Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add search command support #146

Open
damon-kwok opened this issue Jul 16, 2020 · 6 comments
Open

Add search command support #146

damon-kwok opened this issue Jul 16, 2020 · 6 comments
Labels
needs discussion Needs to be discussed further

Comments

@damon-kwok
Copy link

It is similar to cargo's install command

cargo search ripgrep
corral search jylis
corral search pony-tags
@SeanTAllen
Copy link
Member

This issue isn't very helpful. It assumes that someone knows what cargo's search command does (also you seem to have copy and pasted this from another as it says similar to cargo's install command).

What does cargo's search do? How does it work? How would that translate to the pony ecosystem? Why is this needed?

@SeanTAllen SeanTAllen added enhancement New feature or request needs discussion Needs to be discussed further labels Jul 16, 2020
@rhagenson
Copy link
Member

I first searched through Carl's design, QA, and dep management docs here however I was unable to relocate the old issue thread that was started well before corral came to be so I do not know if some wisdom was in there.


Corral having a searching is potentially a much larger discussion than cargo having similar functionality. Cargo has the benefit of https://crates.io/ -- a central repository of Rust packages -- meanwhile Corral has no such repository to query. As such, I propose there are two "good" options for seeing this through:

  1. central package distribution
  2. decentralized package distribution

Central package distribution

Create a https://crates.io/ Pony equivalent.

Central package distribution has its benefits and Crates is certainly a strong example on how to do it well.

Distributed package distribution

Create a https://conda.io/ Pony equivalent.

Distributed package distribution has its benefits and Conda is certainly a strong example on how to do it well.


I think a corral search is best done in a distributed setting. I imagine Pony packages being shared in "channels" rather than a central repository.

First we need to have a discussion about how deep this would need to run for all the edges to line up without creating a mess. No matter how packages are distributed, eventually they need to be pulled down to a single location for ponyc to make sense of them.

I would love to see a distributed, multi-master ecosystem of Pony packages but this would take some rather serious conversation on how this is done. I have dreams of an almost CouchDB-style synchronization where as long as a server "speaks" the API it can be added to a network of potential package distributors to synchronize where a package is available from. This would be unlike Conda where if a package is not in any of the channels a user has set the pacakge is not found -- rather servers would forward requests in a decaying pattern so that, by only "searching" the central proxy, a user can perform a deep search of the Pony ecosystem. (Important to note that this has a huge potential for busy communication, cache invalidation, and many more problems with even one user who attempts the semantic equivalent of corral search --depth=Inf package-that-does-not-exist while the query bounces around the ecosystem.)

Package naming clashes would best be solved by the user where if the name is not unique in the network the user get a table of what is available and from what sources along with a short description of the package so a user can choose.


Last point I want to make, search is a potentially huge security hole. With a central server, if that server is compromised then security is breached. With decentralization, if there is a rouge server compromised in the network then security is breached. As well there are all the problems of phishing not matter what if a user is able to search, fetch, and install/compile a package with a similar name, but malicious source.

@SeanTAllen
Copy link
Member

re: crates.io. see https://www.main.actor/

@niclash
Copy link

niclash commented Jul 23, 2020

https://ponyhub.bali.io is a proof-of-concept of crawling and indexing Pony projects.

@SeanTAllen
Copy link
Member

The Pony committers agree that search would be a great feature to add to corral, however, the hard part of this is the service that provides the search index and ability to search it.

When someone in the Pony community provides a service to that which starts to get community traction (traction as well as existence is important), then we would look to move forward with this issue.

@damon-kwok
Copy link
Author

Awesome

@SeanTAllen SeanTAllen removed the enhancement New feature or request label Jan 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
needs discussion Needs to be discussed further
Projects
None yet
Development

No branches or pull requests

4 participants