Comments (9)
but it's somewhat hard to decide in which direction we should move forward if we did so
I highly recommend checking out svelte/svelteKit
. Its simplicity and easy learning curve make it suitable for developers of all levels. Furthermore, its performance and bundle size excel compared to other frameworks. Additionally, component-based development and a template syntax similar to Handlebars could ease the transition for crates.io developers.
from crates.io.
4. UI to include
Do you mean we need to implement it in our current frontend crates.io UI instead of an admin console UI?
2. Mass crate yanking and unyanking
I think we should create a separate page on crates.io if we want to add a base to our current frontend. Is that correct?
from crates.io.
BTW, thank you for writing it out! I am also highly interested in assisting with the implementation of the admin
feature. Please let me know if there is anything I can do to help. I am also open to exploring new frontend frameworks. I have some experience with Vue and React. However, I understand that maybe we do not require an admin-console
UI at the moment :(
from crates.io.
looks like a good plan! 👍
2. Migrate logging of admin actions into the database, rather than logging them into the normal logging machinery, so that we can retain them indefinitely,
I'm not so sure about this part. The log files can easily be pushed to S3 for long-term storage, while the database would have to carry them around forever. I'm currently not seeing the big advantage of logging to the database instead of using our regular logging system.
3. Require an admin action to include an explanation for why it's being taken (in most cases, presumably just a link to a Zulip thread or Zendesk ticket).
just to brain dump, IMHO yanking should generally require an explanation, also from regular owners. if a crate/version is yanked, as a user I would like to know if that is due to a security issue in a particular version, or whatever else the reason for it was.
Do you mean we need to implement it in our current frontend crates.io UI instead of an admin console UI?
yeah. at least for things that are already exposed in the regular user interface for crate owners this would make things a bit easier. for things like crate deletions we might need custom admin-only UI though.
I am also open to exploring new frontend frameworks
I guess eventually we'll have to move away from Ember, but it's somewhat hard to decide in which direction we should move forward if we did so. Whatever we go with, we would probably want to keep our frontend test suite, but that is currently coupled to the Ember code base. It might make sense to look into porting at least the higher-level tests to something like https://playwright.dev/.
from crates.io.
Do you mean we need to implement it in our current frontend crates.io UI instead of an admin console UI?
As much as possible, yes.
I'm not so sure about this part. The log files can easily be pushed to S3 for long-term storage, while the database would have to carry them around forever. I'm currently not seeing the big advantage of logging to the database instead of using our regular logging system.
My main concern with using the logging system is that — if anything — we want to be retaining our general logs for less time, rather than more. I don't doubt that we could set up some plumbing to filter out only the admin action logs and send them to S3, but that's additional complexity.
My secondary concern is accessibility: if the logs are in the database, we could (if necessary) eventually build a dashboard for them, and we can search out of the read-only replica with SQL. Having them in S3 may restrict access further (I certainly don't have access to our S3 setup, and probably shouldn't), and makes it slower to access them if we need to.
I don't feel strongly enough about this to call it a blocker — my primary concern is that the logs are persisted somewhere indefinitely, not so much exactly where — but I did have reasons for suggesting the database.
just to brain dump, IMHO yanking should generally require an explanation, also from regular owners. if a crate/version is yanked, as a user I would like to know if that is due to a security issue in a particular version, or whatever else the reason for it was.
Yeah, I like that, actually. Might hack something together.
I am also open to exploring new frontend frameworks
On the frontend discussion: I'm on record in the past as being supportive of moving away from Ember.
I'm most familiar with React, but I also don't particularly like React (OK, mostly hooks), so I'm open to exploring other options as well. I would advocate pretty strongly for TypeScript in whatever we migrate to, though. #bikeshed
from crates.io.
we want to be retaining our general logs for less time, rather than more. I don't doubt that we could set up some plumbing to filter out only the admin action logs and send them to S3, but that's additional complexity.
idk about S3 exporting, but DataDog makes it quite easy to have different retention periods depending on the data contained within the log record.
if the logs are in the database, we could (if necessary) eventually build a dashboard for them
same for usage within DataDog, and it doesn't need as much custom code :)
but yeah, it's a tradeoff...
from crates.io.
cross-linking #3119 here, so that we don't forget about it :)
from crates.io.
During today's meeting, we discussed introducing the yank reason for crates.io UI for regular and admin users. We should also consider supporting it from Cargo's interface using the yank command. Users of Cargo have requested this feature for a long time. See more at rust-lang/cargo#2608
@LawnGnome Please let me know if I can help land it on both crates.io and the Cargo side. I guess we need a RFC or something for it? Or we are going to implement it on the crates.io side first?
from crates.io.
An additional note on the admin action logs --
If we place them only in the database, they're generally going to be mutable. If we use a logging service of sorts or a S3 bucket with suitable restrictions configured, we can make sure they are in an immutable store.
from crates.io.
Related Issues (20)
- crates.io's TOML snippet with metadata produces warnings when used in `Cargo.toml` HOT 2
- Download graphs not starting at y=0
- `recent_crate_downloads` materialised view is not refreshed with the new download counting implementation HOT 1
- 'Browse All Crates' results in `Something Went Wrong!' HOT 1
- API token expiry warning emails HOT 5
- Name squatting: Can't find current owner's contact info HOT 2
- Tracking Issue for Packages as (optional) namespaces HOT 3
- README example rendering doesn't hide lines HOT 2
- An internal server error on crates.io website HOT 1
- Remove usage of EmberJS in the front-end? HOT 3
- Status 403 Forbidden HOT 1
- Image rendered wrongly HOT 3
- Crates with paths differing only by case are allowed HOT 2
- Unable to add owner via CLI; kinda works via web HOT 4
- GitHub special Markdown blocks aren't rendered in README section
- Policy page is missing indentation, changing its meaning HOT 1
- Failed to log in: Error obtaining token after logging out HOT 9
- Broken CONTRIBUTING link for crate `cargo-cyclonedx` HOT 8
- creates-io team outbound link, on the footer of creates.io - 404 not found at target
- internal server error when searching "using" HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from crates.io.