Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Only commit PAUSE approved modules? #31

Open
schwern opened this Issue Dec 12, 2009 · 2 comments

Comments

Projects
None yet
2 participants
Contributor

schwern commented Dec 12, 2009

CPAN has an ownership policy and not everything on BackPAN is actually part of a distribution. Knowing what's indexed comes from the PAUSE uploads database. gitpan should make use of this and only select stable tarballs which were in the index.
http://devel.cpantesters.org/

Trouble is, PAUSE goes by module. gitpan by distribution. You have releases which contain some authorized and some unauthorized modules. For example, this appears in the PAUSE uploads database. Its clearly the result of an incomplete ownership transfer, and valid.
http://search.cpan.org/~chorny/Apache-Session-1.88/

But this does not. However, for the purposes of gitPAN there's no problem making a repo for this. gitPAN has no global module index to worry about.
http://search.cpan.org/dist/lcwa/

There isn't a whole lot one can do about that. The data in the uploads database just lists tarballs. If we had the same info that search.cpan does we could maybe apply some heuristics and say that if the module matching the dist name is authorized (ie. Apache-Session-1.88.tar.gz is authorized for Apache::Session) then its ok.

tsibley commented Jan 28, 2015

maybe apply some heuristics and say that if the module matching the dist name is authorized (ie. Apache-Session-1.88.tar.gz is authorized for Apache::Session) then its ok.

PAUSE now actually requires ownership/comaint on Apache::Session to upload Apache-Session-*, and requires that the tarball contain the Apache::Session package (or at the very least a stub).

Contributor

schwern commented Jan 28, 2015

We're moving to be part of MetaCPAN's indexer and will have their facilities for determining authorized vs unauthorized releases.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment