Dependencies?

[Acid Bubbles]

Dealing with dependencies should be obvious. I think the easiest way to do so would be to have a dedicated way to reference other packages on the hub.

My best scenario: a nice form in which you can select the resources from a searchable field.
My bonus best scenario: Upload the depends file generated by vam to find the packages and auto-generate them in the list.
Second best scenario: A dedicated field with clickable links and a small explanation for users on how to do it.
Worst but better than now scenario: A small sentence in the resource form referencing to a convention on how to do dependencies.

 

[meshedvr]

I want this completely automated. The info is already in the meta.json and the dependency text file that gets generated.

I'm planning to add VAR file scanning to the upload system and this would allow finding the dependencies automatically, but this obviously won't work for external links without some url walking and upload of the found files to the hub. I have the owner of the existing directory looking at that since he already had code to walk into sites (mega, Patreon, etc.) and find download links. It might be possible for the hub to download and scan those files for indexing and read of meta.json file.

What I had previously talked about for auto-download in VaM was a registry system. I think this hub will now be place to officially register var files. This database would store var package UID, path to one or more downloads (including internal hub), and dependencies. But the registry system needs to extend beyond the hub as well. People mentioned some var packages (like the ones that end up in Questionable license category) could not be posted or registred on official site. So the auto-download system needs to support registries hosted outside of the hub.

 

[Acid Bubbles]

I just thought of something (probably not day one, but to think about). Right now anyone can upload a package using my name and my package, which is not dramatic but troublesome. A very simple solution to that would be to "lock" author names and package names to the respected hub user and package (i.e. a text field for each). So when someone uploads a file, if it doesn't match, the upload gets refused. That would be simple and secure, as long as you own your account and you already reserved your user name.

 

[meshedvr]

I just thought of something (probably not day one, but to think about). Right now anyone can upload a package using my name and my package, which is not dramatic but troublesome. A very simple solution to that would be to "lock" author names and package names to the respected hub user and package (i.e. a text field for each). So when someone uploads a file, if it doesn't match, the upload gets refused. That would be simple and secure, as long as you own your account and you already reserved your user name.

Yeah that is a good idea for var uploads and would be very easy check to add. But it doesn't solve it for external link or non-var content.

 

[Acid Bubbles]

For var scanning, did you want that pre-launch? Currently as we're all playing (and seeding) the site, knowing how we should deal with dependencies in the meantime would be nice ("I don't know yet" is a good answer too). Especially if we have to re-create our packages, we'll wait before creating everything

 

[meshedvr]

For var scanning, did you want that pre-launch? Currently as we're all playing (and seeding) the site, knowing how we should deal with dependencies in the meantime would be nice ("I don't know yet" is a good answer too). Especially if we have to re-create our packages, we'll wait before creating everything

You don't have to re-create your packages. They already have the dependency info in them. It is mostly a matter of getting people to upload everything to the site. We can back-scan stuff that is already uploaded. I want auto-download in 1.20, but this site will launch before 1.20 is out.

 

[MacGruber]

For external hosted content (including paid, etc.) we could have the option to upload just the generated dependency output file from VaM to generate dependency links to other resources. It probably makes sense to be able to upload more than one, at least some of my resources use multiple VAR files. E.g. I have the actual asset VAR with little or no dependency and then a demo VAR which depends on the asset but also hair, looks, etc.

 

[meshedvr]

For external hosted content (including paid, etc.) we could have the option to upload just the generated dependency output file from VaM to generate dependency links to other resources. It probably makes sense to be able to upload more than one, at least some of my resources use multiple VAR files. E.g. I have the actual asset VAR with little or no dependency and then a demo VAR which depends on the asset but also hair, looks, etc.

I think I just need option to upload the dependency txt file for external URL option. This file would be scanned and stored in database as a list of refs. When the resource page is opened, it would then see if the dependent resource is available on the hub and provide a link to it. If it isn't found, it would simply list it without a link.

 

[Acid Bubbles]

Or maybe you could just force upload.

My main thinking is that people will download from potentially untrusted sources, which can then know their IP address. By downloading through this site _only_ you can help protect users who don't know better.

Or alternatively you can limit to trusted hosts, like github and mega.nz who you know won't make your IP address available.