Open book opened 3 months ago
ap
commented
3 months ago Further notes: this means that…
haarg
commented
3 months ago Why does PAUSE need to remember which releases were authorized? PAUSE only uses the data when indexing new stable releases. An old stable release isn't treated any differently than an unauthorized release.
ap
commented
3 months ago Right, that’s a MetaCPAN need, not PAUSE. Mixed things up.
haarg
commented
3 months ago MetaCPAN checks permissions at index time and stores those. It does the same for normal CPAN releases. It doesn't use historical data.
rjbs
commented
3 months ago This seems pretty reasonable to me.
Honestly, I wonder if we can just use a mailing list user to replace the pumpkin bit.
ap
commented
3 months ago A mailing list user?
rjbs
commented
3 months ago A mailing list user is a special thing in PAUSE. See:
But basically, it's a user that other users can impersonate. So there's a P5P mailing list user that has first come on some libraries. Then any normal user who is a member of the "mailing list" can impersonate P5P to do stuff: generally, name comaintainers. You can't upload something as a mailing list user.
So, we'd make a PERLREL mailing list user and update the "is user pumpking?" checks in pause.git to instead say "is user member of PERLREL"?
ap
commented
3 months ago Ah. Sounds sensible (to me – which is not saying much here).
So, we'd make a PERLREL mailing list user
I think the obviously correct name for this account would be PUMPKING. 🙂
rjbs
commented
3 months ago I think the obviously correct name for this account would be PUMPKING. 🙂
:) But personally, I would rather we avoid that term, as (a) the position is retired and (b) it is inherently gendered.
book
commented
3 months ago I think the obviously correct name for this account would be PUMPKING. 🙂
:) But personally, I would rather we avoid that term, as (a) the position is retired and (b) it is inherently gendered.
"Pumpkin holder" is more appropriate, and not gendered. 🎃
book
commented
3 months ago There was also the discussion of automating the releases of Module::CoreList, so maybe P5P, PORTERS, or something more general would be better.
Naming is hard, but also a later step, if there's some code to be written to support this.
neilb
commented
3 months ago In the PAUSE interface
Those of you who think "authorised" should be spelled "authorized" can bite me. Or change it to "approved", I guess.
This name also makes clear that it should just be people currently considered acceptable / potential releasers, and so a load of people can lose their bit, including me.
ap
commented
3 months ago Naming is hard, but also a later step
My bad, sorry about that.
After some private discussions this with @neilb and the current Perl Steering Council (@ap, @book, @haarg), it appears that the current list of people with the "pumpkin" permission is too big (there are 53 people on that list at the time of writing).
This list seems to serve two purposes:
The first job is better handled by the perlhist manual page.
For the second, the risk of inactive account takeover is very real. Some of the people on the list above have stopped doing Perl for a long time (some are even deceased). It would make sense for this list to only contain people who actually need the permission, because they are on the Perl release schedule and will do a release in the near future.
To reduce administrivia, one proposal could be along the lines of:
This should ensure that, after the initial setup, minimal involvement from PAUSE admins is needed (updating the list of PSC members every year). The PSC can assign the permission directly to volunteers, and people who stop contributing to Perl eventually lose the permission over time.