What happens when you upload to CPAN?

CPANPAUSEuploading Tue 11 March 2014

This is the first part of a series about what happens when you upload a release to CPAN, via PAUSE. I started writing it as a single post, but it became way too long before I was even half way. This post will try to be the executive summary, or Reader's Digest condensed version if you like. Subsequent posts will dive into the details; I'll be filling gaps in my knowledge as I go, and expecting to be corrected on plenty of points as well.

The following illustrates the main steps in the upload process, the third being the most hairy:

CPAN upload process

Here are the highlights:

I'm writing up this much because I want to discuss it at the QA Hackathon this week. In particular I think the permissions check should be separate from, and earlier than, the indexing stage. This would mean that developer releases would still be permissions checked and would give you ownership. Packages with no_index would also still be permission-checked.

Even further though, I think the permissions check should be a precondition to putting a release in the author's directory. I know plenty of more experienced people than me disagree on the second point, but am looking forward to a good discussion and hopefully some illumination at least.


We had a good discussion around the first point, and PAUSE is going to be changing. Hopefully DAGOLDEN will be writing a summary of all the PAUSE-related decisions.

As I knew going in, checking permissions on upload was a non-starter. That's ok, I'm happy to bide my time :-)

comments powered by Disqus