[Bro-Dev] Package manager meta data

[Siwek, Jon]

Here’s a summary of the set of changes I plan to make related to package metadata, let me know if there’s objections or alternate ideas:

1) remove mentions of ‘version' field from bro-pkg.meta as versioning is done entirely by git tags

2) packages should now put ‘description’ and ‘tags' fields into bro-pkg.meta so they are fully self-describing

3) change "info" command to first check if package is already installed before trying to download it.  This allows metadata to be displayed when working offline.

4) new command/flag `bro-pkg refresh --aggregate-metadata <pkg source>`: crawls a package source’s index files and for each package take the master branch’s bro-pkg.meta and aggregate it into a single file, aggregate.meta, at the top-level of the package source

5) new command/flag `bro-pkg refresh --aggregate-metadata <pkg source> —push`: same as (4), but also commit/push changes to remote repo

6) change structure of package source index files:

bro-pkg.index will now contain just a simple list of package URLs:

    https://github.com/sethhall/credit-card-exposure
    https://github.com/sethhall/ssn-exposure
    https://github.com/sethhall/domain-tld

Aggregated metadata from packages in the source all lives within a single file at the top-level named “aggregate.meta”.  Only metadata from current master branches of packages is included — I don’t think it’s that useful to collect metadata for each release version and doing that even makes it harder for package authors to change the way users discover their package.
 
- Jon