From ab08166d53374527f710b1b82760b9c1b4eba023 Mon Sep 17 00:00:00 2001 From: Tobias Bieniek Date: Fri, 10 Nov 2023 12:20:27 +0100 Subject: [PATCH 1/4] Extract `TextContent` component This component uses the same styling rules as the `RenderedHtml` component, but does not require us to pass in `@html` as an argument. This allows us to use the same styling for our policy pages. --- app/components/rendered-html.hbs | 5 ++--- app/components/text-content.hbs | 3 +++ .../{rendered-html.module.css => text-content.module.css} | 0 3 files changed, 5 insertions(+), 3 deletions(-) create mode 100644 app/components/text-content.hbs rename app/components/{rendered-html.module.css => text-content.module.css} (100%) diff --git a/app/components/rendered-html.hbs b/app/components/rendered-html.hbs index f1e3ae04d54..8080fcff301 100644 --- a/app/components/rendered-html.hbs +++ b/app/components/rendered-html.hbs @@ -2,11 +2,10 @@ This component renders raw HTML. Be very careful with this since it can enable cross-site scripting attacks! --}} -
{{html-safe @html}} -
\ No newline at end of file + \ No newline at end of file diff --git a/app/components/text-content.hbs b/app/components/text-content.hbs new file mode 100644 index 00000000000..1afd9e0ffae --- /dev/null +++ b/app/components/text-content.hbs @@ -0,0 +1,3 @@ +
+ {{yield}} +
\ No newline at end of file diff --git a/app/components/rendered-html.module.css b/app/components/text-content.module.css similarity index 100% rename from app/components/rendered-html.module.css rename to app/components/text-content.module.css From f4a83b69971ebc07e290d236fbefc6d77ffae4e3 Mon Sep 17 00:00:00 2001 From: Tobias Bieniek Date: Fri, 10 Nov 2023 12:20:46 +0100 Subject: [PATCH 2/4] TextContent: Add `@boxed` argument --- app/components/text-content.hbs | 2 +- app/components/text-content.module.css | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/app/components/text-content.hbs b/app/components/text-content.hbs index 1afd9e0ffae..9d2b16e96f6 100644 --- a/app/components/text-content.hbs +++ b/app/components/text-content.hbs @@ -1,3 +1,3 @@ -
+
{{yield}}
\ No newline at end of file diff --git a/app/components/text-content.module.css b/app/components/text-content.module.css index 4759d901b5a..4e272d61477 100644 --- a/app/components/text-content.module.css +++ b/app/components/text-content.module.css @@ -1,3 +1,10 @@ +.boxed { + padding: var(--space-m); + background-color: white; + margin-bottom: var(--space-s); + border-radius: 5px; +} + .wrapper { line-height: 1.5; overflow-wrap: break-word; From 78c60b99033a57fbbcd5857e83f9b08c2bf56c81 Mon Sep 17 00:00:00 2001 From: Tobias Bieniek Date: Fri, 10 Nov 2023 12:20:58 +0100 Subject: [PATCH 3/4] policies: Use `TextContent` component --- app/templates/policies.hbs | 322 +++++++++++++++++++------------------ 1 file changed, 162 insertions(+), 160 deletions(-) diff --git a/app/templates/policies.hbs b/app/templates/policies.hbs index 45547f47e09..52d7a86b433 100644 --- a/app/templates/policies.hbs +++ b/app/templates/policies.hbs @@ -1,162 +1,164 @@ -

- In general, these policies are guidelines. Problems are often contextual, and - exceptional circumstances sometimes require exceptional measures. We plan to - continue to clarify and expand these rules over time as new circumstances - arise. If your problem is not described below, consider - sending us an email. -

- -

Package Ownership

- -

- We have a first-come, first-served policy on crate names. Upon publishing a - package, the publisher will be made owner of the package on Crates.io. -

- -

- If someone wants to take over a package, and the previous owner agrees, the - existing maintainer can add them as an owner, and the new maintainer can remove - them. If necessary, the team may reach out to inactive maintainers and help - mediate the process of ownership transfer. -

- -

- Using an automated tool to claim ownership of a large number of package names - is not permitted. We reserve the right to block traffic or revoke ownership - of any package we determine to have been claimed by an automated tool. -

- -

Removal

- -

- Many questions are specialized instances of a more general form: “Under what - circumstances can a package be removed from Crates.io?” -

- -

- The short version is that packages are first-come, first-served, and we won’t - attempt to get into policing what exactly makes a legitimate package. We will - do what the law requires us to do, and address flagrant violations of the Rust - Code of Conduct. -

- -

How can I delete a crate I own from the registry?

- -

- You can't delete crates from the registry, but you can leave it open for - transferring ownership to others. -

- -

- To do this, you must publish a version with a message in the README - communicating to crates.io support team that you consent to transfer the - crate to the first person who asks for it: -

- -
- I consent to the transfer of this crate to the first person who asks - help@crates.io for it. -
- -

Squatting

- -

- We do not have any policies to define 'squatting', and so will not hand over - ownership of a package for that reason. -

- -

The Law

- -

- For issues such as DMCA violations, trademark and copyright infringement, - Crates.io will respect the Rust Foundation's legal decisions with regards to content that - is hosted. -

- -

Code of Conduct

- -

- The Rust project has a - Code of Conduct - which governs appropriate conduct for the Rust community. In - general, any content on Crates.io that violates the Code of Conduct may be - removed. Here, content can refer to but is not limited to: -

- -
    -
  • Package Name
    • -
  • Package Metadata
    • -
  • Documentation
    • -
  • Code
    • -
- -

- There are two important, related aspects: -

- -
    -
  • - We will not be pro-actively monitoring the site for these kinds of - violations, but relying on the community to draw them to our attention. -
    • - -
  • - “Does this violate the Code of Conduct” is a contextual question that - cannot be directly answered in the hypothetical sense. All of the details - must be taken into consideration in these kinds of situations. -
    • -
- -

Security

- -

- Cargo and crates.io are projects that are governed by the Rust Programming - Language Team. Safety is one of the core principles of Rust, and to that end, - we would like to ensure that cargo and crates.io have secure implementations. - To learn more about disclosing security vulnerabilities, please reference the - Rust Security policy for - more details. -

- -

- Thank you for taking the time to responsibly disclose any issues you find. -

- -

Crawlers

- -

- Before resorting to crawling crates.io, please read - Accessing the Crates.io Data. -

- -

- We allow our API and website to be crawled by commercial crawlers such as - GoogleBot. At our discretion, we may choose to allow access to experimental - crawlers, as long as they limit their request rate to 1 request per second or - less. -

- -

- We also require all crawlers to provide a user-agent header that allows us to - uniquely identify your bot. This allows us to more accurately monitor any - impact your bot may have on our service. Providing a user agent that only - identifies your HTTP client library (such as "request/0.9.1") increases the - likelihood that we will block your traffic. - - It is recommended, but not required, to include contact information in your user - agent. This allows us to contact you if we would like a change in your bot's - behavior without having to block your traffic. -

- -

- Bad: "User-Agent: reqwest/0.9.1"
- Better: "User-Agent: my_bot"
- Best: "User-Agent: my_bot (my_bot.com/info)" or "User-Agent: my_bot (help@my_bot.com)" -

- -

- We reserve the right to block traffic from any bot that we determine to be in - violation of this policy or causing an impact on the integrity of our service. -

+ +

+ In general, these policies are guidelines. Problems are often contextual, and + exceptional circumstances sometimes require exceptional measures. We plan to + continue to clarify and expand these rules over time as new circumstances + arise. If your problem is not described below, consider + sending us an email. +

+ +

Package Ownership

+ +

+ We have a first-come, first-served policy on crate names. Upon publishing a + package, the publisher will be made owner of the package on Crates.io. +

+ +

+ If someone wants to take over a package, and the previous owner agrees, the + existing maintainer can add them as an owner, and the new maintainer can remove + them. If necessary, the team may reach out to inactive maintainers and help + mediate the process of ownership transfer. +

+ +

+ Using an automated tool to claim ownership of a large number of package names + is not permitted. We reserve the right to block traffic or revoke ownership + of any package we determine to have been claimed by an automated tool. +

+ +

Removal

+ +

+ Many questions are specialized instances of a more general form: “Under what + circumstances can a package be removed from Crates.io?” +

+ +

+ The short version is that packages are first-come, first-served, and we won’t + attempt to get into policing what exactly makes a legitimate package. We will + do what the law requires us to do, and address flagrant violations of the Rust + Code of Conduct. +

+ +

How can I delete a crate I own from the registry?

+ +

+ You can't delete crates from the registry, but you can leave it open for + transferring ownership to others. +

+ +

+ To do this, you must publish a version with a message in the README + communicating to crates.io support team that you consent to transfer the + crate to the first person who asks for it: +

+ +
+ I consent to the transfer of this crate to the first person who asks + help@crates.io for it. +
+ +

Squatting

+ +

+ We do not have any policies to define 'squatting', and so will not hand over + ownership of a package for that reason. +

+ +

The Law

+ +

+ For issues such as DMCA violations, trademark and copyright infringement, + Crates.io will respect the Rust Foundation's legal decisions with regards to content that + is hosted. +

+ +

Code of Conduct

+ +

+ The Rust project has a + Code of Conduct + which governs appropriate conduct for the Rust community. In + general, any content on Crates.io that violates the Code of Conduct may be + removed. Here, content can refer to but is not limited to: +

+ +
    +
  • Package Name
    • +
  • Package Metadata
    • +
  • Documentation
    • +
  • Code
    • +
+ +

+ There are two important, related aspects: +

+ +
    +
  • + We will not be pro-actively monitoring the site for these kinds of + violations, but relying on the community to draw them to our attention. +
    • + +
  • + “Does this violate the Code of Conduct” is a contextual question that + cannot be directly answered in the hypothetical sense. All of the details + must be taken into consideration in these kinds of situations. +
    • +
+ +

Security

+ +

+ Cargo and crates.io are projects that are governed by the Rust Programming + Language Team. Safety is one of the core principles of Rust, and to that end, + we would like to ensure that cargo and crates.io have secure implementations. + To learn more about disclosing security vulnerabilities, please reference the + Rust Security policy for + more details. +

+ +

+ Thank you for taking the time to responsibly disclose any issues you find. +

+ +

Crawlers

+ +

+ Before resorting to crawling crates.io, please read + Accessing the Crates.io Data. +

+ +

+ We allow our API and website to be crawled by commercial crawlers such as + GoogleBot. At our discretion, we may choose to allow access to experimental + crawlers, as long as they limit their request rate to 1 request per second or + less. +

+ +

+ We also require all crawlers to provide a user-agent header that allows us to + uniquely identify your bot. This allows us to more accurately monitor any + impact your bot may have on our service. Providing a user agent that only + identifies your HTTP client library (such as "request/0.9.1") increases the + likelihood that we will block your traffic. + + It is recommended, but not required, to include contact information in your user + agent. This allows us to contact you if we would like a change in your bot's + behavior without having to block your traffic. +

+ +

+ Bad: "User-Agent: reqwest/0.9.1"
+ Better: "User-Agent: my_bot"
+ Best: "User-Agent: my_bot (my_bot.com/info)" or "User-Agent: my_bot (help@my_bot.com)" +

+ +

+ We reserve the right to block traffic from any bot that we determine to be in + violation of this policy or causing an impact on the integrity of our service. +

+ \ No newline at end of file From 7ee8637cf32a848d9ce440ef8a3d425413ee05e1 Mon Sep 17 00:00:00 2001 From: Tobias Bieniek Date: Fri, 10 Nov 2023 12:21:05 +0100 Subject: [PATCH 4/4] data-access: Use `TextContent` component --- app/templates/data-access.hbs | 178 +++++++++++++++++----------------- 1 file changed, 90 insertions(+), 88 deletions(-) diff --git a/app/templates/data-access.hbs b/app/templates/data-access.hbs index 6b00988db96..fba00a2a41c 100644 --- a/app/templates/data-access.hbs +++ b/app/templates/data-access.hbs @@ -1,90 +1,92 @@ -

- crates.io provides several ways of accessing crate data and metadata, - depending on what you specifically need. Please try them in the order below. -

- -

Crate index

- -

- The crates.io sparse index is available at - index.crates.io, which adheres to the - Cargo index format. - The sparse index provides an extremely efficient way of accessing metadata on - a single or small number of crates. -

- -

- Each index file provides newline delimited JSON metadata on all published - versions of the crate, organised into - index files. - For example, information on the base64 crate can be found at - https://index.crates.io/ba/se/base64. -

- -

- No rate limits are required to use data from the sparse crate index. -

- -

Legacy Git crate index

- -

- Older versions of Cargo use the crate index provided in the - rust-lang/crates.io-index repository on GitHub. - This remains available for use, and may be a more efficient way of accessing - crate metadata for projects that require most or all crates to be included - than the sparse index. -

- -

- As the Git index is hosted on GitHub, GitHub's - Acceptable Use Policies - apply. -

- -

Database dumps

- -

- crates.io database dumps contain all information available through the - crates.io API in a single download. They are updated every 24 hours. -

- -

- The latest dump is available at the address - https://static.crates.io/db-dump.tar.gz. - Information on using the dump is contained in the tarball. You can find the changelog for database dumps in - GitHub issue #3617. -

- -

crates.io API

- -

- crates.io provides an API that is a superset of the functionality required by - the - Cargo Web API. - Should you be unable to use one of the previous options, you are welcome to - use the crates.io API provided you abide by the same limits as - the crawling policy. In summary: -

- -
    -
  1. A maximum of 1 request per second, and
    2. -
  2. - A user-agent header that identifies your application. We - strongly suggest providing a way for us to contact you (whether through a - repository, or an e-mail address, or whatever is appropriate) so that we can - reach out to work with you should there be issues. -
    3. -
- -

Questions

- -

- If none of the above options suit your needs, please contact the crates.io - team either at help@crates.io, or by - starting - a discussion on GitHub, - and we'll be happy to discuss solutions that might exist outside of the above - guidelines. -

\ No newline at end of file + +

+ crates.io provides several ways of accessing crate data and metadata, + depending on what you specifically need. Please try them in the order below. +

+ +

Crate index

+ +

+ The crates.io sparse index is available at + index.crates.io, which adheres to the + Cargo index format. + The sparse index provides an extremely efficient way of accessing metadata on + a single or small number of crates. +

+ +

+ Each index file provides newline delimited JSON metadata on all published + versions of the crate, organised into + index files. + For example, information on the base64 crate can be found at + https://index.crates.io/ba/se/base64. +

+ +

+ No rate limits are required to use data from the sparse crate index. +

+ +

Legacy Git crate index

+ +

+ Older versions of Cargo use the crate index provided in the + rust-lang/crates.io-index repository on GitHub. + This remains available for use, and may be a more efficient way of accessing + crate metadata for projects that require most or all crates to be included + than the sparse index. +

+ +

+ As the Git index is hosted on GitHub, GitHub's + Acceptable Use Policies + apply. +

+ +

Database dumps

+ +

+ crates.io database dumps contain all information available through the + crates.io API in a single download. They are updated every 24 hours. +

+ +

+ The latest dump is available at the address + https://static.crates.io/db-dump.tar.gz. + Information on using the dump is contained in the tarball. You can find the changelog for database dumps in + GitHub issue #3617. +

+ +

crates.io API

+ +

+ crates.io provides an API that is a superset of the functionality required by + the + Cargo Web API. + Should you be unable to use one of the previous options, you are welcome to + use the crates.io API provided you abide by the same limits as + the crawling policy. In summary: +

+ +
    +
  1. A maximum of 1 request per second, and
    2. +
  2. + A user-agent header that identifies your application. We + strongly suggest providing a way for us to contact you (whether through a + repository, or an e-mail address, or whatever is appropriate) so that we can + reach out to work with you should there be issues. +
    3. +
+ +

Questions

+ +

+ If none of the above options suit your needs, please contact the crates.io + team either at help@crates.io, or by + starting + a discussion on GitHub, + and we'll be happy to discuss solutions that might exist outside of the above + guidelines. +

+ \ No newline at end of file