| Hey Ed. Thanks for the feedback. You bring up some good points and I do want to address some of them. (And a note for some readers so they can understand my biases while reading: I'm representing Hashicorp officially) In designing the registry, its API, its required module structure, etc. we worked for the past year with ~10 or so large community users, consultancies, partners, and customers. We had a representative from each that was actively involved in the design from the beginning, and they had a really big impact on what the registry ended up being. These are people who've written hundreds of modules, who know the best practices of their clouds, etc. So we hope with this collective knowledge we've built something that was longer than a five minute demo. :) They also had great feedback on various improvements we can/should make to Terraform itself and we are doing a lot of that with TF 0.11. On the "works or not" topic: we provide verified modules for this reason. Verified modules are not only tested by HashiCorp engineers but also involve an active relationship with the module maintainer to ensure that the modules stay functioning across Terraform updates and cloud updates. These are recognizable with the blue checkmark. We launched with about three dozen of these but I expect community modules to lap this quickly. At the same time, we don't want to actively disallow or heavily curate what people do with modules. So community members can publish pretty much anything they want on the registry. If you're using a community module, you're definitely taking your own risk and we hope we spell that out in the docs. We already have plans underway to provide "module scorecards" in a way to help the community further recognize the quality of a module versus simply the blue check mark or no blue check mark binary approach. This design was part of our initial design, but isn't ready for launch. Going beyond the public registry, we also announced today we'll have a private registry available in Terraform Enterprise. Note that the actual public API of the registry is documented (https://www.terraform.io/docs/registry/api.html) so separate implementations are possible and welcome. But within our commercial private registry, we will actually track _who_ is using your modules. When you change the public interface to a module (inputs, outputs), we do provide warnings that "you may break X downstream workspaces" and allow you to contact those workspace owners. This isn't something we can easily do with the public registry simply due to the data model and not wanting to have everyone's usage information stored (we don't store or have access to any of that right now nor do we have plans, don't worry). But the private registry will be doing all of that because the application has all that information already from Terraform Enterprise. And beyond all of this: Terraform 0.11 (due for release late this year and we talked about it during the HashiConf keynote briefly) is bringing along huge improvements to the module system in the core of Terraform which will make it much easier and more robust to work with modules. Lots of stuff! But I hope this helps answer some of the questions for you and others. (I'll add an edit since after posting this I saw some of your other comments: we are planning some major changes around HCL, we've publicly said so on issues, and we expect those to start hitting around 0.11. There are definitely some mistakes we shipped in its original form and while that's unfortunate, but we've learned a lot and brought on some people very experienced on such topics and we plan to address these shortcomings over time.) |