Just use Maven
The text below was written before Maven as SAIL content repository. Using Maven artifacts is the leading plan right now, but there is as of yet no progress on implementation.
Or make something new?
Encoding dependencies in pod
- each pod maintains a set of triples: groupId,artifactId,version
- each triple specifies a JAR used in authoring the pod
- this aligns with the Maven artifact naming scheme
- maybe another field, SHA1 sum of the JAR?
- maybe also or instead, the public key of who we want the JAR signed by?
Resolving to JARs
- we can use the Maven resolver to get the specified JAR from a repository that holds it
- if we know the checksum, we can verify that it's the right pod
- complication: valid replacements for specific JAR. we can't use the hash. JAR signing instead? replacement must be signed by same as original?
Launching curnit
- at launch time, read the dependencies for each pod
- create a map of named JAR to access URL
- generate a JNLP component-desc for the pod, including a URL for each JAR required
- launch a JNLP application-desc referencing each component-desc