Add admin action to reserve a gem namespace #3875
Conversation
Codecov Report
@@ Coverage Diff @@
## master #3875 +/- ##
=======================================
Coverage 98.79% 98.79%
=======================================
Files 215 216 +1
Lines 5372 5404 +32
=======================================
+ Hits 5307 5339 +32
Misses 65 65
|
|
Just to make sure I understand, this is a run-once-per-gem-name action to use after running “yank all versions”, right? Is there some way to know which gems need to be reserved after doing a “yank all gems by user”, or do you need to set that up before the yank all action? |
Correct. It can be run on any gem name that does not have any indexed versioned published |
|
Let's start with this and try it out; if it would be useful to adjust we can do that based on actual usage. |
|
Sad to miss the review on this. There is already simpler way to reserve namespace with no need to build and push gem. Wouldn't be much easier to just make this list dynamic (import into DB) instead of pushing empty gems? I can craft PR to switch to this approach. here is example of reserved namespace this simpler way - https://rubygems.org/gems/sidekiq-pro |
|
I think switching to that way is a good idea as soon as we have time! This was a quick automation of the manual process we are already using when we need to reserve a name without a PR, while we work on that better final solution. 👍🏻 |
|
I also think @simi's idea is indeed pretty neat! |
|
@simi once we have what you suggest we can migrate the once that are blocked now. We needed something fast to mitigate the current scenarios happening irl. |
So the rubygems.org security team can actively prevent squatters from re-taking a namespace after yanking all versions