New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bigint search #1164

Open
kevindawson opened this Issue Apr 30, 2014 · 5 comments

Comments

Projects
None yet
5 participants
@kevindawson

kevindawson commented Apr 30, 2014

when searching for bigint
the expected first match should be -> F/FL/FLORA/bignum-0.32.tar.gz
looks like we have another search index issue.

If we look at -> https://metacpan.org/author/FLORA there is no bignum

but here it is on CPAN http://search.cpan.org/~flora/bignum-0.32/lib/bigint.pm

oalders new issue as per your instruction, sorry for the delay in doing so.

@wolfsage

This comment has been minimized.

Show comment
Hide comment
@wolfsage

wolfsage May 13, 2014

Member

Perhaps this is because the latest release of bignum (which contains bigint) is an unauthorized release by a different author:

https://metacpan.org/release/PJACKLAM/bignum-0.37

This is also screwing up FLORA's module list page. It should still show .32 for bignum in his list:

https://metacpan.org/author/FLORA

But does not since bignum-0.37 belongs to PJACKLAM. (Shouldn't bignum-0.37 show a big "UNAUTHORIZED RELEASE" warning?)

Member

wolfsage commented May 13, 2014

Perhaps this is because the latest release of bignum (which contains bigint) is an unauthorized release by a different author:

https://metacpan.org/release/PJACKLAM/bignum-0.37

This is also screwing up FLORA's module list page. It should still show .32 for bignum in his list:

https://metacpan.org/author/FLORA

But does not since bignum-0.37 belongs to PJACKLAM. (Shouldn't bignum-0.37 show a big "UNAUTHORIZED RELEASE" warning?)

@rwstauner

This comment has been minimized.

Show comment
Hide comment
@rwstauner

rwstauner May 13, 2014

Member

Likely adding to the confusion is that, as of Sun, 11 May 2014 10:41:02 GMT, 02packages lists two different versions of bignum:

bigint                             0.32  F/FL/FLORA/bignum-0.32.tar.gz
bignum                             0.32  F/FL/FLORA/bignum-0.32.tar.gz
bigrat                             0.32  F/FL/FLORA/bignum-0.32.tar.gz
Math::BigFloat::Trace              0.36  P/PJ/PJACKLAM/bignum-0.37.tar.gz
Math::BigInt::Trace                0.36  P/PJ/PJACKLAM/bignum-0.37.tar.gz

According to 06perms PJACKLAM is authorized for the Math::.+ modules in the dist, but not the ^big*ones.

The dist is unauthorized according to the API:

*$ curl api.metacpan.org/release/PJACKLAM/bignum-0.37?fields=authorized,status
{
   "authorized" : "false",
   "status" : "latest"
}

So there must still be a bug about marking the dist as latest because it has some modules that are in 02packages but it is partially unauthorized.

There also doesn't appear to be code in the web ui about displaying authorized status.

Member

rwstauner commented May 13, 2014

Likely adding to the confusion is that, as of Sun, 11 May 2014 10:41:02 GMT, 02packages lists two different versions of bignum:

bigint                             0.32  F/FL/FLORA/bignum-0.32.tar.gz
bignum                             0.32  F/FL/FLORA/bignum-0.32.tar.gz
bigrat                             0.32  F/FL/FLORA/bignum-0.32.tar.gz
Math::BigFloat::Trace              0.36  P/PJ/PJACKLAM/bignum-0.37.tar.gz
Math::BigInt::Trace                0.36  P/PJ/PJACKLAM/bignum-0.37.tar.gz

According to 06perms PJACKLAM is authorized for the Math::.+ modules in the dist, but not the ^big*ones.

The dist is unauthorized according to the API:

*$ curl api.metacpan.org/release/PJACKLAM/bignum-0.37?fields=authorized,status
{
   "authorized" : "false",
   "status" : "latest"
}

So there must still be a bug about marking the dist as latest because it has some modules that are in 02packages but it is partially unauthorized.

There also doesn't appear to be code in the web ui about displaying authorized status.

@rwstauner

This comment has been minimized.

Show comment
Hide comment
@rwstauner

rwstauner May 15, 2014

Member

I updated the UI to mark the release as unauthorized, but the dist is still incorrectly marked as latest. I made an issue on the api for that (cpan-api/cpan-api#315).

Member

rwstauner commented May 15, 2014

I updated the UI to mark the release as unauthorized, but the dist is still incorrectly marked as latest. I made an issue on the api for that (cpan-api/cpan-api#315).

@shadowcat-mst

This comment has been minimized.

Show comment
Hide comment
@shadowcat-mst

shadowcat-mst May 17, 2014

The heuristic I'd suggest is to take the 'king module' of a dist - i.e. if somebody ships DBIx-Class and they're authorized for DBIx::Class, they're probably supposed to be able to ship the whole thing. Noting 'permission issue' or something-or-other for partially authorized dists is good, but it's common enough for a couple of modules deep in a namespace to get missed when distributing co-maint that you don't want to slap the big UNAUTHORIZED label on them just for that and you certainly don't want to exclude them from being the latest

shadowcat-mst commented May 17, 2014

The heuristic I'd suggest is to take the 'king module' of a dist - i.e. if somebody ships DBIx-Class and they're authorized for DBIx::Class, they're probably supposed to be able to ship the whole thing. Noting 'permission issue' or something-or-other for partially authorized dists is good, but it's common enough for a couple of modules deep in a namespace to get missed when distributing co-maint that you don't want to slap the big UNAUTHORIZED label on them just for that and you certainly don't want to exclude them from being the latest

@rwstauner

This comment has been minimized.

Show comment
Hide comment
@rwstauner

rwstauner May 17, 2014

Member

That's not a bad idea. This bignum case would still show RAFL's as latest (which would agree with PAUSE), but it wouldn't incorrectly break the majority of cases (where installing by the main module would still get you the newest one).

Member

rwstauner commented May 17, 2014

That's not a bad idea. This bignum case would still show RAFL's as latest (which would agree with PAUSE), but it wouldn't incorrectly break the majority of cases (where installing by the main module would still get you the newest one).

rwstauner added a commit that referenced this issue May 21, 2014

Disable marking of unauthorized releases for now
Until we improve the accuracy of the indexer
and are more confident in the logic.

Leave it as a feature flag so that we can toggle it on/off for testing.
Maybe we'll re-enable it someday, maybe we won't.

refs #706, #1117, #1164, #1200.

oiami pushed a commit to oiami/metacpan-web that referenced this issue Jun 9, 2014

Disable marking of unauthorized releases for now
Until we improve the accuracy of the indexer
and are more confident in the logic.

Leave it as a feature flag so that we can toggle it on/off for testing.
Maybe we'll re-enable it someday, maybe we won't.

refs #706, #1117, #1164, #1200.

oiami pushed a commit to oiami/metacpan-web that referenced this issue Jun 9, 2014

Disable marking of unauthorized releases for now
Until we improve the accuracy of the indexer
and are more confident in the logic.

Leave it as a feature flag so that we can toggle it on/off for testing.
Maybe we'll re-enable it someday, maybe we won't.

refs #706, #1117, #1164, #1200.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment