't Bijstere spoor

't Bijstere spoor

A blog about Web development

Recent posts

RSS 2.0 feed
Jumping ship! From Subversion To Mercurial
CalDAV server for PHP
Published in PHP|Architect
Unicode nearing 50% of the web
A case for table-based design
SabreDAV 1.0.4 released
New open PEAR channels
javascript's escape and encodeURI vs. PHP $_POST
OS/X WebDAV and Chunked Transfer Encoding
South Korea's 'real-name verification law'
Switching from Google to Bing
Game of life with checkboxes
SabreDAV reaches 1.0
Comments are back!
Deleted all comments by accident

All posts..

Tag cloud

apache backup bing binlog caldav chiara chunked comments css design encodeuri escape finder google html http icalendar internet javascript jquery leopard life lighttpd mercurial meta metablogging mysql nginx os/x partitioning pear pearfarm pearhub percentencoding php phparch post refit sabredav search sharing snow sourcecontrol southkorea subversion table unicode upgrade urlencode utf8 webdav xml

More tags..

Enter your email address:

Delivered by FeedBurner

CNMA 08 winner!

Archive

May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
July 2008
August 2008
September 2008
October 2008
November 2008
December 2008
January 2009
February 2009
March 2009
April 2009
May 2009
June 2009
July 2009
September 2009
October 2009
November 2009
December 2009
January 2010
February 2010

New open PEAR channels

By Evert on 2010-01-08 05:44:22

For a while I've been pondering if it would be possible to build a free-for-all PEAR channel for everybody to submit their packages. I feel PHP classes kind of missed the boat here for requiring people to register to download, and well.. basically having a design that's just hard to take serious.

So since New Years, there are now 2! Yay for competition, but it's a bit sad they didn't choose to work together. I'm talking about pearfarm and pearhub.org.

Why PEAR packages?

If you publish your next opensource project as a PEAR package on a real PEAR channel, your users will be able to install PEAR packages by simply entering something like 'pear install packagename'. PEAR packages don't actually have to come from pear.php.net, but they can be hosted by any other server.

One of the benefits of getting your packages from pear.php.net, is that there is a high degree of quality control, as well as solid coding standards. I do believe though that there is a different part of the market of people who don't want to go through rigorous approval process and just want to get their stuff up for others to download. Inspired by Gemcutter; this is where pearfarm and pearhub come in.

As a bonus you'll get other fancy features PEAR provides, such as dependency management. You can easily make pear automatically download package A from author B if your package is downloaded.

What do they have in common?

Both pearfarm and pearhub are brand new, so very little packages are available. They also both seem to be a work in progress. Anybody can register for both sites and publish their packages.

Differences?

Pearfarm seems to be a more complete product, whereas Pearhub resembles the standard Pirum. Pearfarm also includes tools make it more easy to generate and upload your package and/or new releases. My biggest problem with Pearfarm is actually that it doesn't support OpenID. As a developer I'm surprised to see any code-related site being launched without OpenID support.

My pick today would be to host my packages on Pearfarm. The beauty of the PEAR system is that you don't have to choose one for downloading packages, because a package from Pearfarm can easily depend on a package from Pearhub.

Host your own

If you want to host your own pear channel, I can recommend Pirum. It's an extremely simple system that actually just generates static files. Chiara_PEAR_Server is a more complete system, but I've found it harder to customize.

5 comments | tags:
Bookmark at del.icio.us Digg New open PEAR channels Share on Facebook Post to reddit.com

Comments

Daniel O'Connor
Daniel O'Connor said on Friday, 8 January 2010 at 7:50 am CET

I'm frightened a little bit. Some people get it, but others don't.

I'm slightly afraid of typing `pear install phpbb`, and having code end up in critical places with potential security holes / perhaps breaking my pear installation.

I do value the peer review we put in with pear.php.net, and the fact it takes a bit of a clue to set up your own pear channel - if you can figure out how to do that, you are more likely to be a developer who won't trash things inadvertently.

Still, I bet this will be a great model moving forward - other frameworks just don't have this (Zend, Symphony, Cake, etc).

Evert
Evert said on Friday, 8 January 2010 at 8:00 am CET

You might be right, but don't forget about the wisdom of the crowd.

I hope these systems will get good commenting/rating systems which will help people make the right choices.

BTW: Pirum is also powering Symfony's pear channel

Greg Beaver
Greg Beaver said on Friday, 8 January 2010 at 3:46 pm CET

very nice work, I like how each project has a customized subdomain as well.

Although Pirum is nice, it is not as complete or as powerful as PEAR2_SimpleChannelServer (or scs) which is available either as a standalone app or as a plugin to Pyrus (see pear2.php.net) which is inches away from its first release. This is a PHP 5.3+ PEAR installer that is distributed in a single file, a phar archive, and has support for amazing stuff such as true package signing using OpenSSL signatures as well as automatic creation of package directory structure, automatic building of package.xml files, and the ability to create tar, tgz, tbz, zip, or phar archives in a 1-line command.

I'd also like to see a pearfarm plugin to pyrus, check the manual for how to do it at http://pear.php.net/manual/en/pyrus.plugins.php

Greg

Alan Pinstein
Alan Pinstein said on Friday, 8 January 2010 at 6:42 pm CET

Evert-

Thanks for the post on Pearfarm! I think yours is the first one.

@daniel - pear installs can't trash other installations AFAIK. I haven't actually tried to make 2 packages that send files to conflicting places to test this, but I'd hope that since PEAR *could* know which packages own which files, that it would prevent such a collision. It'd be a good thing to test, for sure. In any case, the canonical pearfarm install has each project's files in its own directory, so this shouldn't ever be a problem.

That said, the fact that it's hard to create & share a PEAR package is *not* a good thing, it makes it hard to share code, and without code sharing & easy peer review, the community progresses very slowly.

@greg - our lead server dev Scott Davis built a RESTful PEAR server from scratch. We got a lot of extra flexibility by doing this, so that we can start to do ratings and other things to help with package selection.

We didn't use pyrus as our basis since we wanted to avoid the 5.3 requirement. It would be great to have a pyrus plugin for pearfarm. The project is open-source, feel free to join the project and help us do that! The packaging code is factored out nicely, it shouldn't be terribly hard to do.

I'll also point out that pearfarm does use PKI and sign all packages. This is how we make it so easy to push packages to pearfarm from the command line. I suppose that we could expose the signatures on the website so that you could verify them on the download side. I'll have to think about the security considerations of that.

We just heard about pearhub.org today when we read this blog post. A few difference between our systems:

1. Pearfarm includes a spec for *building* packages. We don't just tarball your entire git repo. This also means that you can have your pearfarm packages include "executables". I don't see how you'd do that with pearhub.

2. Each pearfarm user gets his own channel, vs one giant shared channel. This was done for performance reasons and to eliminate the "who owns this package" problem. Also the pearfarm model allows multiple forks of a single project to all be hosted easily and conceptually in a similar way to how GitHub works.

Thanks again for the post!

Alan

Troels Knak-Nielsen
Troels Knak-Nielsen said on Sunday, 10 January 2010 at 11:48 pm CET

Great review - I think you got it summed up pretty well. Although I feel inclined to add that the reason why pearhub doesn't offer any tools is because you don't need any tools. I deliberately built pearhub so that everything can be managed from the web interface. The intention is to make things as simple as possible. Actually, once you have registered your project, you never need to visit the site again - everything runs on autopilot.

I would be interested to know the reasoning behind your preference for pearfarm over pearhub?

Other than that, Alan has contacted me over mail already, so we'll see if there is reason in combining our efforts into one site.







Solve this simple math problem to prevent bots from spamming this blog:
4 + 3 =




't Bijstere Spoor by Evert Pot is licensed under a Creative Commons Attribution-Share Alike 2.5 Canada License. | Contact | Creative Commons License