Does a namespace have to exist before publishing crates in that namespace?

[JWorthe]

Say that there is currently no package on crates.io named foo, and I want to publish a package named foo/bar, would I be forced to first publish a package named foo?

The biggest problem I can think of with allowing foo/bar without foo is it might allow someone to later hijack ownership of foo/bar. Whoever does publish foo will automatically become an owner of foo/bar.

However, insisting that the namespace must exist first could create a circular dependency problem. Some crates use the 'namespace' crate as one that pulls the many subcrates together. In this case, the namespace crate depends on its subcrates. An example of a crate ecosystem that takes this approach is Bevy, where by depending on bevy you also get bevy-app, bevy-asset, bevy-core, etc. The problem here is that you can't publish the namespace crate until you've published the subcrates.

One way to solve this could be to have it that the first person to publish a subcrate also reserves the namespace. In other words, if you publish foo/bar, and foo does not exist, foo is created with you as the owner and some dummy content.

[Manishearth]

I think yes, you would be forced to publish foo, and the way to do it would be to temporarily squat it with a non-crate 0.0.1 version.

I think the autoclaim could work. I kinda would prefer if folks were required to claim foo since that gives a proper ownership root (that has access management that is not tied to the subcrate -- if i publish foo/bar and then publish foo/baz, and radd/emove a collaborator from foo/bar, do they gain/lose access from foo/baz?). It also lets you write a README about the namespace. So if we're going to do this I'd prefer we do it as a followup.

[jplatte]

One can publish version 0.0.0, so that's what one should probably do to just claim the namespace (or what an autoclaim could also do, for an initial implementation).