World: r3wp

Not much point I guess

Not yet, but that is planned. It's even mentioned in the design wiki.

are modules signed?

Cryptographic signing is also planned, as also mentioned in the wiki. 
Both will work in a similar way to the compression and checksum, 
respectively.

sha256 ?

We plan to do encryption and signing. We aren't far enough along 
in the plan to know how we will do these.

The checksum is CHECKSUM/secure, whatever algorithm that is.

Checksum/secure is SHA-1

In theory, you could generate R3 scripts using R2 and still have 
most of the same features. Loading them would be trickier though.

SAVE is pretty straightforward and doesn't use any R3-specific features.

Is the cryptography being rehashed from R2 ?

Rehashed :) No, we're using the old hashes :)

It would be good if certificate use could be more easily enabled

I can't say if that will be the case with the encryption or signing 
though.

Certificate use is something R3 doesn't do well yet, afaik (which 
isn't far). We will likely have to do a lot of infrastructure work 
before we can do encryption or signing.

Nonetheless, this is something we want (need?) to do, so the crypto 
infrastructure work will need to be done.

I forgot to mention the LOAD and SAVE option changes in alpha 108. 
Perhaps later after I sleep, if their HELP is insufficient.

Most user code for R3 will be written in 'scripts', not 'modules'.

Lets hope that this prediction will turn out to be wrong.

Thanks for the summary, Brian.

Need to find some time to play with it first, but it sounds like 
"private" modules and/or IMPORT/no-lib/no-user will be most useful.

The charts will help. I didn't have a problem with /isolate and /only 
as names. The new ones sound rather clunky at first glance, but I 
may grow to like them. Most important, I think, are small examples 
demonstrating why we have the various options. I hope the charts 
are the first step on that path.

Thanks Brian!

The new option names are a good choice because all of the /no-* options 
are a way of breaking modules that otherwise depend on acting the 
way that they were written. The whole group of them needs a warning 
label.

Andreas, for library code you are correct, but most end-developers 
just use library code, they don't write so much of it.

My hope is that eventually R3 will be used for more than just small 
and dirty throw-away scripts. And that'll directly induce the need 
for a module system.

My hope is to never, ever come across a "do %..." that "loads" utility 
functions again (in R3).

There are certain advantages to writing user scripts for the front 
end code:

- The user context will be task-local, so a lot of the multitasking 
problems will go away.

- The user context is shared by all scripts running in the same task. 
It acts like a shared isolated context.

- User scripts have fewer settings in their headers. For that matter, 
they can have no header at all. Every command you enter into the 
command line is a separate script, for instance.

None of those sound like an advantage to me. For the "settings in 
their headers" I'll once again have to punt until I look into the 
module system more closely.

Header settings that affect modules only:
- type: module
- name: blah
- version: 1.0.0
- exports: [...]
- options: [isolate]
- options: [private]
- options: [extension]

More than one option is combined in one block. The rest of the header 
stuff affects scripts too.

What's the minimal module header?

REBOL [type: module name: foo] ?

REBOL [type: module]. Or if you are loading it with IMPORT or the 
Needs header, REBOL [].

Well, then that's how it should be :)

Regular modules need a name though. Named modules don't get reloaded 
if you import them more than once, they get reused. There are all 
sorts of tricks you can do with that.

system/contexts/user still refers to the task-local user context?

Yup. Or in scripts, you can call it self.

That task-local thing is still a plan though. The code is designed 
with that assumption, but it's not yet true.

Technically, you can import modules with no header at all, though 
not DO them. Extension modules require a header though.

Of course, headers let you do all sorts of tricks that you can't 
do without them. In addition to the above stuff, header settings 
let you:

- Embed scripts in text or binary files, even if it's just documentation 
before the script header.
- Aggregate multiple scripts/modules in one file.
- Save and verify a script/module checksum.
- Compress scripts/modules.

Just double-checked. No, you need at least REBOL [] for all modules, 
extension or not.

Andreas, the (dis)advantage to private modules is that they need 
to be explicitly imported into your module for you to get their exports 
(selective import). For regular modules, you import into the runtime 
library once and it is just there to share. Regular modules can take 
advantage of this to support upgrading themselves in place, for instance, 
or more easily managing word overrides on a global basis; private 
modules can't be upgraded. Each approach has advantages and disadvantages 
in different situations. This is why we support both export models.

The differences between the two are less if you are importing to 
user scripts. Since scripts share a context, subsequent scripts can 
benefit from the effects of modules imported by previous scripts, 
whether they were private or not.

For me that's purely an advantage. Explicitly importing the modules/functions 
you need is how it should be.

There are real downsides to explicit import. Choose what works for 
your situation.

I'm also pretty sure that upgrading "private" modules is possible.

For instance, with explicit import you can't upgrade a running process. 
That can be a disadvantage for some apps.

But that doesn't worry me at all, at the moment. If R3 ever reaches 
the stability and maturity that such long-running become realistic, 
then I'll start to worry about in-place upgrades.

such long-running processes*

Part of exporting is copying the values to another context, where 
it is used. You don't normally get any references to the original 
module words. And part of importing is copying those words again 
to your own context (for isolated modules and for scripts), or binding 
to the runtime library. So in practice, the only known contexts that 
you can update the values in are your own, the runtime library, and 
the current task's user context. To upgrade other contexts they would 
need to register with you, and you would have to do them one at a 
time.

REBOL processes tend to run for years, if they don't have bugs and 
don't use a buggy REBOL. Do you remember the first mailing list outage?

Luckily, we can change allmost all of that.