develooper Front page | perl.modules | Postings from June 2019

Re: Request for removal of uploading privileges for user HOLYGHOST

Thread Previous | Thread Next
JJ Merelo
June 1, 2019 06:50
Re: Request for removal of uploading privileges for user HOLYGHOST
Message ID:
My previous response included a screenshot from Twitter showing the release
of 4 versions of the non-compiling module in an hour. Apparently, the
archiving software didn't like that and just showed gibberish. Here's the
text response now, mainly for archiving purposes, since I guess that
whoever is in the list would have received it correctly.
First, thanks a lot for addressing this so quickly.

El vie., 31 may. 2019 a las 8:33, Andreas Koenig (<>) escribió:

> >>>>> On Fri, 31 May 2019 06:50:18 +0200, JJ Merelo <>
> said:
>   > Dear administrators:
>   > This letter is to draw your attention to the situation that has arisen
>   > in the Perl 6 community with user HOLYGHOST. In a nutshell, for the
>   > past months he's been uploading new modules and new versions of
>   > modules to the tune of several a day sometimes. These modules have
>   > barely any tests (or no tests at all), and in many cases they don't
>   > even compile since they are written in an invented version of Perl 6.
>   > In most cases, if not all, they are uploaded directly to CPAN without
>   > the intermediate step of using a source control system. That is not a
>   > problem per se, the main problem is that, by dint of simply not
>   > compiling (or not taking the time to compile them before uploading
>   > them to CPAN), they don't pass the minimum standard of quality
>   > required for Perl 6 module (not to mention a syntactically correct
>   > program), yet they show up in searches, in modules pages and in the
>   > Twitter bot that does such thing, provoking confusion among users.
> Can you be more specific as to which users are confused on which level
> (and scale)?

That's hard to say, since there are no stats of zef or
searches. However, if you look at some type of modules, for instance here:, both of them are by him, both
totally incorrect. If you look up Bayes, you'll find a regular module, and
then his module: There's also a
Game module: and the problem is
that sometimes he's producing new (and still incorrect) versions of modules
by the hour (see attached screenshot), which end up being something close
to spam and hiding other legitimate uploads. We've called him on this, and
he's accepted to stop doing that.
Yet the very next day, or in a few hours, he starts all over again.

>   > Yep today he's uploaded a new version of another module. This is why I
>   > kindly ask to revoke his uploading privileges to CPAN, or take the
>   > measures that are usual in these cases so that this situation stops.
> The usual measures are to never restrict uploading unless there are
> indications of severe wrongdoing or wreaking havoc. It would be a
> completely unprecendented move to interfere on the upload level without
> a very good cause.

I can understand this. I'm not going to blow this up out or proportion,
because at the the end of the day it's simply spam that can be ignored, at
least on some level. It's simply provoking a waste of time and resources by
the community. Of course it's wrongdoing if you simply start uploading
things that do not compile, and do it all over again. I wouldn't qualify it
as severe, unless you consider severe repeated warnings by several #perl6
users, which have lately happened every single day.

> "That this situation stops" is probably the key phrase here. What is the
> situation that needs stopping, why, and how many other parts of the
> eco-system besides PAUSE-uploading-system might be good starting points
> to consider tweaking (or inventing?)?

The main thing is that we need to keep out of the Perl 6 ecosystem modules
that do not have pass the simple test of compiling. For the time being, we
don't have an automatic mechanism to eliminate them from searches, for
instance (I don't know if CPAN has a mechanism for doing that, but there's
at least MetaCPAN that allows you to grade or issue comments on modules).
Additionally, there's no middleware now between CPAN-as-a-repo and
zef-as-an-ecosystem CLI. There are at least two other places where modules
uploaded to CPAN are reflected: and the Twitter bot.

So if there's no policy in place for avoiding this at a CPAN level, I guess
we'll have to check it in other places. Being CPAN the "single source of
truth", however, it would be easier for everyone to stop it there. This
could also be a policy testbed. Indexing, for the time being, limits itself
to check that there are no name clashes and unzipping is done correctly, as
well as check version. Adding a check for compilation of modules should be
mandatory, except it has not been (generally) needed because everyone does
all possible checks before uploading something to CPAN. Being this as it is
a totally new case, I would ask for totally new policies, at the technical
or community level, to be put in place for dealing with it.



Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About