Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

APM / EIP 1319 #379

Closed
cgewecke opened this issue Aug 13, 2018 · 4 comments
Closed

APM / EIP 1319 #379

cgewecke opened this issue Aug 13, 2018 · 4 comments
Assignees
@izqui
Labels
research

Comments

@cgewecke
Copy link
Contributor

Hi @sohkai, (or anyone :) )

Have just opened EIP 1319 on behalf of EthPM. It defines a standard interface for contract package registries. One of the goals of work being sponsored by EthPrize over there is to build a fully decentralized registry eco-system.

Would be grateful for any feedback you have on this topic. Ideally the standard should be general enough that tooling can pull packages down from a wide variety of registry implementations. It might be good to sanity check the proposal against APM's design and see if the two can be reconciled.

EthPM is rewriting it's own reference registry here to match the standard, although that's WIP and will wait for community feedback about a standard to be finalized.

Thanks in advance for any advice or recommendations you might have.
@cgewecke
Copy link
Contributor Author

There's also active discussion at EthPM about registry models (including APM) in the EthPM gitter

@izqui
Copy link
Contributor

izqui commented Aug 17, 2018

Hi @cgewecke, thanks for dropping by! I read the conversation in the chat with @spalladino.

The main two differences right now between the spec and APM are:

  • Apart from a reference to the version payload that lives off-chain, we store a smart contract address per version pointing to the deployed contract component of the package. For upgradeability using proxies, this gives on-chain access to the 'implementation' code (as in EIP897). Only supporting one contract address per package version could be limiting and we are thinking about how to support repos that store a different data schemes on-chain.

  • In our design we decided having a separate Repo contract for each package as it fits better the architecture of aragonOS. Because each repo is a separate account, they have its own ACL entries which allows for completely independent permissions for adding new versions, even if the repos are in the same registry. Our thinking is that packages in the same registry may have different of criticality and therefore the ability to have granular permissions is important.

@cgewecke
Copy link
Contributor Author

Hi @izqui, thanks for explaining this.

In the gitter discussion at EthPM with Santiago Palladino it seems like they feel that the two registry models address quite different use cases. Is that your impression as well? The release part of the API doesn't seem like it fits what you need and this:

Only supporting one contract address per package version could be limiting and we are thinking about how to support repos that store a different data schemes on-chain

might also be a significant difference.

If you think of any EthPM changes that would be useful, or some point of intersection between the two models that can be supported, or even ways the client side tooling being built there could be helpful - please just let us know.

Thanks again.

@sohkai sohkai mentioned this issue Dec 11, 2018
Closed
@sohkai
Copy link
Contributor

sohkai commented Mar 25, 2019

Closing as aragonPM has no plans to conform to EthPM at the moment as it's already been deployed on mainnet.

@sohkai sohkai closed this as completed Mar 25, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@izqui izqui

Labels
research
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@izqui @sohkai @cgewecke