Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Jan 24 2017 10:55
    n1313 commented #3
  • Jan 24 2017 10:43
    chances edited #2
  • Jan 24 2017 10:29
    chances edited #2
  • Jan 24 2017 09:45
    chances edited #3
  • Jan 24 2017 09:21
    chances edited #2
  • Jan 24 2017 09:19
    chances edited #2
  • Jan 24 2017 09:14
    chances edited #2
  • Jan 24 2017 09:13
    n1313 commented #2
  • Jan 24 2017 09:12
    n1313 commented #2
  • Jan 24 2017 09:12
    chances edited #2
  • Jan 24 2017 09:08
    chances edited #2
  • Jan 24 2017 09:02
    chances edited #2
  • Jan 24 2017 09:00
    n1313 commented #2
  • Jan 24 2017 08:59
    chances edited #2
  • Jan 24 2017 08:57
    chances commented #2
  • Jan 24 2017 08:56
    chances edited #2
  • Jan 24 2017 08:55
    chances edited #2
  • Jan 24 2017 08:53
    n1313 commented #2
  • Jan 24 2017 08:52
    n1313 commented #2
  • Jan 24 2017 08:45
    n1313 commented #2
Ian Paschal
@ianpaschal
citybound is already except from any liability in the license its using
mod authors can do the same with short simple licenses like MIT
"use at own risk"
I think the big issue would be city downloads.
Sure, I'm a responsible guy and I have a good "sketchy" radar when it comes to downloading things from the Internet.
But if I decide to download a cool looking city someone else has created which has a virus mod in it and it auto downloads mods that are actually malicious that's pretty shit.
I'm not really concerned with CB's liability (for the above reason), but that is a pretty crummy user experience. If you can even call it that.
Anselm Eickhoff
@aeickhoff
I didn't mean liability, that's indeed covered by the license, but an actual UI warning, making the user aware
Ian Paschal
@ianpaschal
Yeah. But it's tough to say "Ok, I'm aware, so what, I need to manually check through every dependency of this city download?"
I think there needs to be a human vetting process for mods before they hit the store.
Chance Snow
@chances
Also, regarding @aeickhoff 's point of manual review. What of the case of closed source mods? Would the mod be stamped with an "unconfirmed security" sticker? How thorough would the manual reviews need to be?
Ian Paschal
@ianpaschal
Are there closed source?
Chance Snow
@chances
Or do you just want to stick with a "Use at your own risk" for everything?
Ian Paschal
@ianpaschal
I don't think there are closed source mods.
Maybe @aeickhoff can confirm though.
Anselm Eickhoff
@aeickhoff
No closed source mods! That is already enforced by the current license and will also be enforced by future licenses
Ian Paschal
@ianpaschal
As I thought. Also I have a sort of side remark: until there is a mod-api and webstore is being built, it's super confusing to have these 2 chatrooms. I can't remember what was said where.
I would wait until we have a complete idea of "how mods work" before trying to design a modstore around it.
Anselm Eickhoff
@aeickhoff
I naively thought that most design of the modstore is quite independent of how mods work, but the discussion seems to come back to that repeatedly, so probably a good idea to get clarity on that first
Yury Shevchenko
@n1313
actually, after you said that there will be no in-game UI for mods search/listing, as long as we decide what kind of a "consumable" the modstore is supposed to export, the rest is irrelevant
if the modstore is supposed to take in a repo url and export a compiled archive, then the rest doesn't really matter
Anselm Eickhoff
@aeickhoff
exactly, the only addition would be manual upload/submission of mods that don't make sense in a repo (texture packs and so on)
Ian Paschal
@ianpaschal
Right. It's just that most of the basic requirements for designing the store (what form do mods take, where are they stored, how are they added to game, how are identified, etc.) are not known yet.
Like if you are a designer and a client comes in and you ask them, "So, what are your requirements?" and they say, "I don't know yet." it's easy to talk about that instead of the product you were planning to design.
Chance Snow
@chances
Exactly
Ian Paschal
@ianpaschal
Anyway I'll survive either way but I think maybe it's worth keeping the discussion to the mod api for right now and treating the modstore as an "issue" which can be fleshed out once the other parts of the puzzle are defined.
Anselm Eickhoff
@aeickhoff
fair enough!
Yury Shevchenko
@n1313
so far it looks like the plan is this: 1. a mod author registers a mod and submits a link to the git repo, 2. a reviewer reviews the repo and approves the mod, 3. the modstore pulls the repo, compiles the mod and publishes the compiled mod, 4. the mod becomes searchable on the modstore webfront, 5. a player downloads the compiled mod and here's where the responsibilities of the modstore end
I'm worried about the p.2 and p.3
the rest looks more or less doable
Ian Paschal
@ianpaschal
Maybe I've horribly missed part of the conversation but 2 and 3 seem quite unnecessary. You'll have to build an alternative system for uploading non-code mods anyway so trying to build from a repo feels silly.
If it's code, use github to work on the source code, and when a build is ready, have the project owner/author upload the binary, including a link back to the repo for code review or for people to get involved in contributing to the mod.
that way github remains a development tool and you're not building two different systems for the mod-store
Yury Shevchenko
@n1313
where's the guarantee that the binary contains the source code you've reviewed?
Anselm Eickhoff
@aeickhoff
I also think there should be a (trusted & cross-platform) build service and that source code is submitted
it's needed simply for getting cross-platform compatible mods from a modder who has only access to one platform
Ian Paschal
@ianpaschal
Good point @n1313. But I would still root for a mod packaging utilty that apart from handling all the metadata and stuff, can produce a checksum that can verify that a binary is what it says it is.
That way I can fork the repo, try compiling the mod myself, after inspecting the code, and see if it matches up with what was uploaded to the modstore
I'm getting out of my league here because I'm a game dev and artist, not a cyber security expert. But I think that trying to build directly from github feels very clunky, especially since a different upload method is needed anyway for other mods.
Yury Shevchenko
@n1313
hopefully, eventually we will arrive at a "casual-gamer-ready" point for the game, so that one could just play the game without concerning themselves with "this mod could potentially nuke your pc so you should pull it and build from sources just to be sure" :)
Ian Paschal
@ianpaschal
well i have to say i do have a hard time imagining a use case for binary mods
it seems like even complex things like simulation could be a json or xml file of tweaked or new variables.
If you really really want to completely alter the way the game works then you're not really making a mod, right, then you should be contributing to the game itself. That's the whole point of having the source availible.
Yury Shevchenko
@n1313
I have very limited experience with modding, but as far as I know, the most common approach is to have mods utilize predefined "expansion points" in the game, basically API endpoints. like adding a new actor with properties from a predefined list and behavioral parameters that get plugged into a predefined "ai"
Ian Paschal
@ianpaschal
exactly
Yury Shevchenko
@n1313
this makes the game infinitely expandable in a very narrow area
developers have control over the quality of their code and safety of the user, modders have as much freedom as developers allow
Ian Paschal
@ianpaschal
yup. and if you want to broaden that area, i'd go to the souce code of the game, fork, and make a "world-war" branch that totally changes the gameplay and adds 100 new units. that can be reviewed and improved by the community and if it reaches maturity, it can be merged into the game as a n optional/toggleable simulation element
Yury Shevchenko
@n1313
that's right
Ofek Azulay
@OfekA
Hey, has anyone started a project yet? I've started building a base for a seperated server (Node.js, REST API, auth and testing, loopback as framework) and client (SPA as consuming the API, Vue.js as framework) and wondered how I should continue, should I pull request to the main repository?