I just wonder why it's shown in the modules version list. It shouldn't be, if it's not indexed. Wild uploading files no-one cares is no such problem :)
Best regards, Jens > Am 03.05.2026 um 20:19 schrieb Ricardo Signes <[email protected]>: > > Uploading a tarball with packages you don't control has always (or at least > for 15 years) been permitted. Roughly speaking, "anyone" can upload > "anything". The permissions system only governs what gets into the index. > > I don't know how metacpan decides what to show as an unauthorized release. > That seems likely to cause confusion, but probably showing it solves some > other problems I can't get at. > > On Sat, May 2, 2026, at 09:49, Jens Rehsack wrote: >> >> >> Hey, >> >> I always thought there are rules for uploading updates to PAUSE. >> >> Concretely: ETHER has no permissions on the Params::Util namespace and never >> requested any. Nevertheless, ETHER uploaded >> ETHER/Params-Util-1.103_01.tar.gz. Numerically 1.103_01 (1.10301) is greater >> than my legitimate developer release 1.103_001 (1.103001), so MetaCPAN >> displays the unauthorised upload as the "latest" release for the namespace. >> >> For context: in response to Issues #5 and #6, plicease (Graham Ollis) did >> request co-maintenance through the proper channel, which I declined for >> reason. ETHER bypassed that process entirely. That is overreaching and >> disrespectful. >> >> I request: >> >> 1. Removal of ETHER/Params-Util-1.103_01.tar.gz from CPAN. >> 2. A standing block preventing ETHER from uploading into any namespace I own. >> >> Best regards, >> Jens Rehsack >> >> Attachments: >> • signature.asc > >
signature.asc
Description: Message signed with OpenPGP
