Deleting yanked crate details

I accidentally published a crate under a dummy account I had previously made to test something.

I've since added my personal account and removed the dummy as owner, but it's still showing up under https://crates.io/crates/wasm-log/versions which is, quite frankly, super annoying..

Is there any way of removing this? There is no difference in the release other than who the publisher was.

As I understand it, crates cannot be deleted once uploaded. Yanking just marks a crate as no longer suitable for use.

I imagine that admins do have the ability to delete crates in exceptional circumstances like copyright violations, illegal content, etc. What you describe doesn't sound like an example of the kind of circumstance they'd intervene in.

That's really.. bothersome. I mean there's nothing wrong with the crate as published, it's only published from the wrong account, hence I republished (needlessly, some might say) it with a new version under my own account.

I understand the idea behind not deleting/editing crates as published. Makes perfect sense, as a matter of fact. But this is not about accidentally releasing a secret in the source tree; it's just metadata not tied to the repo at all.

cargo publish was run with the wrong token/account signed in, so the idea that this is set in stone from now and till the end of time seems ridiculous to me.

Metadata generally cannot be modified as of yet (except due to administrative intervention). See also: Cargo: Allow publishing the reason for yanking? on IRLO.

Also see: Crates-io metadata usage policy on IRLO.

I'm not happy with the GDPR and all the problems it causes. However, I do think that systems will somehow have to allow modification/correction of certain data in the long term. Building a system which doesn't allow modification/correction of data (which is what crates.io currently seems to be) will likely lead to problems, whether legal or otherwise. Maybe these problems can be handled (or are already handled?) on a case-by-case basis though.

If OP wants to contact the Crates.io team to see if they can help, the ways to do that (that I know of) are:

I believe accidental exposure of personal info is one scenario where they have intervened in the past (as that was one of the motivators for RFC 3052), so it's worth a try - the worst they can do is say no.

3 Likes

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.