gatech.edu> wrote:
> Daniel Vainsencher <danielv at netvision.net.il> wrote:
> > Maybe a "mail the password back but only to
> > someone in the Squeak lists" scheme would solve the problem.
> 
> Another very simple thing to do is require an existing user to admit new
> users.  If the person can name a legitimate Squeak project they want to
> upload then they get in with no more questions.

I am adding an upload facility to SM1.1. You register an account in
SM1.1 and then can upload files when you publish a package release. The
account registration relies on bouncing the password on a valid email
address.

Perhaps we could add some kind of abuse protection. I have added a field
for entering a signature for each account. This can be used to weave a
"web of trust" somehow. Before you have received such a valid signature
your published files could be subjected to a moderator thus causing a
slight delay when publishing packages.

Just an idea. Not for SM1.1 though - 1.2 perhaps. :-)

> 
> Lex

regards, Göran



More information about the Squeak-dev mailing list