Only commit PAUSE approved modules? #31
Labels
Comments
PAUSE now actually requires ownership/comaint on Apache::Session to upload Apache-Session-*, and requires that the tarball contain the Apache::Session package (or at the very least a stub). |
|
We're moving to be part of MetaCPAN's indexer and will have their facilities for determining authorized vs unauthorized releases. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CPAN has an ownership policy and not everything on BackPAN is actually part of a distribution. Knowing what's indexed comes from the PAUSE uploads database. gitpan should make use of this and only select stable tarballs which were in the index.
http://devel.cpantesters.org/
Trouble is, PAUSE goes by module. gitpan by distribution. You have releases which contain some authorized and some unauthorized modules. For example, this appears in the PAUSE uploads database. Its clearly the result of an incomplete ownership transfer, and valid.
http://search.cpan.org/~chorny/Apache-Session-1.88/
But this does not. However, for the purposes of gitPAN there's no problem making a repo for this. gitPAN has no global module index to worry about.
http://search.cpan.org/dist/lcwa/
There isn't a whole lot one can do about that. The data in the uploads database just lists tarballs. If we had the same info that search.cpan does we could maybe apply some heuristics and say that if the module matching the dist name is authorized (ie. Apache-Session-1.88.tar.gz is authorized for Apache::Session) then its ok.
The text was updated successfully, but these errors were encountered: