Reporting Abuse on prometheus-client-model

Andrew Su's Avatar

Andrew Su

17 Jan, 2019 09:13 PM

The current "maintainer" is of unknown origins and looks like they are name squatting. See my discussion with the maintainers of the actual code here: https://github.com/prometheus/client_model/issues/29

They had to remove references to this gem as it is not uploaded by them.

  1. Support Staff 1 Posted by kerrizor on 19 Jan, 2019 07:51 PM

    kerrizor's Avatar

    Thank you for writing in. It is the policy of RubyGems.org that we refrain from making judgements about the content of a gem, as we have little to no insight into what development a user might be doing out of the public eye, or what their eventual plans are. We know this can be frustrating, especially in the case of popular or common names, but we would rather err on the side of protecting creators than accidentally removing someone’s work.

    If you haven't already, I would attempt to contact the author and see if they'll add you as an owner of the gem. Instructions on how they can do that can be found here:

    http://guides.rubygems.org/command-reference/#gem-owner

    I've taken the liberty of cc'ing the gem author; hopefully a simple request to them will sort this out :)

  2. 2 Posted by Preben Ver Eeck... on 21 Jan, 2019 04:25 PM

    Preben Ver Eecke's Avatar

    Hi Kerrizor and Andrew

    First of all apologies for the late reply and the hassle.

    I was investigating a bug bounty program when I found an unclaimed gem, so
    I squatted this name in order to report this to the company.
    However upon re-investigating I now have noticed that this gem does not
    belong to the bug bounty program, it was used as a library rather than a
    self developed gem.

    I will release this gem name by adding you as owner and remove myself as
    owner of the gem.
    Could you give me an email address so I can transfer the gem name?

    My sincere apologies.

    Kind regards
    Preben

  3. 3 Posted by Andrew Su on 21 Jan, 2019 04:57 PM

    Andrew Su's Avatar

    Hi Preben,

    You can reach out to the actual owners by re-opening https://github.com/prometheus/client_model/issues/29 and letting the maintainers know about this so they can work with you to transfer the ownership.

    From the maintainer's github profile (https://github.com/beorn7): [email blocked]

    Sorry about how the topic came about.

    Thanks,
      Andrew

  4. 4 Posted by Björn Rabenstei... on 21 Jan, 2019 05:48 PM

    Björn Rabenstein's Avatar

    As the maintainer of the https://github.com/prometheus/client_model repo, I would actually prefer not to have this gem at all (or at least I don't want to maintain it). The usage of the Prometheus protobufs in Ruby is almost non existing at the moment, and there are no plans to revive it. In fact, the upcoming standard for metrics exposition is OpenMetrics, which might then also provide a platform for protobuf support again, but that would be separate from the https://github.com/prometheus/client_model repo.

    IMHO offering this Gem is more confusing than helpful.

  5. Support Staff 5 Posted by kerrizor on 25 Jan, 2019 04:37 PM

    kerrizor's Avatar

    I'm going to go ahead and close this ticket, if you folks don't mind. I'm glad we could connect you all to sort this out!

  6. kerrizor closed this discussion on 25 Jan, 2019 04:37 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac