PAUSE::PermissionsA lightning talk given at London Perl Workshop 2012

The permissions model that controls who can upload what modules to CPAN, via

PAUSE

Neil BowersNEILB

Andreas KönigANDK

PAUSE::Permissions

A module for querying the data behind the model

Neil BowersNEILB

Andreas KönigANDK

PAUSE and CPAN

$CPAN/modules/06perms.txt

• Who has what permissions for which modules

$CPAN/modules/06perms.txtTime::Fake,ROSULEK,fTime::Fields,PIP,fTime::Format,PGOLLUCCI,fTime::Format,ROODE,mTime::Format_XS,ROODE,fTime::Frame,PIP,fTime::Fuzzy,JQUELIN,mTime::GPS,ZEFRAM,fTime::HR,AGOLOMSH,fTime::HiRes,DEWEG,cTime::HiRes,JHI,cTime::HiRes,ZEFRAM,mTime::HiRes::Value,PEVANS,fTime::Human,JHOBLITT,fTime::Implementation,FOTANGO,fTime::Implementation,STIG,cTime::Interval,AHICOX,f

Time::HiRes, JHI, c

module PAUSE id

permission

• If you’re the first to upload a module to CPAN, you get the 'f' permission (“first come”)

• You’re considered the owner

Module::Path,NEILB,f

Upload a new module

Register module on module list

• If you register the module, you get an 'm' permission

• Internally you also still have 'f'

• 'm' takes precedence over 'f'

Graph::Reader,NEILB,m

You register modules, not dists

• I registered PAUSE::Permissions

• The dist also includes PAUSE::Permissions::Module

• What should you do with other modules in dists?• If they’re public-facing, consider registering them• Otherwise 'f' is fine

PAUSE::Permissions,NEILB,mPAUSE::Permissions::Module,NEILB,f

Co-maintainers

• The owner of a module can grant co-maint perms• Using the PAUSE web interface

• They get a 'c' permission.

• Co-maints can upload new versions of a module

• Co-maints cannot grant co-maint permissions

PAUSE::Permissions,ANDK,cPAUSE::Permissions,NEILB,mPAUSE::Permissions::Module,ANDK,cPAUSE::Permissions::Module,NEILB,f

Permissions are on modules

• Years back I created some Locale:: modules

• I handed them to SBECK, he's expanded the dist

• I have co-maint on the original modules• but not on those he's subsequently added.

Locale::Constants,NEILB,cLocale::Country,NEILB,cLocale::Currency,NEILB,cLocale::Language,NEILB,cLocale::Script,NEILB,c

Locale::Codes,SBECK,fLocale::Codes::Constants,SBECK,fLocale::Codes::Country,SBECK,f… lots more modules …Locale::Constants,SBECK,fLocale::Country,SBECK,mLocale::CountryCodes,SBECK,fLocale::Currency,SBECK,mLocale::CurrencyCodes,SBECK,fLocale::Language,SBECK,mLocale::LanguageCodes,SBECK,fLocale::Script,SBECK,fLocale::ScriptCodes,SBECK,f

Someone else's module

• If you upload a module you don't have perms for• The dist will make it to your author directory• The offending module won't be indexed (but ok modules will be)

• search.cpan.org will shout at you

Deleting dists from CPAN

• You can only delete dists that you uploaded• Regardless of whether you're the owner

• Permissions are associated with modules, not dists, remember

• If you don't like a co-maint's release• Revoke co-maint, then supersede with a new release• But talk to them first!

Namespace squatting

• Upload a module, then delete the dist (via PAUSE)

• The module won't exist on CPAN

• But you'll have an 'f' permission

• No-one else will be able to use that name

• Free it up using PAUSE ("Change Permissions")

No::Such::Module,NEILB,f

Developer releases

• Developer releases don't trigger permissions

• If your first release of a module is a developer release, you won't get any permissions.• Someone else could gazump you

• "This may change" - ANDK

Transfer of ownership

• You can transfer ownership to another user

• They get your 'm' or 'f'

• You get 'c'

PAUSE::Permissions,ANDK,mPAUSE::Permissions,NEILB,cPAUSE::Permissions::Module,ANDK,fPAUSE::Permissions::Module,NEILB,c

Taking over a module

"Usually, after all this hassle,we are reasonably quick at assigning co-maintenance permissions,but don't hold your breath"

Anomaly #1: different m and f

Catalyst::Engine::Apache,AGRUNDMA,mCatalyst::Engine::Apache,MSTROUT,f

Tie::SubstrHash,LWALL,mTie::SubstrHash,P5P,f

• Modules with different 'm' and 'f' users?

• This can't happen TM

• But when it does• 'm' is the owner• 'f' is treated as a co-maint

• There are some special conventions• Eg P5P has 'f' on some modules

Anomaly #2: modules with no owner

• There are 1000+ modules with co-maints only

• How does this come about?• You can give up your permissions: "Change Permissions" on PAUSE

• Make your case to PAUSE admins for ownership• PAUSE Admins: modules@perl.org

DBIx::Class::Loader,AMS,cDBIx::Class::Loader,DMAKI,cDBIx::Class::Loader,KRAIH,cDBIx::Class::Loader,MRAMBERG,cDBIx::Class::Loader,SRI,cDBIx::Class::Loader,TEMPIRE,c

Anomaly #3: modules with no perms

• Some modules are on CPAN but not in 06perms.txt

• Upload a module, then give up your 'f' permission• It's open season on the module name again

PAUSE::Permissions

use PAUSE::Permissions;

my $pp = PAUSE::Permissions->new;my $mp = $pp->module_permissions('PAUSE::Permissions');

my $owner = $mp->owner; # NEILBmy @comaints = $mp->co_maintainers; # ANDK

Finally

• Largest number of co-maints any module has?

• Tidy up your permissions please