Skip to main content

Usage Policy

Short version: The Cabin registry is a shared resource for the C/C++ community, hosting a variety of packages from a diverse group of users. That resource is only effective when our users are able to work together as part of a community in good faith. While using the Cabin registry, you must comply with our Acceptable Use Policies, which include some restrictions on content and conduct related to user safety, intellectual property, privacy, authenticity, and other limitations. In short, be excellent to each other!

This policy applies to the Cabin registry service as a whole: the machine read plane at registry.cabinpkg.com and the website and API at cabinpkg.com. Cabin is pre-1.0 and the registry is currently in a limited-access phase; these policies apply to all users of the service regardless of how access was granted.

Acceptable Use

We do not allow content or activity on the Cabin registry that:

You are responsible for using the Cabin registry in compliance with all applicable laws, regulations, and all of our policies. These policies may be updated from time to time. We will interpret our policies and resolve disputes in favor of protecting users as a whole. The Cabin maintainers reserve the possibility to evaluate each instance on a case-by-case basis.

For issues such as DMCA takedown requests, or trademark and copyright disputes, please contact us as described in the “Reporting” section below. Such requests are reviewed by the Cabin maintainers on a case-by-case basis.

Scopes and Package Ownership

All package names on the Cabin registry are scoped: a package is always named <scope>/<name> (for example, fmtlib/fmt), and there is no bare-name or alias mechanism.

A scope is claimed by proving control of the GitHub user or organization account with the same name. A user scope can only be claimed by the matching GitHub user; an organization scope can only be claimed by an active member of the matching organization with the admin role. Because a claim is bound to the GitHub account’s numeric ID at claim time, renaming or recycling a GitHub login later does not transfer or release a claimed scope. There is no reservation list, and scope disputes are handled manually by the Cabin maintainers.

Package names within a scope are managed by the members of that scope. Scope owners can add and remove members, and publishing and yanking are authorized by scope membership. If you want to take over a package, we require you to first try and contact the members of its scope directly. If they agree, they can add you to the scope, or publish the package under a scope you control. If the current members are not reachable, the Cabin maintainers may help mediate the process.

Deleting a published package or version is not possible, in order to keep the registry as immutable as possible. If a release should no longer be used, you can yank it: yanked versions remain downloadable for existing lockfiles, but are no longer selected when resolving new dependencies.

The Cabin maintainers may remove packages or scopes from the registry that do not comply with the policies in this document. In severe cases, such as coordinated abuse, this may happen without prior notification to the author, but in most cases the maintainers will first give the author the chance to justify the purpose of the package.

Data Access

If you need access to package metadata in bulk, please use the sparse HTTP index served at registry.cabinpkg.com. It is the same read plane the cabin client uses: config.json, per-package metadata files, and package archives. Please honor HTTP caching headers when crawling it. We do not currently publish database dumps; if the index does not cover your use case, please open a thread on our GitHub Discussions.

You may also use the registry API under cabinpkg.com/api directly, though excessive usage may be blocked at our discretion. We require users of the API to limit themselves to a maximum of 1 request per second.

We also require all API users to provide a User-Agent header that allows us to uniquely identify your application. This allows us to more accurately monitor any impact your application may have on our service. Providing a user agent that only identifies your HTTP client library (such as reqwest/0.12.5) increases the likelihood that we will block your traffic.

It is recommended to include contact information in your User-Agent header:

This allows us to contact you if we would like a change in your application’s behavior without having to block your traffic.

The Cabin registry runs on shared, cost-limited infrastructure with per-user quotas and rate limits, and automated protections may throttle or block traffic that threatens the availability of the service for others. We reserve the right to block traffic from any client that we determine to be in violation of this policy or causing an impact on the integrity of our service.

Security

We would like to ensure that both the cabin client and the hosted registry have secure implementations. To report a security vulnerability in either, please open a private report at https://github.com/cabinpkg/cabin/security/advisories/new. See our Security Policy for the exact scope.

Note that this policy only applies to Cabin itself, and not to individual packages hosted on the registry. The Cabin maintainers are not responsible for the disclosure of vulnerabilities in specific packages; if you find an issue in a package, you should seek guidance from the members of its scope and their specific policies instead.

Thank you for taking the time to responsibly disclose any issues you find.

Sexually Obscene Content

We do not tolerate content associated with sexual exploitation or abuse of another individual, including where minors are concerned. We do not allow sexually themed or suggestive content that serves little or no purpose other than to solicit an erotic or shocking response, particularly where that content is amplified by its placement in profiles or other social contexts.

This includes:

We recognize that not all nudity or content related to sexuality is obscene. We may allow visual and/or textual depictions in artistic, educational, historical or journalistic contexts, or as it relates to victim advocacy. In some cases a disclaimer can help communicate the context of the project.

Violations and Enforcement

The Cabin maintainers retain full discretion to take action in response to a violation of these policies, including account suspension, account termination, or removal of content.

We will however not be proactively monitoring the site for these kinds of violations, but instead relying on the community to draw them to our attention.

While the majority of interactions between individuals in the Cabin community fall within our policies, violations of those policies do occur at times. When they do, the Cabin maintainers may need to take enforcement action to address the violations. In all cases, content and account deletion is permanent and there is no basis to reverse these moderation actions. Account suspension may be lifted at the maintainers’ discretion, however, for example in the case of someone’s account being compromised.

Reporting

Please report violations of this policy through GitHub. Note that both channels below require a GitHub account; since the registry itself uses GitHub sign-in, this should not be an additional barrier for most users.

When in doubt, use the private reporting form.

Credits & License

This policy is partially based on crates.io Use Policy and modified from its original form.

Licensed under the Creative Commons Attribution 4.0 International license.