Package repository collection

[shirok]

I've been postponing this for years: One-stop site to discover and obtain Gauche packages.

One of the reasons of reluctance is to maintain user registrations. If you allow anyone to edit package information, it can easily cause security vulnerabilities. It is a big issue once the tool start pulling dependencies automatically, for you won't check every depended packages.

However, nowadays, we can assume package's repository is public in one of well-known sites (e.g. GitHub or GitLab, or even GNU Savannah). So we can simply use the public repository URL as package identification. Then we can take metadata from its package.scm. The responsibility of repositofy integrity is managed by the hosting site.