While getting up to speed on Warehouse I saw how many package transfer requests are waiting for PEP 541[0] to be accepted, so I thought it might be helpful to round up what I see as the outstanding questions. 1) Usage criteria for abandoned projects.
The tricky part there is that "being used" is a tough concept to define. Over what time period? What amount of downloading counts as "used"?-- Chris Rose[1]
Perhaps a month? suggests Matthias Bussonnier.[2] The ensuing discussion includes thoughts on locking old versions of the project[3]; as I see it, that's a potential feature request for Warehouse, but not something to build into this PEP. (Similarly, Nick Timkovich's idea of "salting" hot-button names on PyPI so it isn't possible to register projects like "android"[4] is a feature idea I like but I think this PEP does not need to wait for it.) 2) A few copyedits from Chris Barker.[5] 3) "How would I, for example, start the process of flagging a project as abandoned?" -- Nick Timkovich[6] It seems to me that the PEP's wording in "Removal of an abandoned project" says we'll allow transfer of abandoned projects but will not remove them only for being abandoned. However, the PEP currently doesn't include a "where to file a ticket" line in that section (as it does in "Invalid projects"). Also, if there's some other reason we should be willing to remove abandoned projects even without a transfer, e.g., the project has a critical security flaw, we should say that somewhere in this PEP or in a different policy document. There is one item Ćukasz mentioned this in the "I decided to not otherwise touch on:" list regarding the revision on January 14th[7] that I think deserves one more chance for discussion. :) A few people brought up making the reachability criteria and instructions crisper.
Regarding reachability: contact attempts should also include the relevant project's issue tracker if attempts at private contact have failed.
This step is important as it allows a project's *user* community to respond, even if the person that actually pushes the buttons to upload new releases to PyPI is out of contact for some reason. -- Nick Coghlan[8]
Nick Timkovich also suggested some specific instructions[9] that would help set expectations to, among other things, reassure maintainers about the length of offline vacations they can take without worrying about having their packages usurped. :) I'm totally fine with folks saying to me: no, these are all addressed, or not important enough to slow adoption of this PEP. In which case, yay, I hope Donald can accept it and we can start processing the backlog. [0] https://www.python.org/dev/peps/pep-0541/ [1] https://mail.python.org/pipermail/distutils-sig/2017-January/030017.html [2] https://mail.python.org/pipermail/distutils-sig/2017-January/030020.html [3] https://mail.python.org/pipermail/distutils-sig/2017-January/030034.html [4] https://mail.python.org/pipermail/distutils-sig/2017-January/030006.html [5] https://mail.python.org/pipermail/distutils-sig/2017-September/031517.html [6] https://mail.python.org/pipermail/distutils-sig/2017-January/030005.html [7] https://mail.python.org/pipermail/distutils-sig/2017-January/030009.html [8] https://mail.python.org/pipermail/distutils-sig/2017-January/030008.html [9] https://mail.python.org/pipermail/distutils-sig/2017-January/030005.html -- Sumana Harihareswara Changeset Consulting https://changeset.nyc