[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Adding advisory notification for non-ELPA package.el downloads

From: Yann Hodique
Subject: Re: Adding advisory notification for non-ELPA package.el downloads
Date: Mon, 10 Jul 2017 09:48:17 -0700
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (darwin)

>>>>> "Richard" == Richard Stallman <address@hidden> writes:

> [[[ To any NSA and FBI agents reading my email: please consider    ]]]
> [[[ whether defending the US Constitution against all enemies,     ]]]
> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]

>> Proactively contacting elisp developers to ask them if they would
>> consider a copyright assignment (mentioning the benefit of potential
>> bundling with Emacs, along with the rest of the implications) seems much
>> more OK to me.

> That would entail searching for people who are just starting packages
> and sending each one mail.  I agree it would give better results -- if
> we could do it.  But it would be a lot of work.  Who would do the
> work?  And how would we find people that are just starting
> to get contributions to their packages?

> It isn't better if it isn't feasible.

Well, one possibility would be to:

1. figure out where most of the code that ends up in MELPA lives (since
   it seems to be the target so far):

   ~/src/github.com/melpa/melpa/recipes master
   ❯ grep :fetcher * | sed 's/.*:fetcher \([a-z]*\).*/\1/' | sort | uniq -c | 
sort -rg
   3393 github
    156 wiki
     44 git
     38 bitbucket
     26 gitlab
      9 svn
      4 cvs
      2 darcs
      2 bzr
      1 hg

   given that the wiki data is reachable from github (via
   https://github.com/emacsmirror/emacswiki.org) that means that at
   least 96.6% of the target is present on github one way or the
   other. I'm too lazy to extract real trends, but this share is
   slowly growing
   | 07/2012 | 07/2013 | 07/2014 | 07/2015 | 07/2016 | 07/2017 |
   |    89.8 |    92.4 |      94 |    95.8 |    96.5 |    96.6 |

2. use the fact that github data is published weekly as a BigQuery
   dataset (https://cloud.google.com/bigquery/public-data/github) to
   perform fancy queries on it: like what are the emacs repositories
   that went from 1 contributor last week to 2 contributors this week,
   crosscheck with paperwork data and identify who to go after next.
   An example of what has already been achieved using those tools:

That's kind of handwavy and vaguely creepy (then again, any kind of
automatic detection of what I might be doing to "help me being a better
member of the community" is gonna creep me out no matter what), but most
of the data is definitely readily available.


The worst sort of protection is confidence.  The best defense is suspicion.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]