Proposal 3, I like
Oh and also. This system shouldn’t be coded in java. Java is not designed for web apps, if I were writing it I’d do it in Rails, Django or Laravel, which are designed for web apps.
Tomcat is literally designed for Java Servlets.
So, one thing:
Personally I think that downloads should not contribute to reputition. Also, if there is a reputition based system, the reputition should be negative only. Something like normal reputition (nothing), a caution flag etc.
Deciding on checks based on rep is okay, as long as you don’t just wave people with good rep on. Diff based checking is okay with me, and I find the idea of checking for certain calls interesting as too.
I personally believe that community flagging for review is a must, but there should still be staff that looks over plugins, especially before they are first released.
So, thats what I think 
… wat? That’s just utter nonsense.
I was aware of Tomcat, but I still believe that a better system could be developed in a more modern framework. I am actually curious about Tomcat’s capability against rails or django. Does it have separation of concerns? Support for scalability via platforms like Heroku?
Tomcat is just a servlet container (compare to something like uwsgi or gunicorn). For frameworks, look at Play (my favourite) or Spring.
The plugin-permissions are an interesting idea.
I like the way the code is searched for “Anti-Features” or things you might want to know before installing an app in F-Droid (see the red boxes at the bottom):
I don’t want to use gemfiles with ruby gems for java. I would like to have something similar (one plugin per line, simple syntax).
XML isn’t exactly what I’d call simple for the average user.
How about YAML? e.g.
repo: "https://repo.spongepowered.org"
plugins:
coolplugin: "1.2.3"
spongenius: "3.2.1"
yamliscool: latest
@theukoctopus I don’t think we’re even ready to discuss that kind pf stuff yet
They don’t need to have finished the server itself to make a plugin repo. Sponge needs plugins on the day the first stable build launches, so they might as well start now.
That is not what I was saying. You are talking about the technicalitys of the system before there is even a decision on what it’s gonna do. Also, it’ll be down to the actual devs of the system in the end.
So here is my suggested system. All files are auto scanned for basic backdoors, should they pass the autoscan they are then available for download as a Unverified Download, A moderator team still hand reviews each submission looking even closer for any exploits. Once a moderator has reviews the submission it becomes a Verified download. The community can flag downloads if after using them they found them to have exploits which raises the submission in the moderating queue. This system allows the files to be downloaded immediately and gives the moderators time to scan the files while still letting the users download the file. I also would suggest that if a user has a reputable history of submissions they could become a Verified Developer who files are automatically Verified, maybe have the requirments be 5 Different submission (Not different versions) That have all been verified without any file being removed is eligible for the moderating team to declare a Verified Developer. This reduces the stress of reviewing the the files by allowing trusted developers to bypass the system and gives the community developers they know they can trust. I would also like to see a section were users could write actual reviews about the plugin/mod as well as a comment section.
So…apparently, I need to find something better to do with my life, but I’ve been bored all day and working on some stuff…
So, a lot of people have seen the site I have been working on for a while here. I’ve updated this to include API end points for external use, such as this. This means I’ve been able to expand it some more, and create a command line application that allows users to easily download and install plugins very similar to @redstone_sheep’s idea. I’ve created Sponge Me!, which is a command line application written in Python that parses a plugins.yml file in your server directory and downloads plugins based on the versions in that file. A quick example of how this works:
I create a server directory and use the command spongeme, which inits plugins.yml file.
I can then edit the plugins.yml file to whatever I like, say:
repo: http://sponge.jake0oo0.me
plugins:
"Death Kick": "latest"
I can now run spongeme again, and get the output:
It’s really easy to manage versions with a program like this. All you have to do is manage your plugins.yml file, and you don’t have to deal with downloading and updating plugins, which is quite time consuming, and not user friendly.
+1 from me for innovative ideas like this.
7 Likes
That’s really impressive! Is that written in rails?
1 Like
There is a source link. Seems like yes, sadly.
Sadly? ;_; What’s wrong with rails?
Not type-safe, not on the JVM (so can’t share plugin metadata code with Sponge itself).
I’m not exactly sure what you mean by type safe. I’m also not sure of what type of meta data we want to be able to get from plugins atm, but it can probably be done with background workers and such.
Proposal # 2 is nice.