Open deathaxe opened 1 year ago
For this PR to work #155 and #156 should be merged before.
Got it up and running on Debian 12 with python 3.11 and PostgreSQL 15 with a little patch to gears
library.
!
@wbond Can we merge this change into Package Control? Do we require an ownership transfer first?
I would be willing to host/contribute maintenance to packagecontrol.io to get this merged.
Package Control is critical for Sublime Text package ecosystem's security.
It should therefore be hosted and administrated by trusted and well-known actors, only, especially after recently disclosed XS supply chain attack, which targeted compromizing SSH connections of widely used linux distributions.
This PR introduces required changes to support scheme 4.0.0 for Package Control 4.0
Overview
dependency
bylibrary
python_versions
keyload_order
generate_channel_v4_json
task and updategenerate_channel_v3_json
to only provide PC.Why channel_v4.json
Package Control 4.0 handles both 3.0.0 and 4.0.0 schemes well. Just requires 4.0.0 to pull dependencies/libraries for python 3.8. So its safe (and required) to publish it before this PR is published to packagecontrol.io
If we would keep going with channel_v3.json and just update its scheme version no Package Control 3.x client was able to fetch packages from official sources due to mismatching scheme version. We would end up in users needing manually update Package Control, which may cause some complains.
By providing a dummy channel_v3.json with only Package Control in it, all clients have a chance to update to 4.0 even after packagecontrol.io is updated.
In the meanwhile Package Control 4.0 can be preconfigured to pull in channel_v3.json and channel_v4.json, so it keeps going with v3 until packagecontrol.io is updated.
This should ensure a smooth transition from 3.x to 4.0.
Required changes to channel can be found at https://github.com/wbond/package_control_channel/pull/8713