Zope Organization at PyPI

[icemac]

PyPI announced the introduction of organisations, see https://blog.pypi.org/posts/2023-04-23-introducing-pypi-organizations.

I applied for a zope organisation as suggested by the Plone Steering Circle.
When the organisation is actually created, we can decide whether we want to use it. I just registered the name. I hope the organisations feature can help to shape the list of people who can cut releases.

[dataflake]

If such an organization allows managing users who can make releases that filter down to the individual projects that would be great. No more begging for access to older projects.

[icemac]

@dataflake The zope organization got created, I sent you an invite as admin. See https://pypi.org/manage/organization/zope/people/ for the existing roles. I think we still have to add projects to that organization, so begging for access to older projects will not be solved by this organization but it could allow to give only people release rights who are still active in the projects and allow a central management of those people.

[icemac]

As an example I moved Zope to the organization, see https://pypi.org/org/zope/ and https://pypi.org/project/Zope/ (left column under owner).

[dataflake]

OK, so the move only changes one thing on the project itself, the person doing the move is taken off the individual project's collaborator list. So it's safe to do the move at any time, it won't change anyone's workflow or privileges.

There's apparently no intelligence to check if other individual contributors exist/have the same rights at the organization level. "Cleanup" still needs to be done manually.

I personally like the fact that now we have one single place on PyPI that lists all projects under the organization.

How do you want to proceed? I haven't looked if the organization stuff is already part of the API and I could cobble together a script.

[dataflake]

P.S.: I am confusing PyPI and GitHub regarding the API, sorry. This may be a manual process after all.

[icemac]

I think we have to come up with a plan how we will handle the PyPI organisation, maybe we meet sometime in the next months to talk about it.

[dataflake]

IMHO using it is a safe thing to do that won't really change anything for any project, other than removing the person who does the move from the project-local list of collaborators. Since the project will then include organization-level admins automatically it won't change anything in practice. So if we just move the projects and do nothing else we simply gain better visibility and order by being able to point to a single listing page for ZF projects, and by having a visible marker on projects' pages about that organization membership. I see no loss, even if we don't do anything after the basic move, just small gains and - for the future - easy administration of organization-wide privileges.

Zope Sprint time..?

[dataflake]

I suggest we proceed by moving packages into the organization bit by bit as you or I have time. As I said before, this is a safe change and offers the benefit of better visibility under a single umbrella and centralized privilege management for adding new release managers.

[dataflake]

I have now moved all ZF projects that I have access to (log into PyPI and visit https://pypi.org/manage/projects/) to the Zope organization.

[tseaver]

@dataflake Nice work! I did see a huge raft of notifications from PyPI about the changes.

[icemac]

Hopefully the many mails inspire former developers to remove themselves from being owners of packages they no longer use, see also #233.

@dataflake Thank you for doing the migration. Is there something left to do, or can we close this issue as completed?

[dataflake]

@icemac I don't think anyone will actually remove themselves. We would have to do this.

There are literally hundreds of ZF packages left where I don't have PyPI access to do this migration. The issue should remain open as a reminder. Have you visited https://pypi.org/manage/projects/ to find unmigrated packages where you have access but I do not?

[tseaver]

I'm looking now at the projects to which I have access that need moving:

• zope.configuration
• zope.mimetime
• zope.pagetemplate
• zope.xmliter
• zope.contenttype
• zope.catalog
• zope.publisher
• zope.browserresource
• zope.i18n
• zope.session
• zope.login
• zope.exceptions
• zc.recipe.cmmi

Ugh, etc.: it goes on a lot longer, as @dataflake notes.

What is the dance to request their move to the organization?

[dataflake]

• visit the project's PyPI page
• click on Manage Project
• click on Settings
• the section for adding to an organization is on that page.

It will make you select the organization (you must be a member) and then type the project name to continue.

[dataflake]

P.S. I just sent you an invite so you can become a member.

[tseaver]

I've made that transfer for all the non-organization projects in the zope namespace for which I had owner role.

I also removed myself (wrongly) from having the role on the Zope and zope.interface projects: I'd prefer to still be able to see those settings, either by having somebody re-add them or by being an owner rather than maintainer for the organization.

I did not touch projects in the zc.* namespace: at least some of them were related to buildout, which has its own Github org (but likely not a PyPI org yet). @jimfulton might know enough to parse them out.

[dataflake]

I'll make you an owner on the organization, no problem

[tseaver]

@dataflake TYVM.

[icemac]

I just moved all the zopefoundation projects I have owner access to the PyPI organization.

[icemac]

I think we are now done with this issue, right?

[dataflake]

I would guess any remaining projects that are in the GitHub zopefoundation organization but not in the PyPI zope organization aren't that important and we can "clean it up" when we notice them.