On 21 September 2017 at 20:24, Neil Bowers <neil.bow...@cogendo.com> wrote:
> I’ll tweak my script to not worry about packages in the same distribution > (eg Acme::Flat::GV and Acme::Flat::HV). Then I just need to get a list of > new packages each day, and I’m just about there :-) I'd probably want PAUSE trust modelling to play a part too. On the basis that people are unlikely to typo-squat themselves, and that recognized, reputable authors are less likely to typo-squat. (Because reputation is an important thing to maintain in opensource, tarnish your reputation and nobody will use your stuff any more) Which, by inversion, means that newer authors are more disposed to typo-squatting, and that people are more likely to typo squat things dissimilar to what they already own. A long time ago, I was discussing with somebody, I cant remember who, that we could generalize this problem as a public feed, allowing anyone to review new module permissions assignments and changes. Having public access to the permissions list is good, but having some sort of feed that makes it public knowledge every time a new permission occurs, or every time a permission change occurs, would do wonders for this problem ( and others, like the surprise change of hands of important but undermaintained modules into the hands of potentially too keen maintainers ) It would even expose attempts at smuggling typo-squatted names in the back of distros with dissimilar names, similar to cuckoo-packages. -- Kent KENTNL - https://metacpan.org/author/KENTNL
