On 2020-07-30 14:10, Jean-Paul Calderone wrote:
On Thu, Jul 30, 2020 at 10:34 AM Kyle Altendorf <s...@fstab.net> wrote:
Following up on:
https://github.com/twisted/qt5reactor/issues/50#issuecomment-658432478
qt5reactor has recently been moved into the Twisted organization on
GitHub. The intent is that being in an org will make it less likely
that existing maintainers disappear and the project is stranded with
nobody having the authority to pass it on to any new maintainers. If
we
happen to get more people interested in maintenance that's a bonus,
but
it is not the reason for the move.
The question is, how should the Twisted organization manage PyPI
access
for its projects? Glyph mentioned there is a 1password account that
could be relevant. I have not used 1password personally so I don't
know
any details about how it would fit in here. Twisted itself has six
maintainers listed on PyPI: exarkun, glyph, hawkowl, itamarst, jml,
and
markrwilliams.
Any opinions? 1Password vs.
just-add-a-couple-maintainers-to-the-qt5reactor-pypi vs. ...?
Can you clarify this a bit? PyPI has perfectly serviceable support for
multiple maintainers per project. What benefits come from sharing some
kind of credentials (and what credentials) via a tool like 1Password?
It seems like folks who should be qt5reactor PyPI maintainers can have
their personal PyPI accounts configured as maintainers on PyPI and then
the problem's solved.
So, if I've missed something, maybe you can help clarify.
qt5reactor isn't particularly active and and my hope in it moving into
the Twisted organization is that if all 'active' maintainers are lost
and someone else volunteers later, an organizational maintainer could
choose to give the new volunteer the necessary authority. It may well
be that this is a silly reason to make the move but I haven't been
corrected about it yet. :]
I didn't originate the 1password suggestion but if a Twisted PyPI
account were created, as Adi mentioned, and the credentials stored in
1password then that would associate control with the Twisted
organization rather than individual developers. The presently 'active'
individual developers would presumably retain their PyPI maintainership
rights as well.
Any more clear now?
Cheers,
-kyle
_______________________________________________
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
