PAUSE::Permissions A lightning talk given at London Perl Workshop 2012 The permissions model that controls who can upload what modules to CPAN, via PAUSE Neil Bowers NEILB Andreas König ANDK
Jun 11, 2015
PAUSE::PermissionsA lightning talk given at London Perl Workshop 2012
The permissions model that controls who can upload what modules to CPAN, via
PAUSE
Neil BowersNEILB
Andreas KönigANDK
PAUSE::Permissions
A module for querying the data behind the model
Neil BowersNEILB
Andreas KönigANDK
PAUSE and CPAN
$CPAN/modules/06perms.txt
• Who has what permissions for which modules
$CPAN/modules/06perms.txtTime::Fake,ROSULEK,fTime::Fields,PIP,fTime::Format,PGOLLUCCI,fTime::Format,ROODE,mTime::Format_XS,ROODE,fTime::Frame,PIP,fTime::Fuzzy,JQUELIN,mTime::GPS,ZEFRAM,fTime::HR,AGOLOMSH,fTime::HiRes,DEWEG,cTime::HiRes,JHI,cTime::HiRes,ZEFRAM,mTime::HiRes::Value,PEVANS,fTime::Human,JHOBLITT,fTime::Implementation,FOTANGO,fTime::Implementation,STIG,cTime::Interval,AHICOX,f
Time::HiRes, JHI, c
module PAUSE id
permission
• If you’re the first to upload a module to CPAN, you get the 'f' permission (“first come”)
• You’re considered the owner
Module::Path,NEILB,f
Upload a new module
Register module on module list
• If you register the module, you get an 'm' permission
• Internally you also still have 'f'
• 'm' takes precedence over 'f'
Graph::Reader,NEILB,m
You register modules, not dists
• I registered PAUSE::Permissions
• The dist also includes PAUSE::Permissions::Module
• What should you do with other modules in dists?• If they’re public-facing, consider registering them• Otherwise 'f' is fine
PAUSE::Permissions,NEILB,mPAUSE::Permissions::Module,NEILB,f
Co-maintainers
• The owner of a module can grant co-maint perms• Using the PAUSE web interface
• They get a 'c' permission.
• Co-maints can upload new versions of a module
• Co-maints cannot grant co-maint permissions
PAUSE::Permissions,ANDK,cPAUSE::Permissions,NEILB,mPAUSE::Permissions::Module,ANDK,cPAUSE::Permissions::Module,NEILB,f
Permissions are on modules
• Years back I created some Locale:: modules
• I handed them to SBECK, he's expanded the dist
• I have co-maint on the original modules• but not on those he's subsequently added.
Locale::Constants,NEILB,cLocale::Country,NEILB,cLocale::Currency,NEILB,cLocale::Language,NEILB,cLocale::Script,NEILB,c
Locale::Codes,SBECK,fLocale::Codes::Constants,SBECK,fLocale::Codes::Country,SBECK,f… lots more modules …Locale::Constants,SBECK,fLocale::Country,SBECK,mLocale::CountryCodes,SBECK,fLocale::Currency,SBECK,mLocale::CurrencyCodes,SBECK,fLocale::Language,SBECK,mLocale::LanguageCodes,SBECK,fLocale::Script,SBECK,fLocale::ScriptCodes,SBECK,f
Someone else's module
• If you upload a module you don't have perms for• The dist will make it to your author directory• The offending module won't be indexed (but ok modules will be)
• search.cpan.org will shout at you
Deleting dists from CPAN
• You can only delete dists that you uploaded• Regardless of whether you're the owner
• Permissions are associated with modules, not dists, remember
• If you don't like a co-maint's release• Revoke co-maint, then supersede with a new release• But talk to them first!
Namespace squatting
• Upload a module, then delete the dist (via PAUSE)
• The module won't exist on CPAN
• But you'll have an 'f' permission
• No-one else will be able to use that name
• Free it up using PAUSE ("Change Permissions")
No::Such::Module,NEILB,f
Developer releases
• Developer releases don't trigger permissions
• If your first release of a module is a developer release, you won't get any permissions.• Someone else could gazump you
• "This may change" - ANDK
Transfer of ownership
• You can transfer ownership to another user
• They get your 'm' or 'f'
• You get 'c'
PAUSE::Permissions,ANDK,mPAUSE::Permissions,NEILB,cPAUSE::Permissions::Module,ANDK,fPAUSE::Permissions::Module,NEILB,c
Taking over a module
"Usually, after all this hassle,we are reasonably quick at assigning co-maintenance permissions,but don't hold your breath"
Anomaly #1: different m and f
Catalyst::Engine::Apache,AGRUNDMA,mCatalyst::Engine::Apache,MSTROUT,f
Tie::SubstrHash,LWALL,mTie::SubstrHash,P5P,f
• Modules with different 'm' and 'f' users?
• This can't happen TM
• But when it does• 'm' is the owner• 'f' is treated as a co-maint
• There are some special conventions• Eg P5P has 'f' on some modules
Anomaly #2: modules with no owner
• There are 1000+ modules with co-maints only
• How does this come about?• You can give up your permissions: "Change Permissions" on PAUSE
• Make your case to PAUSE admins for ownership• PAUSE Admins: [email protected]
DBIx::Class::Loader,AMS,cDBIx::Class::Loader,DMAKI,cDBIx::Class::Loader,KRAIH,cDBIx::Class::Loader,MRAMBERG,cDBIx::Class::Loader,SRI,cDBIx::Class::Loader,TEMPIRE,c
Anomaly #3: modules with no perms
• Some modules are on CPAN but not in 06perms.txt
• Upload a module, then give up your 'f' permission• It's open season on the module name again
PAUSE::Permissions
use PAUSE::Permissions;
my $pp = PAUSE::Permissions->new;my $mp = $pp->module_permissions('PAUSE::Permissions');
my $owner = $mp->owner; # NEILBmy @comaints = $mp->co_maintainers; # ANDK
Finally
• Largest number of co-maints any module has?
• Tidy up your permissions please