[Twisted-Python] Management of PyPI maintainers (as related to qt5reactor)
Kyle Altendorf
sda at fstab.net
Thu Jul 30 13:58:37 MDT 2020
On 2020-07-30 14:10, Jean-Paul Calderone wrote:
> On Thu, Jul 30, 2020 at 10:34 AM Kyle Altendorf <sda at fstab.net> wrote:
>
>> Following up on:
>> https://github.com/twisted/qt5reactor/issues/50#issuecomment-658432478
>>
>> qt5reactor has recently been moved into the Twisted organization on
>> GitHub. The intent is that being in an org will make it less likely
>> that existing maintainers disappear and the project is stranded with
>> nobody having the authority to pass it on to any new maintainers. If
>> we
>> happen to get more people interested in maintenance that's a bonus,
>> but
>> it is not the reason for the move.
>>
>> The question is, how should the Twisted organization manage PyPI
>> access
>> for its projects? Glyph mentioned there is a 1password account that
>> could be relevant. I have not used 1password personally so I don't
>> know
>> any details about how it would fit in here. Twisted itself has six
>> maintainers listed on PyPI: exarkun, glyph, hawkowl, itamarst, jml,
>> and
>> markrwilliams.
>>
>> Any opinions? 1Password vs.
>> just-add-a-couple-maintainers-to-the-qt5reactor-pypi vs. ...?
>
> Can you clarify this a bit? PyPI has perfectly serviceable support for
> multiple maintainers per project. What benefits come from sharing some
> kind of credentials (and what credentials) via a tool like 1Password?
>
> It seems like folks who should be qt5reactor PyPI maintainers can have
> their personal PyPI accounts configured as maintainers on PyPI and then
> the problem's solved.
>
> So, if I've missed something, maybe you can help clarify.
qt5reactor isn't particularly active and and my hope in it moving into
the Twisted organization is that if all 'active' maintainers are lost
and someone else volunteers later, an organizational maintainer could
choose to give the new volunteer the necessary authority. It may well
be that this is a silly reason to make the move but I haven't been
corrected about it yet. :]
I didn't originate the 1password suggestion but if a Twisted PyPI
account were created, as Adi mentioned, and the credentials stored in
1password then that would associate control with the Twisted
organization rather than individual developers. The presently 'active'
individual developers would presumably retain their PyPI maintainership
rights as well.
Any more clear now?
Cheers,
-kyle
More information about the Twisted-Python
mailing list