The Haskell GitHub Trust is new GitHub organization for community maintenance of Haskell packages.
If you find an under-maintained Haskell package which is useful but just needs a little freshening up, you generally have two good options.
Submit a PR and pester the maintainer to publish a new version. Then next year another person who wants to use the package will have to repeat this process.
Ask to become a maintainer. Then next year another person who wants to use the package will pester you.
The Haskell GitHub Trust gives you a third option:
Thanks for setting this up. I passed over repos including my very first package:
pureMD5
random-string
crypto-api
fgl-visualize
vector-strategies
I’m still around and these packages have needed nothing for forever (also have likely zero users), but this seems like a good place for functioning, low change, code.
Thank you for this initiative! It’s good to see someone dealing with this and I’m hopeful that it can help. But I’m a little confused about how to use it, and I’d like to ask some questions.
Let’s say I notice a package on Hackage that I’d like to put onto the GitHub Trust, like the situation in the recent thread by @unlocked2412 about the clipping package. What should I do?
(In particular, do I need to get permission to take over the package and become the Hackage maintainer? Or is having a GitHub fork of the repository enough? The announcement says it’s for “other people’s packages” and your Twitter discussion mentions unilaterally forking, but the rules on the GitHub Trust page disallow “transferring a package repository without permission of the maintainer”, which seems like it contradicts that. Am I misunderstanding something?)
Also, can you add packages to the Trust or request changes to them if you are not a Trust Owner? Should everyone who wants to add to or change Trust packages become an Owner?
Follow the instructions in Taking over a package with your own Hackage account. Declare your intent to add the package to the Haskell GitHub Trust.
Add the Hackage account haskell_github_trust to the list of package Maintainers.
Transfer or fork the package repository into this org.
the rules on the GitHub Trust page disallow “transferring a package repository without permission of the maintainer”
I just clarified that on the README to
Transfers a package repository out of this org without permission of the maintainer
can you add packages to the Trust or request changes to them if you are not a Trust Owner?
No. But it’s easy to become a Trust Owner. EDIT Yes, you can add packages to the Trust without being a Trust Owner. Anyone can donate their packages to the Trust with this easy two-step process.
You can also request changes in the usual way, by creating GitHub issues or PRs.
Thank you! That answers all my questions and clarifies everything. I totally understand the need to get permission to change a package on Hackage.
It would be nice to put some packages into the Trust, but I’m a little wary of using the package takeover process, out of reluctance to spam this or other forums with requests and increase the burden on Hackage trustees. There are hundreds of abandoned packages, and bulk-emailing all the maintainers and asking to take over all of them would probably be problematic. Should only the more useful packages be selected? What counts as useful, and how many is too many? If a maintainer doesn’t respond, how long should you wait before making a public request?
I realise that these are questions that can’t necessarily be answered right away by one person, but I feel like it would be easier to contribute if I had answers to them, so I’m sharing my thoughts in the hope of furthering the discussion and maybe helping other people to participate too.
There are hundreds of abandoned packages, and bulk-emailing all the maintainers and asking to take over all of them would probably be problematic. Should only the more useful packages be selected?
I think the best way to approach this is to add packages to the Trust lazily, when you need them, one at a time.
When you encounter a package that you need but the package owner is no longer interested in maintaining the package, then start by suggesting to the package owner to add the package to the Trust.