search

andk / pause

Perl authors upload server
http://pause.perl.org/
150 stars 58 forks source link

If author changes case of already indexed module, change case of all permissions #250

Open neilb opened 7 years ago

neilb commented 7 years ago

If you release a module Foo::Bar, then you'll get first-come on it, and then no-one else can release it, and they can't release Foo::bar or any other case variant of it either.

But if you release Foo::bar, then you'll end up with first-come on that as well, and that's the variant that will appear in the CPAN Index. This can result in different people having permissions on case-variants of the same namespace (for example, you transfer the first-come on Foo::Bar to someone, but forget about Foo::bar; now two different people have first-come on effectively the same namespace).

I propose that we change PAUSE's behaviour so there can only ever beone case-variant of a namespace listed in 02packages.details.txt and 06perms.txt. People should be allowed to change their mind on the case of their package name, so we should update all permissions to the latest name.

The rest of this illustrates the behaviour I think PAUSE should have.

Let's say ANDK releases module Fruit::banana, and some time later he gives co-maint to RSAVAGE. So now we look at 06perms.txt

% grep -i fruit::banana 06perms.txt
Fruit::banana,ANDK,f
Fruit::banana,RSAVAGE,c

ANDK then notices that all the other fruits on CPAN are capitalised, so he releases a new version of his dist, with Fruit::Banana. PAUSE checks whether he has indexing permissions, which he does, and then notices that the case has changed. All existing permissions are switched to the new name:

% grep -i fruit::banana 06perms.txt
Fruit::Banana,ANDK,f
Fruit::Banana,RSAVAGE,c

RSAVAGE points out to ANDK that all the modules in Vegetable:: are lowercase, and people are starting to follow that convention, so with ANDK's blessing, RSAVAGE does a release which switches the name back to Fruit::banana. Again, PAUSE checks whether he has indexing permissions, which he does, and then notices that the case has changed. Even though he "only" has co-maint, as a result all permissions are again updated:

% grep -i fruit::banana 06perms.txt
Fruit::banana,ANDK,f
Fruit::banana,RSAVAGE,c

This has been discussed with the PAUSE admins, and @andk agreed we should go ahead with this, unless anyone can think of a reason why this is a bad idea?

Additional thought: If someone does a release that has a module Foo::Bar, and it has a cuckoo package of Foo::bar (it has happened more than once), then PAUSE should just pick one of them and assign permissions on that. We should let the author know that this is a bad idea, but still let their release be indexed.

andk commented 6 years ago

Additional data point: LNATION uploaded both ACME-AsciiEmoji-0.01.tar.gz and Acme-AsciiEmoji-0.02.tar.gz and then kept the case in the next versions. But none of these followup-uploads got indexed. The mails he got either did not arrive or were not understood. The status message he got was really poor. Just "Not indexed because of case mismatch."

neilb commented 6 years ago

@andk - any chance this could be on your PTS todo list? :-)

rjbs commented 6 years ago

I'll give this a look… tomorrow?

rjbs commented 6 years ago

If a distribution contains both Foo::Bar and FOO::BAR, we will:

…in that order.

karenetheridge commented 6 years ago

between options 2 and 3, how about: pick the one that matches an entry in 02packages and/or 06perms?

rjbs commented 6 years ago

If a distribution contains both Foo::Bar and FOO::BAR, we will:

… in that order.

(The hardcoded list is no longer expected to be needed, after examining known cases.)

rjbs commented 1 year ago

In previous years we said "mostly, don't do this."