A real RFC has been opened as RFC 2614. A pre-RFC draft is preserved below.
Summary
This experimental RFC proposes a process by which a designated Rust team member or members could reassign ownership of a crate name on crates.io. The aim is to identify the absolute smallest, most conservative step we can feasibly make from the status quo of crate names that can only be transferred by a current owner. The proposal is intended to address only the absolute most clear-cut situations in which a crate name would need to be transferred. It is not intended to address the situation of name squatting on crates.io, nor as a gateway to eventual more aggressive forced exchange of crate names.
Motivation
It is my humble belief that there exists such a thing as a clear-cut situation in which transferring a crate name from one person to another makes sense.
The following situation describes a real crate (all of the following describe the same crate):
- Crate was last updated 4 years ago,
- Not a single version of the crate compiles on any Rust compiler 1.0.0 or newer,
- In the most recent version of the crate, the author has indicated that the entire crate is deprecated,
- Zero other crates depend on the crate,
- Crate has a desirable name that a different user is eager to use for a library that is all ready to be published,
- Reasonable efforts to contact the author are unsuccessful.
This eRFC introduces an opportunity for a Rust team member to be entrusted in volunteering their time and their reputation to improve the experience of using crates.io by arbitrating similarly clear-cut cases.
Experiment
This RFC proposes evaluating the process outlined below as an experiment that can be abandoned at any time with or without cause.
Any Rust team (core team, or subteam with representation on the core team) is welcome to call off the experiment at any time if they perceive undesired fallout from the experiment, or for any reason whatsoever. Such a decision would be arrived at by that team's ordinary decision-making / consensus-reaching process. The safeword is as follows:
The [your-team-name] team believes it would be better to discontinue this experiment and would like to stop fulfilling crate transfer requests effective immediately.
No justification needs to be given; the activities described in this RFC will terminate without further discussion.
This termination condition is intended as a lightweight way to avert or contain unforeseen impact of adopting this experimental RFC.
Reference-level explanation
The library team and/or moderation team will designate a Responsible Party. Crate transfers happen at the sole discretion of the Responsible Party.
The Responsible Party need not be a member of the library team or moderation team. There may be more than one Responsible Party, in which case the Responsible Parties will need to agree among themselves on a consensus process for approving crate transfer requests. If the Responsible Parties cannot agree, they are deemed Not So Responsible After All and the experiment terminates.
To reiterate: crate transfers happen at the sole discretion of the Responsible Party. There is no checklist of criteria that decide whether a request is granted. The Responsible Party is entrusted with upholding the intent of the eRFC in performing transfers in only the absolute most clear-cut cases according to their judgement.
When a user requests ownership of a crate, the two possible responses by the Responsible Party are:
-
All right, I yanked the existing releases and set you as the owner!
-
Hi! Thanks for the request. I believe this case is less clear-cut than the ones I am currently willing to grant. I would recommend picking a different crate name for now, but we can leave this request open if you want and revisit the decision in the future.
The Responsible Party is encouraged to respond to requests in a timely manner, but realistically they will respond when they have time and mental energy available.
Guide-level explanation
The details of requesting ownership of a crate name are to be figured out over time, but a viable way to begin would be as follows.
-
Set up a repository under The Rust Programming Language · GitHub called "crate-transfers".
-
Write a readme outlining the process. Ensure that the readme conveys that only the most clear-cut requests will be granted, so not to expect too much.
-
Requests are made by filing a GitHub issue.
-
Include a list of "up for grabs" crate names in the readme. Authors that no longer wish to use a crate name that they own can add it to the list by filing an issue or sending a pull request. A crate that is "up for grabs" trivially meets the "clear-cut situation" requirement if ownership of that name is ever requested.
-
Decision to terminate the experiment may be delivered by filing an issue containing the safeword message above. A pre-prepared note will be added to the readme and the repository will be archived.
Drawbacks
What if people get mad at the Responsible Party?
People are welcome to get mad at any Rust team member at any time, although this is not encouraged. The Responsible Party needs to be willing to stake their reputation on their ability to make the best decisions, and must be willing to take the fall if things go bad. Some experiments fail.
Checks and balances exist, particularly as any Rust team may terminate the experiment with or without cause.
What recourse is available if somebody is unhappy with a decision?
The usual:
- Complain on Twitter.
- Blog about it.
- Strategically upvote and downvote on Reddit.
- Email the mods.
- File lawsuit.
- ...
None of this is different from any other team decision that may make a person unhappy -- the libs team breaking your code, or the moderation team deleting your flame war for example.
This RFC does not go far enough.
This eRFC is not intended as a solution to the name squatting situation on crates.io. This eRFC does not denounce the behavior of registering crate names without the intention of using them.
By taking this step, it may be perceived as a decision against ever addressing the name squatting situation more decisively. That is not the intention of this eRFC.
The volume of requests may be overwhelming.
If the volume of requests is overwhelming, that would be sufficient reason for a team or the Responsible Party to terminate the experiment.
Rationale and alternatives
Alternative: provide a checklist of criteria
"The crate must be X years old, must not have crates depending on it, must be below version 1.0, must ..."
I believe it is better to leave the decision entirely up to the Responsible Party with no checklist. Similarly, the lang team does not have a checklist that determines what language changes are made ("must use no more than two new keywords, ...").
Alternative: require quorum greater than one
This eRFC allows for there to be multiple Responsible Parties as designated by the libs team and moderation team, but I believe that a single one is sufficient to achieve the aims.
TODO:
I need to read the 2500 existing comments across the various name squatting threads to see whether there are alternatives I should mention. I have not followed those threads and this eRFC is not intended to address name squatting.
Prior art
Unknown. I am interested to hear experiences from other package ecosystems.
Unresolved questions
Let me know!
Future possibilities
This eRFC would like to avoid, as much as possible, any association with a name squatting policy. Such a policy should be a largely orthogonal RFC.
As much as this is not the objective of this eRFC, the way this experiment plays out will likely inform any future policy on squatting.