rust-lang / crates.io

The Rust package registry
https://crates.io
Apache License 2.0
3k stars 601 forks source link

Raise rate limit of particular crates? owners? for many versions of a crate per day #6336

Open carols10cents opened 1 year ago

carols10cents commented 1 year ago

Currently, we have a global limit on the number of versions of a crate that can be published in one day, and the environment variable is currently set to 10 in production.

This covers 99.8% of crates, but we've recently had one case in the 0.2%: a crate that has ~30 0.x.0 releases that are all supported, and a fix that needed to be backported and published as 30 new 0.x.1 versions.

The current workaround is for the owner to contact us, we raise the global env var value for everyone to a value that would let them publish all the versions needed in one day, then contact us again when they're done and we return the env var to its original version. This works but is a lot of coordination and opportunities for mistakes.

A better solution would be if a trusted owner (user? team?) could contact us and request a more permanent higher limit, so that they don't have to contact us again every time they need to publish many versions in a day. We currently have the ability to increase the burst of publishes of new crates per-user, and the ability to increase the max_upload_size per-crate. It's not clear if this limit exception could somehow be folded into either of those systems or if a new system is needed just for this or if all need to be refactored into a new system.... details left as an exercise for the implementer 😂

For searchability, the error message you currently get when hitting this limit is "You have published too many versions of this crate in the last 24 hours".

Turbo87 commented 1 year ago

I guess https://github.com/rust-lang/crates.io/pull/6875 has resolved that? feel free to reopen is I misinterpreted this :)

carols10cents commented 3 months ago

Reopening, sorry I didn't realize this at the time you closed this -- no, the MAX_NEW_VERSIONS_DAILY/new_version_rate_limit is still global: https://github.com/rust-lang/crates.io/blob/eb5745f9d4e4c43ff8657ede3f48f6789da0c534/src/controllers/krate/publish.rs#L334-L342