Web of Trust: Initial thoughts.

So, my next iteration for the GSoC project has begun 🙂
I will be mainly focusing on the implementation of the “Web of Trust” model for MetaCPAN.

For the initial Web of Trust plan, every author on metacpan.org will be able to list down his/her own set of “trusted” authors.

On the front end, this can be done by searching for the PAUSE id of the author with the help of an auto-complete box. And, this information will be stored in the API in the ‘author’ endpoint as an array which contains the PAUSE id of the trusted authors. As of now, my mentors and I are thinking of simplifying the implementation by modifying the author endpoint though, later stages may call for an implementation of a separate endpoint.

So, these trusted contacts can be displayed on a page for quick reference and each time the author updates his contacts, this page can display it accordingly. This is obviously personalized for every user. So, here we will have to retrieve the gravatar images of the trusted authors for the display and a separate HTML page will be created. After the author lists down his trusted contacts, all the distributions favorited by them will be highlighted in the author’s feed. Here, the recent ++ers can be queried to retrieve only the dists favorited by the trusted PAUSE user and can be displayed. These feeds will be highlighted on the search page.

A few future insights:
1. We could have a “Leaderboard” page which will tell us who appears in most of the trusted lists.
2. Hence, the authors will have a rank/trust value which can be displayed on the author’s page like the coderwall endorsements.
3. Also, a button can be added on the author’s page which lets you add him/her to the trusted list. This will work alongside the autocomplete search box.

The discussion for this initial implementation can be viewed here: Web of Trust for MetaCPAN

So, my work for this week will be to,

1. Get the autocomplete search feature working for saving the “trusted” authors list.

2. Displaying the LeaderBoard page.


9 thoughts on “Web of Trust: Initial thoughts.

  1. Would it make sense to add a “++” button next to the name of each author just as the distributions have and use that to indicate trust? Would it make sense to base the trust on the number of “++”-es modules an author maintains have received. (In total or on average?)

    • Hi, yes the trust button that will be added on the author’s page will act like a ++ for the author. Except the functioning is slightly different. At the end of it though, when the authors will be displayed on the leaderboard page we will have to retrieve the number of ++( or trusts) that each author has.
      Initially, I had a similar thought of considering the ++es on the distributions maintained by the author, but then the calculations were too complicated because not all authors have ++es on the dists. Infact there are many authors who haven’t uploaded a module ever, on cpan. There were many such cases to be considered and so we thought of simplifying the approach.

    • sounds good to me, I wonder how far down the dependency chain you could take this. I think it would be great to be able to say “given a CPAN author that people think highly of, what cpan distributions does she tend to rely on a lot.” it could be a nice alternative to Task::Kensho to help newcomers figure out which modules are in favor.

  2. Can the validity of the trust that underlies the WOT be made granular in some way? I understand the ++ ratings and rankings but that raw number doesn’t fully capture the concept of “trust”. If Larry Wall rates Damian Conway this would perhaps not be news (and in any case would only add +1 to Damian’s ratings). But If a highly ++ ranked LW signed a key of the equally highly ranked DC – proving they know each other, have met, exchanged keys, and maybe they can add a weighting or value for length of time they have known each other and a self assessed quality of knowledge each author has of each other, etc – that could serve as a data point on a scale for ranking the validity of other trust relationships. Sort of like rankings enhanced trust with keys: PGP meets Stackexchange meets Coderwall meets MetaCPAN.
    Thanks for your work on this: WOT, Bitcard, PAUSE, CPANTS = Perl continues to set the standard for software module repositories.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s