Crates.io squatting

softprops · 2018-09-23T15:58:18.265Z

I’ve reached out to the crates.io maintainers in the past. The answer was crate squatting not conflict with crates.io policy https://github.com/rust-lang/crates.io/issues/624 http://doc.crates.io/policies.html

soc · 2018-09-23T18:10:25.481Z

kornel:

Such curation takes waaaay more work than writing “don’t squat” in the rules and deleting worst spam from time to time.

If there are people who want to do it, what’s wrong with it? And if there aren’t, the situation doesn’t get worse over time, like it does if spam/squatting went unchecked.

Dylan-DPC · 2018-10-04T05:21:20.784Z

One squatter is even a Rick Astley fan: https://crates.io/crates/gcr (click on documentation)

gbutler · 2018-10-04T08:02:57.526Z

soc:

If there are people who want to do it, what’s wrong with it?

Who decides what is “Squatting”? I’d question why someone would want to spend their valuable time on this. What is to be gained?

dodomorandi · 2018-10-04T08:06:01.932Z

Dylan-DPC:

One squatter is even a Rick Astley fan

If people start becoming creative about squatting, we will end up adding a “Squat of the Week” to TWiR…

scottmcm · 2018-10-04T18:17:11.660Z

gbutler:

Who decides what is “Squatting”? I’d question why someone would want to spend their valuable time on this. What is to be gained?

Probably the same thing as URL squatting. It’s a bet on rust becoming popular, and thus good crate names becoming valuable.

gbutler · 2018-10-04T19:46:26.785Z

scottmcm:

thus good crate names becoming valuable.

Isn’t that desirable? So someone reserves some names and doesn’t use them. Then Rust becomes really popular and some organization wants one of those names and that person offers to sell it to them. Is that so horrible? I’m not able to envision a scenario where it effects me in any meaningful way. So, I want to name my crate “super-duper-scooper”, but, someone has that name reserved. I decide to ask them for it. They say no, but, say they’ll sell it to me. If I have trademark on “super-duper-scooper” I can take them to court and get the name that way (most likely). If I don’t, I have no more right to that name than anyone else. If I really want, and that person is willing to sell it to me, and I"m willing to buy it, what’s the problem?

Now, in MY case, I’d just pick a different name, like: “uber-duper-scooper” or “superty-duperty-scooper” and be done with it. What care do I have that someone else has a similar name reserved.

All that being said, I’d still prefer if we could register a “Namespace” and then be able to create as many packages/sub-packages within that “Namespace” without having to worry about similarly named top-level only names.

So, to me, focusing on “Squatting” is not really anything useful. Focusing on “namespacing” seems much more useful.

Centril · 2018-10-04T20:23:15.769Z

gbutler:

Is that so horrible?

That depends on one’s political (i.e. socialism, …) inclinations and IRLO isn’t the forum for discussion those…

gbutler · 2018-10-04T20:30:25.157Z

Centril:

depends on one’s political (i.e. socialism, …) inclinations and IRLO isn’t the forum for discussion those

I’m not certain how you can separate out something like this. The whole term “squatting” is a value judgement and not much else. It’s 100% about how you view the rightness/wrongness of it. There is little to be said one way or the other from a technical perspective. I just don’t see how you have have a thread called “Crates.io squatting” where it is being debated whether there should be overseers who police the allocation of names on crates.io without getting into the politics and morals of the issue. Just because things are sometimes uncomfortable to discuss does not make them “inappropriate”. In fact, ending a debate based on that seems “inappropriate” (to my mind).

That being said, I understand where you are coming from and I’m definitely not in favor of this becoming a huge moral/political/philosophical debate. I guess that’s why I argue that focusing on “squatting” (a value judgement by its nature) puts emphasis on the wrong thing. Better to focus on “name-spacing”.

Just my 2 cents. Please don’t take anything I’ve said to be intended to be in ANY way dismissive of others’ concerns.

Centril · 2018-10-04T20:39:50.080Z

gbutler:

I’m not certain how you can separate out something like this.

I think you cannot separate the two wherefore my inclination is that crates.io should continue to not have any policy against “squatting” annoying as it may be sometimes.

gbutler:

Just because things are sometimes uncomfortable to discuss does not make them “inappropriate”. In fact, ending a debate based on that seems “inappropriate” (to my mind).

I’m not saying one should never discuss political or ethical matters in tech. In fact, the CoC is such a political document that establishes a baseline of ethics for the Rust community, but even arriving at that document was not uncontroversial (but a good decision), and is frequently ridiculed / questioned today.

The morality of squatting seems to me a much more difficult question where if we would discuss the politics behind it, political questions (such as the morality of profiting out of no work…) would arise which would divide the community up too much in my opinion.

josh · 2018-10-04T21:15:34.324Z

Leaving aside any other policies about squatting, I don’t think it would be particularly difficult to have a policy stating that holding a crate name with the intention of charging for transferring it is not allowed.

gbutler · 2018-10-04T21:19:12.589Z

josh:

intention of charging for transferring

Examining someone’s “intentions” become precarious pretty quickly. To me, the juice isn’t worth the squeeze. Better to focus on making Crates.io naming as useful as possible without trying to figure out someone else’s internal thoughts, feelings, and motivations. Not to say someone can’t be judged, they can, but, there are better things to spend time on. Again, just and opinion.

josh · 2018-10-04T21:21:11.111Z

Replying to a request for the crate name with a request for money would make that rather clear, as might the crate description, etc. I’m talking about clear-cut cases here.

derekdreery · 2018-10-05T17:13:59.045Z

Some numbers to show the economics of these names:

They have no inherent value, you can’t trade them for food etc.
Counting alphanumeric and underscore words up to length 8, there are 27 ^ 8 = 282_429_536_481 crate names.
From the oxford dictionary site:

The Second Edition of the 20-volume Oxford English Dictionary contains full entries for 171,476 words in current use, and 47,156 obsolete words. To this may be added around 9,500 derivative words included as subentries.

So there are (171_476 + 47_156) ^ 3 = 10_450_598_979_731_968 three-word crate names.

Just saying that however many names you squat, a physicist will still round it to 0 .

gbutler · 2018-10-05T17:29:29.545Z

josh:

talking about clear-cut cases

In my experience, things that are “Clear Cut” in theory tend to be quite complicated and messy in practice when it comes to judging people’s intentions, motivations, etc. It’s why we have judges and not automated algorithms for justice (however imperfect that may be). I like @derekdreery’s point: The number of crates that can be squatted meaningfully is a rounding error. I would agree. Better things to spend resources, time, and intellectual effort on.

soc · 2018-10-06T20:33:21.833Z

gbutler:

If there are people who want to do it, what’s wrong with it?"

Who decides what is “Squatting”? I’d question why someone would want to spend their valuable time on this. What is to be gained?

My comment was solely referring to the possibility of people assembling collections of “redirect crates” to create their personal “awesome Rust libraries” space, and sharing it with other people as an example of the additional benefits of having namespaces.

birkenfeld · 2018-10-08T07:32:01.206Z

gbutler:

It’s why we have judges and not automated algorithms for justice (however imperfect that may be).

But that’s exactly what people offered to be in what you originally quoted:

If there are people who want to do it, what’s wrong with it?"

kornel · 2018-10-09T14:03:18.469Z

gbutler:

Is that so horrible? I’m not able to envision a scenario where it effects me in any meaningful way.

It affects me by thousand cuts:

Squatting takes away short, recognizable, meaningful names, so users are forced to use longer, less memorable names. To me there is a value in the libc crate being called libc, and not thereallibc or something else.
Squatting forces users to keep a mental mapping between what crate they want, and crate they have to install. If someone squatted futures, users would have to remember that to use futures they have to install futures-rs or async-futures or futures2 or alexcrichton/futures.
Squatting creates traps where install of the obvious crate, and exact match search on crates-io, gives undesirable result. If I needed to parse XML I’d expect the xml crate to do a decent job, and not be a dud or malware. For bindings, I expect $libraryname-sys to work and not be squatted.
Squatting is undesirable for companies supporting Rust. If a company has a brand Foo, they’d want the foo crate, and not have to pick something else that is a quirk to be taught and documented. They would be extra unhappy if foo was garbage making their brand look bad.
Coming up with a great name, and finding the name can’t be used for no good reason is disappointing and discouraging.
Garbage crates come up in crates-io search and category pages, making them less useful. These are fixable problems, but if squatting is not recognized as a problem, it won’t be fixed.
I’m afraid it casts doubts on quality of Rust’s ecosystem as a whole if users keep finding non-working crates. It’s doubly bad when the official position is that crates-io just doesn’t care.

gbutler · 2018-10-09T14:17:25.102Z

I see your points, but, I would have a slightly different take on things:

kornel:

Squatting takes away short, recognizable, meaningful names

So, this argues for there being a “blessed” crate that gets the short, “meaningful” name for whatever concept is being modeled and all competitors get some non-short, non-meaningful name. I’m not sure that is desirable.

kornel:

forces users to keep a mental mapping between what crate they want, and crate they have to install. If someone squatted futures , users would have to remember that to use futures they have to install

Hmmm…same point, same issue to my mind.

kornel:

If I needed to parse XML I’d expect the xml crate to do a decent job

Again, there is only 1 XML parsing crate that is the blessed crate? Same issue to my mind.

kornel:

Squatting is undesirable for companies supporting Rust

Lack of name-spacing (to my mind) is the issue here. If someone is squatting a company’s trademarks, there are legal remedies for that. Nothing that Rust needs to concern itself about. There is well-established law and legal remedies that are the only legitimate way to sort that out.

kornel:

Coming up with a great name, and finding the name can’t be used for no good reason is disappointing and discouraging.

Short, simple, one-word names that are basically just the concept being modeled are hardly creative endeavors. Also, coming up with a “good name” and starting work on a project (but not ready to release) and then finding the name taken when you get ready to release, requiring a complete rename of your project is even more discouraging I would say. So, If someone starts a project, they shouldn’t be allowed to “reserve” the name they thought of whilst working on it? That doesn’t seem useful.

kornel:

These are fixable problems, but if squatting is not recognized as a problem, it won’t be fixed.

Again, I’d argue the issue is not squatting, it’s lack of name-spacing. Focusing on “squatting” is solving the symptom rather than the problem (to my mind).

kornel:

I’m afraid it casts doubts on quality of Rust’s ecosystem as a whole if users keep finding non-working crates. It’s doubly bad when the official position is that crates-io just doesn’t care

I’m not in agreement with that, but, other’s would definitely have their own opinion on it. I’m not sure it is the slam-dunk you see it as though.

To me, the symptom is “perceived and/or real squatting”, but, the problem is “lack of name-spacing”. Fix the problem, don’t just treat the symptom.

That’s my take anyway. I may be completely off-the-mark though. I definitely consider this to be a very subjective area where opinions on the matter are mostly all there really is. I definitely don’t consider you wrong on this issue any more than I’m right.

kornel · 2018-10-09T15:32:29.877Z

gbutler:

So, this argues for there being a “blessed” crate that gets the short, “meaningful” name for whatever concept is being modeled and all competitors get some non-short, non-meaningful name. I’m not sure that is desirable

The actual situation is not entirely one vs all competitors, because Rust ecosystem is so far mainly open-source and cooperating in good spirit, so people can contribute to the “blessed” crate instead of competing with it.

It’s true that the second person who decides to make a competing project has to find another name, but I argue it’s still better than letting squatters have the best name.

gbutler:

If someone is squatting a company’s trademarks […] There is well-established law and legal remedies that are the only legitimate way to sort that out.

As a trademark owner, whose trademark is squatted on several services, I strongly disagree with this.

The law doesn’t protect squatted names. The name has to be used, and has to be used in a specific way covered by the scope of the trademark, and not covered by exceptions in the law.
For small businesses it’s time consuming and prohibitively expensive.
For individual employees or teams within a large organization litigation is also unlikely to be an option, because of the amount of internal bureaucracy involved, and making noise by getting Legal Dept involved, usually on top of sticking neck out to use Rust in the first place, is just too much.

gbutler:

the problem is “lack of name-spacing”.

I care about nice namespace names as much as I care about nice crate names. To me namespaced crates-io with namespace squatting problem would also be bad.

As soon as crates-io gets namespaces I’ll start “crates.io namespace squatting” thread, because for my Foo project I want to have the foo/* namespace.