in reply to Re^2: What if someone deleted his Perl modules? (cpan/pause unauthorized)
in thread What if someone liberated his Perl modules?

That's why I wrote "an extra step of giving up primary/co-maintainer status"..... once the original author makes the namespace available again, it's back to free for all: any other PAUSE author (malicious or not) can theoretically upload to the same namespace and spread malware or compromise users' systems via module update. It's easy to register a PAUSE account.

IIRC (i'm not 100%) but it doesn't work like that, if you give up ownership, it still takes manual action by PAUSE administrators/moderators to grant somebody else ownership, unless you're giving it up to a co-maintainer, in which case ... you trusted the team once yeah, so :p

  • Comment on Re^3: What if someone deleted his Perl modules? (cpan/pause unauthorized)

Replies are listed 'Best First'.
Re^4: What if someone deleted his Perl modules? (cpan/pause unauthorized)
by perlancar (Hermit) on Mar 24, 2016 at 12:02 UTC

    I happen to use two PAUSE ID's (old and new) and for the past 1.5 years have been uploading (using the new account) distributions that were once uploaded using the old account.

    Haven't specifically looked into it, but I admit in my experience it's a bit weird sometimes. Sometimes (1) I just need to delete my distribution on the old account, wait a few minutes (not even need to wait 72 hours), and then the related packages would automatically be free and when I upload the distribution using the new account, I get "first-come" again. But sometimes (2) I do have to go to Change Permissions page from my old PAUSE account and explicitly give up primary maintainership before my new distribution on my new PAUSE account gets indexed.

    Perhaps in the case of (1), the PAUSE admin was behind it?

[reply]

In Section Meditations