Re: Regulating Module Authorship
I guess that answers most of it. - Of course, we need to make sure that new comers don't just take old modules (which work very good) and break them You can never assure that, and who would decide and monitor that anyway? Even if the module transfers to a new author, the older versions stay in the original authors directory. It's rare, though, that people take over modules that work very well so this isn't a big deal. This is something Geoffrey wrote, which I think is a reply to this as well: Amen to that. Perhaps a sandbox where new versions would live for a while? With CPAN testers getting an (automated) vote? - The trickiest: what if I wrote a module, but I don't want to add to it, and I don't want anyone else touching it ever - I want it the way it is and that's it. Do we fork it? You fork it. The module belongs to the author until he says otherwise or he disappears completely. Another relevant comment from Geoffrey: If I understand the Artistic License correctly, anyone can grab a module, modify it and release it under a new name. So I think that the proper concern is how to manage forked modules. Perhaps a numbering/ naming scheme that says, in effect, This is a forked module under different authorship from the root, that has most/all of the underling functionality of the original. Guidelines for spelling the departures of the forked module from the original would be helpful, also. Additionally, there should be a procedure for bringing a forked module into the main branch, once the original author has been determined to be unavailable/uninterested. Perhaps we do need some added guidelines to CPAN. It's growing very big and very broad but still lags behind on certain things. The fact that we have multiple UNAUTHORIZED releases (that are still easily found - something before the authorized releases - which is confusing), the fact that many modules that were abandoned are still used and the patches in the bug reports are piling up when you just need someone to apply them and have them tested, the fact that we have a lot of forks for abandoned modules, the fact that some modules are so outdated they won't work on any standard system, and there's no way to parse them out in the search (give me only modules which work on 5.8 and hold the ketchup). I really think it's not just CPAN that needs revamping, it's the fact that it seems like we've overlooked a bloating module archive that is imperative to the community and as a community I think we need to look into it some more. I'm not bitching, I just think we can improve things a lot. Is anyone against looking into these things some more? Trying to open a wiki on this? Get more opinions and comments and suggestions and try to gather a list of things we'd like to change and start working on them? (sorry if it came out preachy.. )
Re: Regulating Module Authorship
On Mon, Sep 22, 2008 at 6:03 AM, sawyer x [EMAIL PROTECTED] wrote: Perhaps we do need some added guidelines to CPAN. My 2 cents: CPAN is fundamentally a free-wheeling, fairly anarchic place run by volunteers and containing the work of volunteers. Anything that imposes greater restrictions (a) requires more work for maintainers and (b) decreases the freedom to innovate. For both reasons, more rules or guidelines are to be avoided. The fact that we have multiple UNAUTHORIZED releases (that are still easily found - something before the authorized releases - which is confusing), This is a function of search.cpan.org -- these modules do not get indexed by CPAN itself and can't easily be installed by end-users. But perhaps there needs to be better documentation on the subject, e.g. What is an UNAUTHORIZED release? the fact that many modules that were abandoned are still used and the patches in the bug reports are piling up when you just need someone to apply them and have them tested, Others have describe the process for taking over abandoned distributions. It works quite well. I've inherited a few things that I liked but needed to fix. Authors are volunteers and fixing things takes work. If it's important enough to you to have fixes, then volunteer to take over. If you don't have that kind of time and you want to warn people about abandon-ware that shouldn't be used unless, submit a negative review. the fact that we have a lot of forks for abandoned modules, I don't see how that's a problem any more than the fact that we have lots of similar sounding modules doing similar things. Diversity is strength. Would it be better that people took them over? Maybe. Or maybe not. A fork allows things an API to evolve in a potentially incompatible direction without screwing those whose code depends on the original version. So who is to say when a fork is or isn't the right approach? In my view -- only the end users. If a fork is a good idea, it'll get used. If not, it wont. the fact that some modules are so outdated they won't work on any standard system, Have you seen the CPAN Testers line on search.cpan.org? Particularly the Perl/Platform Version Matrix? There is information available about where things work. and there's no way to parse them out in the search (give me only modules which work on 5.8 and hold the ketchup). Again, are you talking search.cpan.org or CPAN? Nothing prevents you from writing your own search website that merges results from CPAN Testers. I really think it's not just CPAN that needs revamping, it's the fact that it seems like we've overlooked a bloating module archive that is imperative to the community and as a community I think we need to look into it some more. I'm not bitching, I just think we can improve things a lot. You are bitching. Moreover, you're complaining that the community needs to do something and trying to set some direction. But, the community in this case is made up of volunteers who write code. A lot of the extras you see on search.cpan.org like ratings, dependency map, perl/platform version matrix and the discussion forum were made by people with an itch to scratch. So if you have an itch, write some code and see if people like it. Or write some text for the FAQ. That's going to be much more effective than jawboning people for change. -- David
Re: Regulating Module Authorship
On Mon, Sep 22, 2008 at 6:03 AM, sawyer x [EMAIL PROTECTED] wrote: Perhaps we do need some added guidelines to CPAN. My 2 cents: CPAN is fundamentally a free-wheeling, fairly anarchic place run by volunteers and containing the work of volunteers. Anything that imposes greater restrictions (a) requires more work for maintainers and (b) decreases the freedom to innovate. For both reasons, more rules or guidelines are to be avoided. I understand what you mean but I'm not sure any change (and I don't think in the way of restrictions) would have bad consequences, but if it will evidently do so, it's a good reason not to have these changes. I just wouldn't jump the gun on this that quickly. the fact that many modules that were abandoned are still used and the patches in the bug reports are piling up when you just need someone to apply them and have them tested, Others have describe the process for taking over abandoned distributions. It works quite well. I've inherited a few things that I liked but needed to fix. Authors are volunteers and fixing things takes work. If it's important enough to you to have fixes, then volunteer to take over. If you don't have that kind of time and you want to warn people about abandon-ware that shouldn't be used unless, submit a negative review. I do try to contact authors and report bugs. I'm not saying look, there's some changes I want done in various modules. Could we appoint people who would do that for me? I think you've got me wrong there. What I'm saying is maybe we should think of (obviously a volunteering) way of being able to fix things easier. A way to check that less things fall between the chairs. You don't think we need one? You think we already have one? Alright, thanks for the input. and there's no way to parse them out in the search (give me only modules which work on 5.8 and hold the ketchup). Again, are you talking search.cpan.org or CPAN? Nothing prevents you from writing your own search website that merges results from CPAN Testers. True, and while diversity is strength, re-inventing the wheel can also be redundant. I really think it's not just CPAN that needs revamping, it's the fact that it seems like we've overlooked a bloating module archive that is imperative to the community and as a community I think we need to look into it some more. I'm not bitching, I just think we can improve things a lot. You are bitching. Moreover, you're complaining that the community needs to do something and trying to set some direction. But, the community in this case is made up of volunteers who write code. A lot of the extras you see on search.cpan.org like ratings, dependency map, perl/platform version matrix and the discussion forum were made by people with an itch to scratch. So if you have an itch, write some code and see if people like it. Or write some text for the FAQ. That's going to be much more effective than jawboning people for change. Again, you think I'm taking the community for granted, asking it to do something for me. Instead, I'm suggesting and trying to start a debate WITH people to get their views. I've always said I might be wrong on things and that's why I would like to hear what people have to say. And people have replied (some even personally to me). That means I'm _not_ bitching, and I think you're taking this to a different place. You want to say that things are perfectly fine, or that I'm barking up the wrong tree? Okay, comment noted. But I wouldn't go as far as calling it bitching. Obviously people scratch their own itches, all I wanted to know is if someone was itching there as well. You don't? Cool, sorry for bothering you. Others do itch there. Shlomi Fish directed me to the rethinking-cpan list, I'll try and continue this there. Thanks.
Re: Regulating Module Authorship
On Mon, 22 Sep 2008, sawyer x wrote: Perhaps we do need some added guidelines to CPAN. I think you're trying to fix the problem on the wrong end. Regulating CPAN would be bad, because we shouldn't have confidence that we'll do a good job. Making the process of contributing harder would likely turn away good stuff as well as bad. Instead, what I think needs improvement is the search filtering bits. Frankly, search.cpan needs to be replaced with something much better (and ya know, open source). I'm not exactly sure what that is though ;) It'd probably incorporate some combination of ... * better search engine (fulltext search of all pod) * ratings baked right in so you can search based on rating * trust metrics for authors modules * some wiki-ish/annocpan-ish thing to allow user commentary inline with distro views Basically, we have a community of people who already know what modules to use, at least in some areas. We need to do a much better job of letting them share that information, and making that info easily available to a noob who's looking for a module to help with parsing dates. -dave /*== VegGuide.Org Your guide to all that's veg ==*/
Re: Regulating Module Authorship
On Mon, Sep 22, 2008 at 09:40:09AM -0500, Dave Rolsky wrote: Instead, what I think needs improvement is the search filtering bits. Frankly, search.cpan needs to be replaced with something much better (and ya know, open source). I'm not exactly sure what that is though ;) The open-source CPAN search engine is at: http://kobesearch.cpan.org/. Its source code is here: http://cpan.uwinnipeg.ca/dist/CPAN-Search-Lite. -- Philippe Bruhat (BooK) Fantasy is a nice vacation but Reality is where you spend your life. (Moral from Groo The Wanderer #44 (Epic))
Re: Regulating Module Authorship
* Dave Rolsky [EMAIL PROTECTED] [2008-09-22 16:45]: It'd probably incorporate some combination of ... * better search engine (fulltext search of all pod) * ratings baked right in so you can search based on rating * trust metrics for authors modules * some wiki-ish/annocpan-ish thing to allow user commentary inline with distro views Adding a social network could work very nicely, both to partly address several of the things you listed as well as to add other equally useful features. (No, I’m not joking. :-) ) Regards, -- Aristotle Pagaltzis // http://plasmasturm.org/
Re: Regulating Module Authorship
On Mon, 22 Sep 2008, Aristotle Pagaltzis wrote: * Dave Rolsky [EMAIL PROTECTED] [2008-09-22 16:45]: It'd probably incorporate some combination of ... * better search engine (fulltext search of all pod) * ratings baked right in so you can search based on rating * trust metrics for authors modules * some wiki-ish/annocpan-ish thing to allow user commentary inline with distro views Adding a social network could work very nicely, both to partly address several of the things you listed as well as to add other equally useful features. (No, I’m not joking. :-) ) That's more or less what I'm getting at with trust metrics. My idea is to have a web of trust where you indicate trust in both distros authors. Trust would then echo down the network so that you trust something that a trusted author trusts, but less than if you trust it directly. The idea is to be able to find highly trusted distros and authors, which would help people find the best solution in a crowded space. Note that this differs from ratings, which I don't find very useful at all. -dave /*== VegGuide.Org Your guide to all that's veg ==*/
Re: Regulating Module Authorship
* Dave Rolsky [EMAIL PROTECTED] [2008-09-22 17:55]: Note that this differs from ratings, which I don't find very useful at all. Agreed. And trust networking is how humans are wired anyway. Regards, -- Aristotle Pagaltzis // http://plasmasturm.org/
Re: Regulating Module Authorship
On Mon, Sep 22, 2008 at 10:57 AM, Aristotle Pagaltzis [EMAIL PROTECTED] wrote: * Dave Rolsky [EMAIL PROTECTED] [2008-09-22 17:55]: Note that this differs from ratings, which I don't find very useful at all. Agreed. And trust networking is how humans are wired anyway. formal trust metrics can be gamed. That's also how humans are wired. -- Fifteen million dollars just isn't what it used to be
Re: Regulating Module Authorship
On Mon, Sep 22, 2008 at 01:03:32PM +0300, sawyer x wrote: Perhaps we do need some added guidelines to CPAN. I don't think so. We just need smarter tools. the fact that some modules are so outdated they won't work on any standard system, and there's no way to parse them out in the search (give me only modules which work on 5.8 and hold the ketchup). I've mumbled a bit recently about doing a CP5.6AN (for various values of 5.6), which would, to clients like CPAN.pm, look exactly like a normal CPAN mirror. Underneath, however, the 02packages file would include, instead of the latest version of each distribution, the latest version *which has at least one CPAN-testers 'pass' report for the desired version of perl*. This mirror would not contain any other files apart from the hacked up 02packages - everything else would be handled by responding with HTTP redirects sending people to a real CPAN mirror or to the backpan. This little project is all planned and designed (it's so simple that the above paragraph is the entire spec), it just needs someone to sit down and write a little bit of code and configure Apache. I'll do it eventually, but my to-do list is rather long. If anyone else wants to pick it up and implement it, I'd be delighted. -- David Cantrell | top google result for topless karaoke murders I remember when computers were frustrating because they did exactly what you told them to. That seems kinda quaint now. -- JD Baldwin, in the Monastery
Re: Regulating Module Authorship
* David Nicol [EMAIL PROTECTED] [2008-09-22 18:05]: On Mon, Sep 22, 2008 at 10:57 AM, Aristotle Pagaltzis [EMAIL PROTECTED] wrote: * Dave Rolsky [EMAIL PROTECTED] [2008-09-22 17:55]: Note that this differs from ratings, which I don't find very useful at all. Agreed. And trust networking is how humans are wired anyway. formal trust metrics can be gamed. That's also how humans are wired. Sure, but not to any useful extent if they are person-centric and there is no worthwhile gain. There is no spam in my RSS reader and none in my Twitter timeline. Regards, -- Aristotle Pagaltzis // http://plasmasturm.org/
Re: Regulating Module Authorship
On Mon, Sep 22, 2008 at 4:03 PM, Aristotle Pagaltzis [EMAIL PROTECTED] wrote: formal trust metrics can be gamed. That's also how humans are wired. Sure, but not to any useful extent if they are person-centric and there is no worthwhile gain. There is no spam in my RSS reader and none in my Twitter timeline. Okay, I concede: Once again I'm spouting straw men. Last year's flap with the possibly deliberate compromise of Debian ssh occurred at a high ring of trust that would have been the same with or without formal metrics. Or would formal metrics have raised flags early? Please, readers of the lists to which I post, alert me off-list if you feel David Nicol has been too free in sharing hypothetical contrarian positions of late; I'm experiencing guilt about wasting people's valuable time. (this, and the recent flip-flopping WRT autodie semantics.)
Re: Regulating Module Authorship
* David Nicol [EMAIL PROTECTED] [2008-09-22 23:15]: On Mon, Sep 22, 2008 at 4:03 PM, Aristotle Pagaltzis [EMAIL PROTECTED] wrote: formal trust metrics can be gamed. That's also how humans are wired. Sure, but not to any useful extent if they are person-centric and there is no worthwhile gain. There is no spam in my RSS reader and none in my Twitter timeline. Okay, I concede: Once again I'm spouting straw men. Last year's flap with the possibly deliberate compromise of Debian ssh occurred at a high ring of trust that would have been the same with or without formal metrics. Or would formal metrics have raised flags early? I’m not sure what that has to do with what I said. That trust was institutional, not person-centric. Regards, -- Aristotle Pagaltzis // http://plasmasturm.org/
