Lean On Me: Custom Support Details
Good news! You can now set a custom support email and URL for your organizations. For error messages when installs or setups go wrong or where we need to communicate an issue to your users, we'll now display your own support email and URL. You can configure it in your org profile settings:
For example, if your users use the automated bash installs for Linux-based scripts, and an error is encountered during setup, we will display your support email and URL instead of the defaults. So they'll now know how to contact you to resolve the situation quickly and efficiently.
We'll continue to roll out support (no pun intended) for this in other places where a contextual error message could be displayed. Don't worry; if the error message is because of an issue on our side, we'll still let the user let it know it was our fault, and we'll happily handle those issues for you. That's why we're here, after all!
Open All Hours: Repository-Level Privileges
Good news! If you've been looking for an easy method of setting the default access for a repository across your organization, we've got you covered. Introducing repository-level default privileges:
These complement the existing default org-wide repository privileges.
Such that the privilege for a user is the greatest privilege granted to them via:
- Assignment to them directly, via "Privileges for Specific Users".
- Derived from their team membership via "Privileges for Specific Teams".
- By default on the repository, via "Default Privileges".
- By default on the organization, via the org-wide "Default Object Privileges" (see org settings).
Now you've got the flexibility you need to create a repository with a common level of access for all organization members without compromising any other repository in the org.
We've Run The Numbers: API Improvements
We've just released several awesome improvements to our Entitlements and Metrics API endpoints in our quest to strive for API nirvana.
First up - at the request of many of our users, we now extended token lookup in the Entitlements API to resolve tokens by name and by token content. Historically users would have to make an API call to retrieve the Cloudsmith identifier of a token prior - but no more! Fewer calls, time saved, much happiness.
Next, our Metrics API. We've smoothed over the cracks here, bringing perfect 20/20 alignment to the Package Metrics API and the Entitlement Metrics API. Both these endpoints now provide bandwidth and downloads (and, of course, configurable with a timespan). Additionally, we now return a single dictionary response for these APIs instead of a list with a single dictionary.
This does mean there are some changes here that may alter your workflows. We've bumped the versions of our bindings and CLI to accommodate these improvements - a one and done way of getting these, for python:
pip install --upgrade cloudsmith_api cloudsmith_cli
Last (but by no means least) - we now support the ability to configure the visibility of the package statistics within a repository. Want to tighten access to administrators only in a valorous quest for privacy? We're here to help with that. This setting is now available in the Main Settings section of all repositories.
Happy Tuesday! <3 from the Cloudsmith Team.
Version Badges: Now with Even Shorter Lifespans
Good news! When you're embedding version badges elsewhere, you'll probably have noticed that services like GitHub like to cache them for an excruciatingly long time*, often well beyond the lifetime of the package version itself. That changes today, along with a stylish (yes, stylish, not just style) update:
Couple of things to note:
- The cache TTL (Time-To-Live) time has been reduced from 86400 seconds (1 day) to 300 seconds (5 mins).
- You can now generate badges for Docker images that have a version (non-hashref) assigned to them.
- The latest version badges will now show a "(latest)" prefix; you can turn this off via "show_latest=false".
- You can now customise the appearance of the badge (see below for more details).
- We'll now generate a (much) nicer "version not found" badge if a package or version isn't found.
Tweaking the badge appearance:
- Figure out how you want to tweak it by looking at the official shields attributes.
- Find the query string in the snippet (near the question mark), and add <attribute>=<value> to it.
- Don't forget to put an ampersand between your new value and the next part of the string.
For example, why not go for a wild and crazy alternative colour badge?
Finally: A huge thank you to shields.io for providing an amazing badge rendering service! \o/
Note*: This isn't actually GitHub's fault, our previous use of shields.io meant the Cache-Control header was always returning a max-age of 86400. So we migrated to shields.io newer JSON-based endpoint to fix it.
New Terms of Service: Effective 19th May 2021
Not your usual feature update, but we'll be updating our Terms of Service, effective 19th May 2021*:
For all individual users, the following terms will apply, both replacing the existing terms:
For all organisations and organisation users, the following terms will apply, extending the above terms:
We realise this is a grand undertaking, but please ensure that you read these terms carefully, as with all legal documentation. If you disagree with the content, you'll need to cancel your individual or organisation accounts; but we really hope that won't be necessary, as we'll explain next.
This is a complete revamp of our primary legal agreements between us (Cloudsmith) and you (the Users and Organisations) that we provide a service for. The intention was to finally bring all of these up to the expected level of privacy and security standards required for a service such as ours.
So some things in short to note:
- Our mission is to "Be Good, Do Good" and ensure that this influences all aspects of our policies.
- When engaging our lawyers, we asked them to ensure that the new terms didn't diminish the material rights of our users (that's You); therefore, no introductions of sneaky "gotcha" clauses.
- We paid particular attention to GDPR requirements, in addition to CCPA policy, to ensure that we're adequately articulating what personally identifiable information we're processing and why.
- We also wanted you to recognise the particular attention we pay to securing the service and keeping your private information. You've chosen it to be hidden from the public domain.
- We will absolutely never-ever resort to selling any level of your information. Much of our information required is related to either provision of the service or improving our service, for you.
- We occasionally like to send people marketing material, but only if they request it. We also pay particular attention to the rights to be forgotten and about allowing an "easy exit" if you need one.
The bottom line is: Your privacy and security are important. We care, and we want you to know that we do.
If you have absolutely any concerns at all, please let us know immediately. We'll be happy to discuss!
* Note: The terms are effective immediately for new users and new organisations.
Loggin' Hysteria: Login History
More account-based good news! We've surfaced the history of logins for your account:
You can find the new information on your account security page, underneath the Session Management, as described previously. In addition to seeing the current sessions, the historical view of logins includes context such as the login method, Geo/IP location and details about the browser, operating system and device that logged into and accessed your account. You can hover over the data for additional details.
Let us know if you've got any feedback or if you like the new feature. Enjoy!
Note: The login history only extends to your first login from the release of this feature today, but we'll keep track of and display the history for up to and including the 50 most recent logins.