Gossamer Composer Integration
At the end of this project, all PHP package releases distributed by Composer / Packagist will be secured by Gossamer.
Integration cannot begin until the developer tools are complete.
Project Overview
| Project Component | Status |
|---|---|
| Packagist Updates | Pending |
| Composer Plugin | Pending |
| Composer Pull Request | Pending |
Project Components
Packagist Updates
Packagist (the server-side backend that Composer talks to) will need to be updated to integrate with Gossamer.
This includes (in no particular order):
- Enhancing the GitHub integration to fetch release files (for signatures)
- Publishing new releases onto the cryptographic ledger
- Allowing developers to manage their own identities and verification keys
Status: Pending
Composer Plugin
Goal: A (relatively) simple Composer plugin that uses the Gossamer Client to ascertain if an update should be installed or not.
Status: Pending
Composer Pull Request
Once the previous phases of the Composer integration are complete, we can discuss adding the Gossamer Plugin for Composer to Composer itself.
Status: Pending
Note: This development does not need to necessarily be done by Paragon Initiative Enterprises. Interested PHP developers should feel welcome to take point on any of the components that interest them; we'll provide security review and additional support as needed.