Spec out claim/unclaim/reclaim packages #4297
Comments
|
Here are some mockups for claiming packages:
|
|
The list of emails in the second mockup would be the ones we pull from the package.json. Perhaps we can indicate somehow (is bold enough?) that Are we cool with autoapproving all npm packages as projects on Gratipay? |
|
Once a package is claimed, it behaves almost like a regular project. Claimed package profiles look like a project page. Participants can give to them, and owners can edit them. They can be unclaimed just like projects can be closed. Claimed projects show up on the homepage under the various tabs, and in search results with other projects. Here are the differences:
|
|
Is an owner created at some point during the claiming process? |
|
To make sure about the context of the mocks,
|
Maybe packages that are older than 90 days? Or that have at least N downloads? |
|
Without some constraints, it would be trivial to use npm to maliciously bypass our review process. |
Seems the flow is different from our current practice of creating account before creating project. Could we carry out reviewing when user claims project? |
|
And some more:
|
|
Here's a description of the new flow represented in the mockups:
|
|
|
@nobodxbodon, some of your questions are answered on Slack. |
@mattbk excuse me I'm not sure where to look at through your link. I also checked the slack channel briefly but I don't see any significant block of discussion about this on slack. I guess it's not a blocker, but very likely need to be addressed soon after launching this, especially when there are more multi-developer projects?
So if a user is leading a 5-dev team for a project, does she claim it first, and then add team member to this project? |
Yes, at step (2).
No. I think it'll be okay to personally email a few folks (top maintainers, npm itself), but I don't think it's right to blast all of these email addresses we have from the npm database. As @mattbk mentions, we discussed this on slack (though that slackarchive links appear broken? 😞 ).
Folks are going to hear about this from other marketing efforts: via friends on Twitter, or via an ad we take out in Changelog Weekly or on LinkedIn, or via a HackerNews or Reddit post, etc. We could/should identify and test a few channels to see what works.
Even if there was an email, we could only use it to fast-track sign up if we had #1052.
If we don't confirm the email ... there's a security risk. I talked about it with Andrew from Libraries.io though I don't recall the details right now.
Is it? Step 2 creates the participant account, and step 9.ii.a creates the project.
No. The team/project is automatically created and linked with the team in step 9.ii.a.
For this project, yes. I've added "Bulk claim packages" to the todo on Make it easier.
No. Well, ish: that's a manual db task at this point. |
There are no team members yet except for Gratipay. Generalizing twyw is #3433, and it is currently scheduled for the great and glorious future beyond Make it easier. Maybe next year? Year after? |
Since we are getting bad links from SlackArchive, try this: https://gratipay.slack.com/archives/gratipay/p1484851952003229 |
|
@whit537 thanks for addressing them again here! Some thoughts about the new flow:
the separate 'sign-in' in the message is duplicate in function with the sign-in on top right
Trivial thing: if the user is already signed in, and we find a matching email, we select that as default value? Related to your comment:
How does this work? N owners for one project?
Are steps below to unclaim a package? Is it in scope of this issue?
|
Is that bad? We do that fairly often across the site.
I like it! :-)
Not sure what you mean. After a project is unclaimed, it has no owner. When it is reclaimed, it has one owner (the reclaimer), who may or may not be the same as the previous owner. Are we on the same page?
Yes. Yes, because otherwise we end up with a two-year wait as with #3602. |
I've added 16.i.a to #4297 (comment) to hopefully make this clearer. |
Just to make sure, through the new link, are we reusing the dropdown to select multiple social profile in the existing button?
I asked because I misunderstood your comment below. I thought you meant - after user A claims the project, when user B tries to claim a project again, she will see user A's email being highlighted.
lol make sense. How about change title to "cliam/unclaim package"? |
Yes! 💃
Done! |
|
Though I don't know, if we start with the most deeply nested levels in #4297 (comment) then I believe we're looking at our db layer. I like the pattern of deploying those changes first, and then deploying HTTP API and UI changes in subsequent stages. |
|
On the other hand, there may be something to be said for building from the outside in a well (!!!), since the outside is the risky part (right?). Stub out data in JSON endpoints, etc. just to get the UI working. Once the UI feels right we start plumbing the depths. Hmm ... 🤔 |
This sounds more 'agile', and after deciding the endpoints/API based on the settled UI design, UI and backend can work in parallel. |
|
I talked to an acquaintance here at this coworking space, who was at Credit Karma for 8 years (first hire, managed a team of 100 when he left), and he seems to prefer building from the outside in as well. |
|
Moving to an integration PR in #4305 ... |
chadwhitacre
changed the title
|
When there are multiple contact emails for one package, indicating there are more than one devs, do we send notification emails out to all of them in case the package is claimed by one of the email? |
|
I was wondering the same thing. Which email/person do we allow to claim the package. |
Todo
/on/npm/foo/page for the claiming workflow—move the name to the banner h1, and replace the wombat with the description: Make room for package claiming workflow #4304/on/npm/foo/pages via email verification/on/npm/foo/pagesThe text was updated successfully, but these errors were encountered: