001d52015b6d053d01378934fabd48324b352d88
Projects/xq/Concepts.md
| ... | ... | @@ -10,10 +10,20 @@ |
| 10 | 10 | - Artifacts and their paths are managed by the system |
| 11 | 11 | - User can create new artifacts, but versions are determined by the upload |
| 12 | 12 | - System uses [SemVer 2.0](https://semver.org/) for artifacts |
| 13 | + - The newest artifact will be served without a version appendix, making it easy to provide stable download links for the latest version |
|
| 14 | + - Nightly/prerelease versions can also be shared as "the latest prerelease" |
|
| 13 | 15 | - Each artifact will be accompanied by a set of common hashes (md5, sha1, sha256) |
| 14 | 16 | - Upload of artifacts happens via API tokens |
| 15 | - - Each *asset token* can update exactly a single artifact |
|
| 16 | - - Each *asset token* has an associated *security token* that is used to authenticate the upload |
|
| 17 | - - *asset token* can be PUBLIC |
|
| 17 | + - Each *upload token* can update exactly a single artifact |
|
| 18 | + - Each *upload token* has an associated *security token* that is used to authenticate the upload |
|
| 19 | + - *upload token* can be PUBLIC |
|
| 18 | 20 | - *security token* must be SECRET |
| 19 | - - |
|
| 20 | 21 | \ No newline at end of file |
| 22 | + - Upload via HTTPS only, accompanied by a hash of the file for integrity verification |
|
| 23 | +- Artifacts can be accessed either publicly or can be hidden behind an *access token* |
|
| 24 | +- Artifact metadata can be queried |
|
| 25 | + - date of upload |
|
| 26 | + - hashes/checksums |
|
| 27 | + - size |
|
| 28 | +- |
|
| 29 | +- |
|
| 30 | + |