Thank you everyone for contributing to this discussion. Let’s please continue to engage in discussion of this topic, but enough time has passed for Radicle members to contribute, that I think I can summarize and conclude the discussion so far.
For me, the goal of this discussion was to wrap up my research into the parts 2 and 3 of Milestone 1 for this research grant. With the contributions to this thread, I think I can do that.
Here are my takeaways from this discussion:
- A package is defined here as any arbitrary binary file.
- The best place to store packages is in the Radicle repository. This keeps the security model simple.
- This scheme is problematic if the package is very large (100 MB or larger).
- If there is no supply chain (i.e. no package storage and delivery, since users are retrieving it directly from the repository) a checksum is optional. But should a checksum be used, that can also be stored in the Radicle repository.
- There is no consensus on how Radicle should decouple large packages from the repositories.
- It’s unclear if Collaborative Objects can provide a solution to decoupling packages from repositories or for tracking checksums of packages.