Cargo is a great package manager. It also has a great repository of crates where anyone can upload its own package. Low entrance barrier makes it easy to involve new people into the process and it is one of the reasons of Rust success.
But the low barrier also has its downsizes:
- repo is filled with low quality packages
- a lot of unused, abandoned packages that are not developed for a long time
- there are many forks of the same package, some developers prefer to fork a repo and upload as a separate package instead of working with upstream on getting changes merged.
- name squattering when some low-use package takes a popular and nice name (e.g. ‘math’ crate)
- there are multiple implementations of Thrift runtime and none of them is official https://crates.io/search?q=thrift. The official one from Thrift developers is not released yet.
- multiple forks of sha1 crate. It seems some forks recently yanked their versions but their crate names still exist.
There is another package repository with similar problems - Arch Linux AUR. And to help to solve the repo management problems AUR has a moderation mechanism. An owner or just a regular user can make a package request to AUR moderators:
- delete package
- merge package with another one
- change package ownership
And I can tell that AUR moderation works really great and helps to keep the repo cleaner.
I think rust crates repo would benefit from the same type of post-moderation mechanism. It will help to make the repo cleaner. Does it sounds like a reasonable idea?