Update ethpm docs to reflect v3 changes #620
Conversation
|
Hi @njgheorghita: I see this is still a draft, but just checking in to let you know I'm aware if it and truffle PR #3247. |
njgheorghita
changed the title
njgheorghita
force-pushed
the
ethpmv2
branch
3 times, most recently
from
d6020f8 to
e5c5fd1
Compare
njgheorghita
force-pushed
the
ethpmv2
branch
2 times, most recently
from
24db2c1 to
b985614
Compare
|
|
||
| ### 1. Set your registry. | ||
| By default, your Truffle project will be connected to the default Truffle registry. Some other registries to explore include... | ||
| - `libraries.ethpm.eth`: Contains deployments of all [OpenZeppelin](https://github.com/OpenZeppelin/openzeppelin-contracts/) libraries across mainnet and all testnets available to use, so you never have to deploy a library again. |
There was a problem hiding this comment.
Should we include the actual addresses here in parens?
There was a problem hiding this comment.
The addresses of the deployed libraries on each chain? All of them? Maybe just one for an example? Maybe including etherscan links could be useful? Why do you think it'd be useful to see the addresses here?
There was a problem hiding this comment.
Can they always use the ENS names or do they need to configure it? I was just thinking in case they don't want to deal with ENS. But if it comes with ENS out of the box then I suppose it doesn't matter. Maybe these are documented somewhere and can be linked to?
There was a problem hiding this comment.
To use ens names - you only need ENS to be enabled in your truffle-config. I've included a line linking to the relevant docs.
|
|
||
| The Ethereum Package Registry currently exists on the Ropsten test network. To publish to the registry, we need to set up our own Ropsten configuration because we'll be making transactions that need to be signed. | ||
| To publish to any registry, we need to set up our configuration to make signed transactions. If you are publishing to an authorized registry, the signing address must also be authorized to cut a release on the connected registry. |
There was a problem hiding this comment.
What exactly does it mean "to be authorized to cut a release on the connected registry"?
There was a problem hiding this comment.
All ethpm registries are permissioned with a general "owner" model (except for the default registry shipping with truffle that is non-permissioned, and therefore not safe to use). Only the "owner" address is allowed to "cut a release" on a registry. Assuming an honest owner, you can trust all of the releases on their registry to be safe to use. This prevents a malicious party from publishing unsafe packages to a registry. It's a somewhat important aspect of ethpm, because it's very unsafe to interact with packages from "untrusted" registries. Lmk if that doesn't really come across in the docs, and I'll expand on it further.
|
Integrating this with the blog post work and continuing here |
WIP: These are the doc changes to reflect the changes made in upgrading ethpm from v1 -> v3.
trufflesuite/truffle#3247