Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

meta: Use project-level account on PyPI #1921

Open
dgw opened this issue Aug 8, 2020 · 4 comments
Open

meta: Use project-level account on PyPI #1921

dgw opened this issue Aug 8, 2020 · 4 comments
Assignees
@dgw
Labels
Tracking

Comments

@dgw
Copy link
Member

dgw commented Aug 8, 2020

Enough people are getting involved in this project now that I'm not sure anymore about being listed as the author on PyPI. It's really not just me, even ignoring the many times project ownership changed (Phenny->Jenni->Willie).

So I'd like to update the authorship metadata on PyPI, effective for Sopel 8.0. We should say that "Sopel IRC Contributors" (or a similar name) is the author, and list currently active maintainers as maintainers instead.

PyPI has no concept of "team accounts", which is unfortunate. We'll have to make sure a few people always have (secure) access to the project account's credentials, so theoretically there will always be at least one person who can add more maintainers when (not if) someone just suddenly disappears one day. (I fully acknowledge that that could be me—bus factor and all that.)

Other things to think about includes how to handle releases. It's kind of neat to see who released each Sopel version, and if we can store multiple PyPI tokens to use depending on who pushed the release tag, that would be neat. But the simplest option is obviously to continue using one account—the "primary" maintainer's, or the project's—to deploy releases.*

* — No idea if mapping the tagging user to release credentials is possible; it's just a cool idea. Moving off of Travis CI would affect this, too—we've tossed around the idea of switching to GitHub Actions.
@dgw dgw added the Tracking label Aug 8, 2020
@dgw dgw added this to the 8.0.0 milestone Aug 8, 2020
@dgw dgw self-assigned this Aug 8, 2020
@Exirel
Copy link
Contributor

Exirel commented Jul 23, 2022

In #2328 there is an optional change that can be brought to have 2 types of information:

  • a list of authors (and you could be one)
  • a list of maintainers (and other people could be in that list)

I don't think it's important to know who released a version. Currently, you need to have the PyPI token to do so, or to have the right to tag/publish a release on the Github repository anyway, and I think you are the only one that can do so?

In any case, I'll be happy to be considered a maintainer, with all the responsibilities that come with it. Just don't ask me to write the next release note without grammar issues. 😁

@dgw
Copy link
Member Author

dgw commented May 29, 2023

Yeah, OK. De-milestoning because we're so close to being able to do this in a nice way, but waiting on PyPI.

image

(I definitely thought the request would be processed in less than the month it's been sitting so far.)

@dgw dgw removed this from the 8.0.0 milestone May 29, 2023
@dgw
Copy link
Member Author

dgw commented Nov 12, 2024

Approaching 19 months, no change (except to the page styles).

Image

@dgw
Copy link
Member Author

dgw commented Jan 10, 2025

There is some news on this, but no progress yet. 70 community organizations have been admitted to the private beta so far, and there are currently 9,182 applications pending including ours.

No promises made yet as to a timeline for opening it up further. https://discuss.python.org/t/state-of-pypi-organizations/33764/25

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dgw dgw

Labels
Tracking
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dgw @Exirel