[Twisted-Python] Management of PyPI maintainers (as related to qt5reactor)

Kyle Altendorf sda at fstab.net
Thu Jul 30 13:58:37 MDT 2020


On 2020-07-30 14:10, Jean-Paul Calderone wrote:

> On Thu, Jul 30, 2020 at 10:34 AM Kyle Altendorf <sda at fstab.net> wrote:
> 
>> Following up on:
>> https://github.com/twisted/qt5reactor/issues/50#issuecomment-658432478
>> 
>> qt5reactor has recently been moved into the Twisted organization on
>> GitHub.  The intent is that being in an org will make it less likely
>> that existing maintainers disappear and the project is stranded with
>> nobody having the authority to pass it on to any new maintainers.  If 
>> we
>> happen to get more people interested in maintenance that's a bonus, 
>> but
>> it is not the reason for the move.
>> 
>> The question is, how should the Twisted organization manage PyPI 
>> access
>> for its projects?  Glyph mentioned there is a 1password account that
>> could be relevant.  I have not used 1password personally so I don't 
>> know
>> any details about how it would fit in here.  Twisted itself has six
>> maintainers listed on PyPI: exarkun, glyph, hawkowl, itamarst, jml, 
>> and
>> markrwilliams.
>> 
>> Any opinions?  1Password vs.
>> just-add-a-couple-maintainers-to-the-qt5reactor-pypi vs. ...?
> 
> Can you clarify this a bit?  PyPI has perfectly serviceable support for 
> multiple maintainers per project.  What benefits come from sharing some 
> kind of credentials (and what credentials) via a tool like 1Password?
> 
> It seems like folks who should be qt5reactor PyPI maintainers can have 
> their personal PyPI accounts configured as maintainers on PyPI and then 
> the problem's solved.
> 
> So, if I've missed something, maybe you can help clarify.

qt5reactor isn't particularly active and and my hope in it moving into 
the Twisted organization is that if all 'active' maintainers are lost 
and someone else volunteers later, an organizational maintainer could 
choose to give the new volunteer the necessary authority.  It may well 
be that this is a silly reason to make the move but I haven't been 
corrected about it yet.  :]

I didn't originate the 1password suggestion but if a Twisted PyPI 
account were created, as Adi mentioned, and the credentials stored in 
1password then that would associate control with the Twisted 
organization rather than individual developers.  The presently 'active' 
individual developers would presumably retain their PyPI maintainership 
rights as well.

Any more clear now?

Cheers,
-kyle



More information about the Twisted-Python mailing list