1. PAUSE::Permissions
A lightning talk given at London Perl Workshop 2012
The permissions model that controls who
can upload what modules to CPAN, via
PAUSE
Neil Bowers Andreas König
NEILB ANDK
2. PAUSE::Permissions
A module for querying the data behind the
model
Neil Bowers Andreas König
NEILB ANDK
6. Upload a new module
• If you’re the first to upload a module to CPAN, you
get the 'f' permission (“first come”)
Module::Path,NEILB,f
• You’re considered the owner
7. Register module on module list
• If you register the module, you get an 'm' permission
Graph::Reader,NEILB,m
• Internally you also still have 'f'
• 'm' takes precedence over 'f'
8. You register modules, not dists
• I registered PAUSE::Permissions
• The dist also includes PAUSE::Permissions::Module
PAUSE::Permissions,NEILB,m
PAUSE::Permissions::Module,NEILB,f
• What should you do with other modules in dists?
• If they’re public-facing, consider registering them
• Otherwise 'f' is fine
9. Co-maintainers
• The owner of a module can grant co-maint perms
• Using the PAUSE web interface
• They get a 'c' permission.
PAUSE::Permissions,ANDK,c
PAUSE::Permissions,NEILB,m
PAUSE::Permissions::Module,ANDK,c
PAUSE::Permissions::Module,NEILB,f
• Co-maints can upload new versions of a module
• Co-maints cannot grant co-maint permissions
10. Permissions are on modules
• Years back I created some Locale:: modules
• I handed them to SBECK, he's expanded the dist
Locale::Codes,SBECK,f
Locale::Constants,NEILB,c Locale::Codes::Constants,SBECK,f
Locale::Country,NEILB,c Locale::Codes::Country,SBECK,f
… lots more modules …
Locale::Currency,NEILB,c Locale::Constants,SBECK,f
Locale::Country,SBECK,m
Locale::Language,NEILB,c Locale::CountryCodes,SBECK,f
Locale::Script,NEILB,c Locale::Currency,SBECK,m
Locale::CurrencyCodes,SBECK,f
Locale::Language,SBECK,m
Locale::LanguageCodes,SBECK,f
Locale::Script,SBECK,f
Locale::ScriptCodes,SBECK,f
• I have co-maint on the original modules
• but not on those he's subsequently added.
11. Someone else's module
• If you upload a module you don't have perms for
• The dist will make it to your author directory
• The offending module won't be indexed (but ok modules will be)
• search.cpan.org will shout at you
12. Deleting dists from CPAN
• You can only delete dists that you uploaded
• Regardless of whether you're the owner
• Permissions are associated with modules, not dists,
remember
• If you don't like a co-maint's release
• Revoke co-maint, then supersede with a new release
• But talk to them first!
13. Namespace squatting
• Upload a module, then delete the dist (via PAUSE)
• The module won't exist on CPAN
• But you'll have an 'f' permission
No::Such::Module,NEILB,f
• No-one else will be able to use that name
• Free it up using PAUSE ("Change Permissions")
14. Developer releases
• Developer releases don't trigger permissions
• If your first release of a module is a developer
release, you won't get any permissions.
• Someone else could gazump you
• "This may change" - ANDK
15. Transfer of ownership
• You can transfer ownership to another user
• They get your 'm' or 'f'
• You get 'c'
PAUSE::Permissions,ANDK,m
PAUSE::Permissions,NEILB,c
PAUSE::Permissions::Module,ANDK,f
PAUSE::Permissions::Module,NEILB,c
16. Taking over a module
"Usually, after all this hassle,
we are reasonably quick at assigning co-maintenance permissions,
but don't hold your breath"
17. Anomaly #1: different m and f
• Modules with different 'm' and 'f' users?
• This can't happen TM
Catalyst::Engine::Apache,AGRUNDMA,m
Catalyst::Engine::Apache,MSTROUT,f
• But when it does
• 'm' is the owner
• 'f' is treated as a co-maint
• There are some special conventions
• Eg P5P has 'f' on some modules
Tie::SubstrHash,LWALL,m
Tie::SubstrHash,P5P,f
18. Anomaly #2: modules with no owner
• There are 1000+ modules with co-maints only
DBIx::Class::Loader,AMS,c
DBIx::Class::Loader,DMAKI,c
DBIx::Class::Loader,KRAIH,c
DBIx::Class::Loader,MRAMBERG,c
DBIx::Class::Loader,SRI,c
DBIx::Class::Loader,TEMPIRE,c
• How does this come about?
• You can give up your permissions: "Change Permissions" on PAUSE
• Make your case to PAUSE admins for ownership
• PAUSE Admins: modules@perl.org
19. Anomaly #3: modules with no perms
• Some modules are on CPAN but not in 06perms.txt
• Upload a module, then give up your 'f' permission
• It's open season on the module name again
20. PAUSE::Permissions
use PAUSE::Permissions;
my $pp = PAUSE::Permissions->new;
my $mp = $pp->module_permissions('PAUSE::Permissions');
my $owner = $mp->owner; # NEILB
my @comaints = $mp->co_maintainers; # ANDK