I can't state how stupid this is. As if that person's bullshit's power of nuisance wasn't large enough, let's add automated echo chambers with a direct effect on the economy!
Don't be surprised if this crazy economic system can collapse any seconds with ideas like this.
> They weren't buying it for portability, like Japanese customers usually did; they were buying it because it was the cheapest way to play videogames, only a third the price of a console and with games that were half the price of console games (in many countries even less).
I don't think that's right, price is not the only concern here. It's just a different feeling, from having to start a session on the TV or being able to play around the house, in bed, etc. -- tablets did that well also, and most people are more likely to open their 3DS than start up the TV and console. That's what they attempted to match here, and, to me, it seems successful. (Note that Wii U was directed towards that goal as well, but failed).
Are people really behaving like that? Was WiiU feature of being able to play the game on controller only successful?
Or will it take the backseat when the customers notice that PS4 offers a lot more content for lower price? Especially since use of cartriges will mean that the games will be and stay more expensive than their PS4 counterparts?
Not at all: adding new packages or developers is automatically signed (by the snapshot bot). Administrators may later sign the keys and delegations, individually or in batch, after verifying the developer identity out of band (the specification doesn't yet include the mechanisms for this verification, but with a git repo based on GitHub, the GitHub login gives a good start).
Thank you for the clarification. Can I install these "not yet trusted" packages? Presumably I can, I just get a big warning. And how do you deal with squatters - can I (as the "real developer") submit a second claim on an unverified package name (that an impostor has claimed)?
Edit: And does this mean that the snapshot bot automatically merges (well-formed) pull requests for new packages?
The pull-requests for new packages are manually merged (as it the case now), automatically signed.
Names uniquely identify one package. A repository maintainer can replace the owner of a package, and clear the existing package contents. This shouldn't be done for a different package with the same name if any users still have the package installed, though, as they will consider that an up/down-grade.
That does help me a lot - thanks! The manual "pre-approval process" via accepting the PR is what I was missing, and that does seem to fix most of the shortcomings of the underlying system (assuming a reliable human!) So you have a human that looks at incoming requests to prevent abuse, and to arbitrate problems. And then the snapshot server signs that result to allow distribution over HTTP, and then periodically it gets signed by the quorum of "gods" to indicate that these packages have the full seal of approval.
I think it is pretty specific to OCaml's current workflow and volume, but signing is better than not signing!
It's indeed specific to our workflow -- allowing additions without moderation would cause all sort of problems we don't address; but not to OCaml, e.g. Homebrew uses a very similar, GitHub based workflow (which we actually drew lots of inspiration from) !
What is nice is that the moderation, if given the proper reports, e.g. Travis with lint and security checks, is very fast in the simple cases, and readily opens discussion in the others -- that's where GitHub really shines.
I mentionned GitHub, but note that we intend to also provide the tooling to host your own signed repository, indenpendently of it.
Don't be surprised if this crazy economic system can collapse any seconds with ideas like this.