-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FR] Move to PyPA org on PyPI? #12250
Comments
You've posted the same issue on various projects. I suggest sorting out what is involved in moving projects, what the implications are, and how such a move would impact project governance somewhere central, otherwise we'll be having the same discussions over and over again, wasting people's time. The pypa org on PyPI was, as far as I know, created by PyPI on the presumption that the PyPA projects would want it, but there's been no communication on how it would work for a loosely organised group of independently governed projects like the PyPA. Could projects join the org but keep the same list of people with authority to do releases, or would every member of the org be able to release any project that's in the org? While I don't expect anyone would abuse such a privilege, it does change the trust model for people who rely on (say) pip, if (for example) the pipenv maintainers now need to be trusted when evaluating the risks of using pip. I'm -1 on moving any PyPA project to the pypa org until we understand how it affects project governance, security, and ownership questions. There isn't a particularly good place for PyPA discussions like this - IMO it should be somewhat private (in other words, I do not think that the packaging category on Discourse is ideal), with only PyPA members able to comment but with the discussions available publicly for transparency. The only option I know of meeting those criteria is the PyPA mailing list. |
You're right, I realized this later on. |
Yes, that's what I meant when I said it "meets those criteria". |
Oh, I misread and interpreted it as "it should be fully secret". |
I've added a backlink from all the open issues to this one.
Given that we don't really have this outside of the pypa-committers mailing list, let's do this on discuss.python.org? |
@di has proactively moved specific projects over, so perhaps he's a good person to provide context on this... |
My main reservation with discuss.python.org is that it is hard on there to know who is a PyPA member, and who is just an "interested bystander" voicing an opinion 🙁 As this is about PyPA governance, I do think that in this instance, the opinions of PyPA members specifically are what matters. |
I've sent an email to the pypa-committers@ mailing list to discuss this. |
Since the ML is public, I'm posting the direct link to that email here: https://mail.python.org/archives/list/pypa-committers@python.org/thread/E6MWIHEK3M232UILXGQFYPHGJHF7VYW7/. @pfmoore ^ |
Thanks. I saw it. I don’t personally think it’s worth it. There’s no real benefit that I can see. |
What's the problem this feature will solve?
PyPA projects consolidation and continued access to publishing to PyPI?
Describe the solution you'd like
With the orgs feature on PyPI, there's a PyPA org that exists already — https://pypi.org/org/pypa/. Why not make use of it?
Alternative Solutions
...not doing that?
Additional context
PyPI orgs allow for displaying related projects under the same umbrella. They also implement a more fine-grained RBAC.
UPD: Dustin explained the implications as an FAQ in the ML: https://mail.python.org/archives/list/pypa-committers@python.org/thread/E6MWIHEK3M232UILXGQFYPHGJHF7VYW7/.
Code of Conduct
The text was updated successfully, but these errors were encountered: