JK: Scaling issue if need to create a new binary for each vendor key. Should we have a vendor registration process? A way to authenticate keys without changing the binary. Also timestamps - on Windows at least don’t know when the timestamp gets changed.
JA: Key of a vendor may change over time. Typically keys have expiration, or need to be revoked. Should always be able to install a pack that is 10 years old.
CO: Could have someone on our side signing (trusted source) vendor keys so they can be uploaded to key servers.
DB: What about putting (pointing to) keys in pack index?
CO: If keys are in vendor infrastructure believe they need to be signed by a trusted source.
“projmgr” (issue #12)
JK: Since no longer specify secure attribute will not show in target. Will assume it’s compiling secure which will clash with non-secure source.
DB: Could have secure attribute and try to add non-secure variant. “No component found with these key words”.
MG: Is the scope C project files or include CMake?
DB: Scope is limited to a project manager tool. Does not have any connection with CMake. Specific lists are made in the build phase. Could in future make CMake list from yaml file. That would be MVP, but could support multiple projects - several layers and build order of projects.
JK: Project files are golden reference. Here we are trying to find a way to generate projects in a user friendly way.