[META] Is this project still properly maintained ? #274
Comments
|
While fmpov spreading the burden of maintenance over several shoulders would be a good solution, this begs one question: Do we have a group of people that can be trusted with this and would be willing do to it? PS: Thanks for opening this issue, @HorlogeSkynet. I was also thinking about addressing this soon. |
|
Up @nir0s. |
|
Hey all,
I will reply later today to get this going.
…On Sat, Jun 26, 2021, 17:09 Samuel FORESTIER ***@***.***> wrote:
Up @nir0s <https://github.com/nir0s>.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#274 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAPJBBHISFSLO4FVHSIN7SLTUXNRJANCNFSM457GW2GQ>
.
|
@nir0s any news? |
|
Hey. Got some issues lately. Anyway, there's indeed no way I'm going to keep maintaining this myself. I'll try to answer all of @HorlogeSkynet's questions:
The only question that stands now from my POV is who the contributors are. |
What an org would allow the distro project is to better signal that it's been turned into a community effort where a group does the work rather than one key individual, and that there door is open for new people. Membership would become something well visable, rather than something to be found when looking. Also, in a single repo you would remain a bottleneck on repository permissions to my understanding, and an org would fix that midterm. What do you think? |
As I said here, I would be able to, but not alone.
👍
I guess finely tuned GitHub permissions + pull requests rules could workaround that. Quick poll: hey @brejoc @andy-maier @sethmlarson @asottile @funkyfuture @MartijnBraam @pombredanne @adamjstewart, would you enroll as a "contributor" here (sorry for the noises) ? Bye 👋 |
|
I have to admit that I would also be in favour of an organization. Makes things more visible, easier to find and last but not least to organize. python-distro might be comparatively small in size, but it's an important project. Many other packages rely on it and in my case a small change broke Debian builds for the openSUSE build service. So it's one of those packages that should have eyes from several people and ideally several distros. I'm not sure how much time I can invest, but I would be happy to help! |
|
I'm not sure how much bandwidth I would have to help maintain |
|
If this becomes a community effort, I'd be happy to see how I can help. |
|
i also have a limited amount of time available and i find this project essential for the Python community. hence, a few thoughts: what i can offer is to act as reviewer on pull requests. not always, but i guess this is doable often for me. it might make things easier in the long term if people involved in distributions (likely maintaining Python packages for it) get involved to keep an eye on their concerns. i generally find it helpful when a project publishes a consensus about the criteria of Python versions that it supports. (yes, this does not directly concern the maintenance of the package, but i find that helpful when both contributing and maintaining.) addendum: oh, and it would be super cool if someone could draft a document that describes the intended change of mode. |
|
Having contributed in the past I'd be willing to contribute again, especially if I had commit bit. |
In particular, Spack has really annoying Python support requirements. A lot of clusters we run on still only have Python 2.6 so we're actively maintaining Python 2.6 support. We're stuck on an old version of |
|
Alright then. I've created the I can certainly draft something that would convey how this is going to be managed from now on. I do, however, wonder if the org can encapsulate more than just this project, as we had previous features in mind that could provide benefits beyond just what distro does right now. That' s beside the point, though. |
@adamjstewart I consider that rather off-topic and controversial. I'm in some conflict here now because if I reply to that I contribute to taking things off-topic more but if I don't I let your statement sit here without justified protest and that does not seem healthy either. So I will do a quick reply and ask you to create a dedicated ticket for discussion if you insist this matters. Does that sounds fair? |
@nir0s awesome, thank you! 🎉 🙏 |
|
@nir0s at least one more trusted PyPI maintainer would be great, now or soon-ish. If you're looking for usernames up there: |
|
@nir0s Instead of adding anyone to PyPI, can you hang on the line for a little longer and instead one day create a PyPI API token and continuous deployment which requires multiple maintainers to approve for a deploy to happen? I think this is the most security conscious way to handle a package which receives this amount of downloads. I can work on the continuous deployment via GitHub Actions and then you'd only need to set a secret within GitHub. |
|
Indeed. I'll create one soon.
…On Wed, Jun 30, 2021, 23:37 Seth Michael Larson ***@***.***> wrote:
@nir0s <https://github.com/nir0s> Instead of adding anyone to PyPI, can
you hang on the line for a little longer and instead one day create a PyPI
API token and continuous deployment which requires multiple maintainers to
approve for a deploy to happen? I think this is the most security conscious
way to handle a package which receives this amount of downloads.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#274 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAPJBBASH67YYOEGFNKOE3LTVN575ANCNFSM457GW2GQ>
.
|
|
@HorlogeSkynet re:
Sure thing. FWIW I ended up building my own distro detector using only And I have also aggregated and merged several collections of os-release files for testing in https://github.com/nexB/container-inspector/tree/main/tests/data/distro/os-release and this is likely the largest collection anywhere now :) If this code can help here I would be glad to contribute. I can also consider using this project if there is a way to work exclusively off any rootfs on any OS and never execute a commands using os-release files and similar like I do in my code. |
EDIT: (sorry for premature enter) I would, though I'm afraid I already maintain too many things (and I personally no longer directly use happy to assist in other ways though 👍 |
|
@pombredanne, I'd happily add you as a maintainer and would be happy to receive that contribution. |
|
@asottile, that's fine. We all have lives :) |
|
Have we properly dealt with all raised points ? Can we close this issue and keep on with the PRs and so on ? 😏 |
|
Let's close this then, thank you all for your time and commitment 🙇 |
|
Just had our first successful end-to-end release of distro under the new organization! 🎉 PyPI: https://pypi.org/project/distro |
Hi @nir0s, hi watchers,
Like ~15.000+ others, I depend on distro and I have come to be concerned about the state of the project, because :
lsb_relsase#261)lsb_relsase#261 and Honors/usr/lib/os-releasewhen/etc/os-releaseis not available #262)So please find below some questions I would want to ask you :
Thanks for reply 🙏
The text was updated successfully, but these errors were encountered: