Changes in 7ced80d: Updated Concepts.md (markdown)

				Projects/xq/Concepts.md
			
          @@ -4,7 +4,7 @@

           ## Concept

          -- Provide files via static storage (filesystem)

          +- Provide artifacts (files) via static storage (filesystem)

               - Serve files via HTTP(S), Gemini, ...

               - Files are stored in reasonable paths in the file system, either via links or as physical files

           - Artifacts and their paths are managed by the system

          @@ -13,17 +13,20 @@

                   - The newest artifact will be served without a version appendix, making it easy to provide stable download links for the latest version

                   - Nightly/prerelease versions can also be shared as "the latest prerelease"

               - Each artifact will be accompanied by a set of common hashes (md5, sha1, sha256)

          +    - Artifacts are immutable, no changes after an upload

           - Upload of artifacts happens via API tokens

          -    - Each *upload token* can update exactly a single artifact

          -    - Each *upload token* has an associated *security token* that is used to authenticate the upload

          -        - *upload token* can be PUBLIC

          -        - *security token* must be SECRET

          -    - Upload via HTTPS only, accompanied by a hash of the file for integrity verification

          -- Artifacts can be accessed either publicly or can be hidden behind an *access token*

          +    - Each **upload token** can update exactly a single artifact

          +    - Each **upload token** has an associated **security token** that is used to authenticate the upload

          +        - **upload token** can be PUBLIC

          +        - **security token** must be SECRET

          +    - Upload via HTTPS only, accompanied by a hash of the file for integrity verification as well as the mime type for the artifact

          +        - If the file version is uploaded the first time, the hashes will be computed and stored

          +        - Second upload will have its hash checked and verified. On mismatch, will return a **HTTP 409 Conflict**

          +- Artifacts can be accessed either publicly or can be hidden behind an **access token**

           - Artifact metadata can be queried (same rules apply as accessing the artifact itself)

               - date of upload

               - hashes/checksums

               - size

          -- 

          -- 

          +    - mime type

          +

...	...	@@ -4,7 +4,7 @@
4	4
5	5	## Concept
6	6
7		-- Provide files via static storage (filesystem)
	7	+- Provide artifacts (files) via static storage (filesystem)
8	8	- Serve files via HTTP(S), Gemini, ...
9	9	- Files are stored in reasonable paths in the file system, either via links or as physical files
10	10	- Artifacts and their paths are managed by the system
...	...	@@ -13,17 +13,20 @@
13	13	- The newest artifact will be served without a version appendix, making it easy to provide stable download links for the latest version
14	14	- Nightly/prerelease versions can also be shared as "the latest prerelease"
15	15	- Each artifact will be accompanied by a set of common hashes (md5, sha1, sha256)
	16	+ - Artifacts are immutable, no changes after an upload
16	17	- Upload of artifacts happens via API tokens
17		- - Each upload token can update exactly a single artifact
18		- - Each upload token has an associated security token that is used to authenticate the upload
19		- - upload token can be PUBLIC
20		- - security token must be SECRET
21		- - Upload via HTTPS only, accompanied by a hash of the file for integrity verification
22		-- Artifacts can be accessed either publicly or can be hidden behind an access token
	18	+ - Each upload token can update exactly a single artifact
	19	+ - Each upload token has an associated security token that is used to authenticate the upload
	20	+ - upload token can be PUBLIC
	21	+ - security token must be SECRET
	22	+ - Upload via HTTPS only, accompanied by a hash of the file for integrity verification as well as the mime type for the artifact
	23	+ - If the file version is uploaded the first time, the hashes will be computed and stored
	24	+ - Second upload will have its hash checked and verified. On mismatch, will return a HTTP 409 Conflict
	25	+- Artifacts can be accessed either publicly or can be hidden behind an access token
23	26	- Artifact metadata can be queried (same rules apply as accessing the artifact itself)
24	27	- date of upload
25	28	- hashes/checksums
26	29	- size
27		--
28		--
	30	+ - mime type
	31	+
29	32