prepare to support maintainer actions #262

New issue

Open

opened 2025-10-14 15:55:16 -06:00 by navan · 0 comments

navan commented

2025-10-14 15:55:16 -06:00

Owner

Originally created by @tayloraswift on 3/13/2024

the next big priority for us should be supporting maintainer configuration through the web UI, since Swift Package Index’s experience with checked-in configuration files has not been great.

there will be some actions that are initially admin-only, and some actions available to maintainers.

Uplink, Unlink, Delete these have major potential to disrupt the site’s operations, so they should remain admin-only.
Hide/Unhide package ditto.
Rename package this should be okay
Transfer package realm this should be admin only for now, otherwise people could add things to realms they do not own
Create package realm should be admin-only, users should have realms created for them
Alias package should be admin-only, as it consumes names from the global namespace
Index package tag could be abused to DoS the site, so it has to be admin-only for now, but we should place a rate limit on it as it is a common task that maintainers would want to do. we should consider providing an alternative Queue package for tags fetch instead.

*Originally created by @tayloraswift on 3/13/2024* the next big priority for us should be supporting maintainer configuration through the web UI, since Swift Package Index’s experience with checked-in configuration files has not been great. there will be some actions that are initially admin-only, and some actions available to maintainers. * **Uplink**, **Unlink**, **Delete** these have major potential to disrupt the site’s operations, so they should remain admin-only. * **Hide/Unhide package** ditto. * **Rename package** this should be okay * **Transfer package realm** this should be admin only for now, otherwise people could add things to realms they do not own * **Create package realm** should be admin-only, users should have realms created for them * **Alias package** should be admin-only, as it consumes names from the global namespace * **Index package tag** could be abused to DoS the site, so it has to be admin-only for now, but we should place a rate limit on it as it is a common task that maintainers would want to do. we should consider providing an alternative **Queue package for tags fetch** instead.