Skip to content
@haskell-github-trust

Haskell GitHub Trust

Haskell packages community ownership trust
README.md

Haskell GitHub Trust

Haskell GitHub Trust is a GitHub organization for community ownership of Haskell packages.

The two essential features of the Haskell GitHub Trust are

  1. All Haskell Github Trust organization members are Owners, and have control over all repositories, including transferring in and out.
  2. A Hackage “Group Account” haskell_github_trust so that every Trust Owner can publish any package in the Trust.

This is a place to keep your Haskell packages for long-term community maintenance.

You will still retain ownership and control of your package, but if you ever stop maintaining your package then someone else can maintain it without needing your permission.

How to add your own package to the Trust

  1. Transfer GitHub ownership of the package repository to this organization, github.com/haskell-github-trust.
  2. Add the Hackage account haskell_github_trust as a Hackage Maintainer for the package.

That’s it. We accept all packages, in any condition, with zero commitment or obligation.

How to become a Trust Owner

Request to become a Trust Owner on the Discussions page, or by asking any other Trust Owner. Trust Owners must be vouched for by one other Trust Owner. We keep a record of which Trust Owners were vouched for by whom.

After you accept the Trust Owner invitation, please set your visiblity to Public. This is a trust-based organization, so we want the ownership list to be Public for transparency.

If any Trust Owner

  • Inserts malevolent code in a package
  • Uses the haskell-github-trust for fraud
  • Uses the haskell-github-trust CI to mine Bitcoin
  • Transfers a package repository out of this org without permission of the maintainer
  • Or any other similar bad-faith activity

then that person and the Trust Owner who vouched for them will be blamed and shamed.

How to add a Trust Owner

Any Trust Owner may add another person who they trust to be a Trust Owner. Invite the other person to become an Owner of this GitHub organization, then add their name to the Trust Owner list and your own name as the Trust Owner who vouched for them. For transparency, every Trust Owner should be a Public Owner of the GitHub organization.

How to publish to Hackage

You need your own “uploader” account on Hackage. Use the haskell_github_trust account password to add your own “uploader” account to the list of package Maintainers. The haskell_github_trust account does not have upload permission, rather it is a “Group Account” as described on hackage.haskell.org/upload.

Group Accounts

Occasionally organizations want to have a group / organizational account for a package that is maintained by a group of people. The recommended approach for these cases is to only do package uploads from individual accounts and use the group account only for managing the maintainer list for the package.

In this way you can upload any package in this org.

How to add other people’s packages to the Trust

  1. Follow the instructions in Taking over a package with your own Hackage account. Declare your intent to add the package to the Haskell GitHub Trust.
  2. Add the Hackage account haskell_github_trust to the list of Hackage Maintainers.
  3. Transfer or fork or copy the package repository into this org.

How to talk about the Haskell Github Trust

Talk in the GitHub Discussions or in Haskell Discourse.

How to quit being a Trust Owner

You can transfer your repos back to your own account and quit this organization any time you want.

Package manners

If a package has an active maintainer, then any volunteer improvements should be submitted as Pull Requests.

If a package is being ignored, then any Trust Owner may make improvements and publish new versions. Use courtesy and judgement when deciding whether a package is being ignored.

Secrets

The password for the haskell_github_trust Hackage account is in github.com/haskell-github-trust/secrets .

Other organizations

FAQ

  • Q. If someone upgrades my repo and publishes a release to Hackage while I'm on vacation, should I get offended?

    A. No. If they did something wrong then fix it and then publish another release.

  • Q. What should I do if I suspect a Trust Owner is acting in bad faith?

    A. Talk about it in private messages with the other Trust Owners.

  • Q. What happens if one of the Trust Owners transfers all the repos to the Trust Owner’s private account?

    A. We can fork the repositories back here and expel the Trust Owner.

  • Q. What happens if one of the Trust Owners inserts malicious code and publishes to Hackage?

    A. Talk to the other Trust Owners and also the Hackage Trustees.

  • Q. What happens if a Trust Owner deletes this whole org?

    A. We can rebuild this org from local clones of the repositories. We would lose the information in the GitHub Issues. Nothing else would be lost.

Popular repositories Loading

  1. ekg ekg Public

    Remote monitoring of running processes over HTTP

    JavaScript 255 70

  2. replace-megaparsec replace-megaparsec Public

    Stream editing with Haskell Megaparsec parsers

    Haskell 79 2

  3. thyme thyme Public

    A faster date and time library based on time

    Haskell 46 33

  4. ekg-core ekg-core Public

    Library for tracking system metrics

    Haskell 40 39

  5. ulid ulid Public

    Haskell implementation of ULIDs (Unique Lexicographically Sortable Identifiers)

    Haskell 32 11

  6. crypto-api crypto-api Public

    Haskell generic interface (type classes) for cryptographic algorithms

    Haskell 28 11

Repositories

Showing 10 of 23 repositories
  • smtp-mail Public

    Simple email sending via SMTP

    haskell-github-trust/smtp-mail’s past year of commit activity
    Haskell 4 2 1 0 Updated Nov 1, 2024
  • ekg-statsd Public

    Flush system metrics to statsd

    haskell-github-trust/ekg-statsd’s past year of commit activity
    Haskell 26 BSD-3-Clause 23 1 0 Updated Oct 31, 2024
  • ekg-json Public

    JSON encoding of ekg metrics

    haskell-github-trust/ekg-json’s past year of commit activity
    Haskell 3 BSD-3-Clause 37 0 1 Updated Oct 31, 2024
  • ekg Public

    Remote monitoring of running processes over HTTP

    haskell-github-trust/ekg’s past year of commit activity
    JavaScript 255 BSD-3-Clause 70 17 4 Updated Oct 31, 2024
  • ekg-core Public

    Library for tracking system metrics

    haskell-github-trust/ekg-core’s past year of commit activity
    Haskell 40 BSD-3-Clause 39 12 4 Updated Oct 31, 2024
  • .github Public

    Haskell Library Trust organization

    haskell-github-trust/.github’s past year of commit activity
    1 MIT 0 1 0 Updated Sep 30, 2024
  • quickjs-hs Public

    Haskell bindings for the QuickJS library

    haskell-github-trust/quickjs-hs’s past year of commit activity
    Haskell 5 MIT 3 0 1 Updated Aug 6, 2024
  • replace-megaparsec Public

    Stream editing with Haskell Megaparsec parsers

    haskell-github-trust/replace-megaparsec’s past year of commit activity
    Haskell 79 BSD-2-Clause 2 13 0 Updated May 22, 2024
  • true-name Public

    Template Haskell hack to violate another module's abstractions

    haskell-github-trust/true-name’s past year of commit activity
    Haskell 8 BSD-3-Clause 11 0 1 Updated May 16, 2024
  • hourglass Public

    Efficient and simple time API for Haskell

    haskell-github-trust/hourglass’s past year of commit activity
    Haskell 0 0 1 0 Updated Mar 15, 2024
View all repositories

Top languages

Loading…

Most used topics

Loading…