Skip to content
This repository

Taking over and/or giving back Gems #429

Open
YorickPeterse opened this Issue · 5 comments

4 participants

Yorick Peterse ☈king Amos King Benjamin Fleischer
Yorick Peterse

It would be really nice if there was a way in both Rubygems.org as well as
Rubygems itself to pass on ownership of a Gem to another person. Currently there
are quite a few "troll" gems on Rubygems with perfectly valid named, this one
being a fine example: http://rubygems.org/gems/ftp.

In the current state this is already somewhat possible. A Gem author can simply
add other people to the list of authors and they can then push releases as well.
However, this requires manual action by the primary author, this doesn't work if
said author isn't active anymore. It also requires use of the API (if I'm not
mistaken) opposed to being able to use a web interface.

Looking back at this "ftp" example a way of doing this would be to allow users
to flag it. After enough flags (these might have to be verified to prevent
abuse) a user would be able to claim ownership (again this should be verified by
a group of people). Another way of preventing abuse would be to prevent this
process from happening if the Gem had a new release in the past N months, though
I fear people will then abuse that to prevent the system from being used (e.g. a
troll might keep pushing his gem just so people can't overtake it).

Another way of doing it would be to allow the author to mark his gem as "dead",
thus removing the need to flag it. The taking over process would still have to
be verified to prevent random people from over taking it and not doing anything
with it.

A side effect of this feature would be that installing a Gem that was taken over
might result in completely different code being installed compared to what was
installed before. To make this clear to developers Rubygems should display a
warning both on the website as well as installing a gem. This warning can be
something along the lines of "Warning: this gem has been taken over by X, please
ensure that it is still compatible with how it was before it was taken over".

☈king

This definitely needs a solution.

The Ruby community patches around it by coming up with other names for gems, but this should be fixed.

Amos King
Collaborator

:+1:

☈king

Maybe there should be a core committee of peope with ownership-change rights that hears cases of abandonware.

This shouldn't happen.

Benjamin Fleischer
bf4 commented

+1 on the idea of a committee. Also, why do we allow https://rubygems.org/gems/saikuro when the original author made https://rubygems.org/gems/Saikuro ?

Amos King
Collaborator
adkron commented

Ownership changing is hard and could lead into some legal things. We would need rules for how long a gem has to go without being updated. Then do we have a waiting period where we contact the original author and wait for them to respond. Who would be on the committee? How much time would it take? Who owns the trademark on the name? How long can they hold that trademark? Who can they sue? Anyone thinking of hiring a lawyer yet?

It is easier to come up with a new gem name than to fight all the battles that come with this.

:-1: on the committee making decisions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.