Re: [Distutils] Outdated packages on pypi
There are types to describe this graph.
Thing > CreativeWork > SoftwareApplication
CreativeWork.comment r: [Comment]
http://schema.org/SoftwareApplication http://schema.org/Comment
( #PEP426JSONLD because this is a graph of SoftwareApplication(s); now with TOML metadata )
There could be edge types as well. e.g. what is the relation between PIL/Pillow. - maintainerSuggests - communitySuggests - communitySaysUnmaintained - unaddressedVulns - etc
Adding an embedded JS comments widget does/would add some additional maintenance burden (because user-generated content).
Authors can specify an email address as structured data; and whatever they consider relevant in the long_description. On Jul 13, 2016 9:33 PM, "Steve Dower" steve.dower@python.org wrote:
On 13Jul2016 1456, Glyph Lefkowitz wrote:
On Jul 13, 2016, at 1:54 PM, Steve Dower <steve.dower@python.org
mailto:steve.dower@python.org> wrote:
Possibly such user-contributed content would be valuable anyway
https://alternativeto.net but for PyPI? :)
Or just more general reviews/warnings/info. "Doesn't work with IronPython", "Works fine on 3.5 even though it doesn't say so", etc.
Restrict it to 140 chars, signed in users, only allow linking to other PyPI packages, let the maintainer delete comments (or mark them as disputed) and I think you'd avoid abuse (or rants/detailed bug reports/etc.). Maybe automatically clear all comments on each new release as well.
Doesn't have to be complicated and fancy - just enough that users can help each other when maintainers disappear.
Cheers, Steve _______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
On Thu, Jul 14, 2016 at 11:57 AM, Wes Turner wes.turner@gmail.com wrote:
Adding an embedded JS comments widget does/would add some additional maintenance burden (because user-generated content).
Free-form, user-generated content on PyPI would become a pathway for harassment and abuse. Introducing user-generated content on PyPI would necessarily put an emotional burden on package maintainers in addition to the maintenance burden (unless PyPI moderators are going to screen content before maintainers and users see it—given the dearth of resources for PyPI as it is, this strikes me as exceedingly unlikely).
—Daniel
On 14Jul2016 0619, Daniel D. Beck wrote:
Free-form, user-generated content on PyPI would become a pathway for harassment and abuse. Introducing user-generated content on PyPI would necessarily put an emotional burden on package maintainers in addition to the maintenance burden (unless PyPI moderators are going to screen content before maintainers and users see it—given the dearth of resources for PyPI as it is, this strikes me as exceedingly unlikely).
This is why I listed a set of restrictions to help prevent that:
* 140 chars (flexible, but short enough to prevent rants) * users must be logged in * no external links * maintainers can delete/dispute comments * clear comments on each new release * one comment per user per package (implied, but I didn't explicitly call it out in my previous email)
Do you really think this will be worse than the current state, where abusers *only* have access Twitter, github, reddit and email to harass package maintainers?
Assuming harassment is not going to be a problem, is there value in letting people add comments directly on the page where users seem to keep ending up?
Cheers, Steve
On Fri, Jul 15, 2016 at 1:51 AM, Steve Dower steve.dower@python.org wrote:
This is why I listed a set of restrictions to help prevent that:
- 140 chars (flexible, but short enough to prevent rants)
Did you mean to write "provoke" instead of "prevent"? If we can learn one thing from Twitter it's that such limit favors short and brutish comments over the more nuanced and thoughtful ones - that take way more character space of course.
I don't get what all this fuss is about about comments on PyPI. Such feature seems unnecessary. There are plenty of ways to assess how well maintained a package is. If a package maintainer wants comments or feedback there's the url/long_description fields.
Thanks, -- Ionel Cristian Mărieș, http://blog.ionelmc.ro
On Jul 14, 2016, at 6:51 PM, Steve Dower steve.dower@python.org wrote:
On 14Jul2016 0619, Daniel D. Beck wrote:
Free-form, user-generated content on PyPI would become a pathway for harassment and abuse. Introducing user-generated content on PyPI would necessarily put an emotional burden on package maintainers in addition to the maintenance burden (unless PyPI moderators are going to screen content before maintainers and users see it—given the dearth of resources for PyPI as it is, this strikes me as exceedingly unlikely).
This is why I listed a set of restrictions to help prevent that:
- 140 chars (flexible, but short enough to prevent rants)
- users must be logged in
- no external links
- maintainers can delete/dispute comments
- clear comments on each new release
- one comment per user per package (implied, but I didn't explicitly call it out in my previous email)
Do you really think this will be worse than the current state, where abusers *only* have access Twitter, github, reddit and email to harass package maintainers?
Assuming harassment is not going to be a problem, is there value in letting people add comments directly on the page where users seem to keep ending up?
I don’t believe you can assume that harassment is not going to be a problem.
There’s a fundamental power dynamic here, where publishing your project to PyPI is not *entirely* optional. It’s optional in the sense that nobody is going to force you to publish your project there, but it’s hard to interact fully with the Python ecosystem as a whole for your project if you don’t at least add an entry for it there. Given that we have this dynamic, we need to be particularly careful how the features we add can be used against people, particularly against the most vulnerable people in our community.
We sadly live in a world where our industry is incredibly toxic to, well basically everyone but white guys and are actively hostile towards efforts to seeing a community become more inclusive. These are people who will regularly create multiple twitter accounts in order to spam harassment at people (in 140 characters) to get around cases where the person has blocked them. These are people who will flood comments on GitHub issue trackers for projects they don’t even use to bitch about someone changing some pronouns to be more inclusive.
Consider that a rude comment can completely crush someone’s motivation to learn Python, or to maintain a package. It can make our community seem all that more hostile and I don’t think the vast majority of comments are going to actually be very useful. I suspect they will largely be used as yet another support venue for random users who are confused (and deleting them doesn’t help those users either).
We had a comments and review system years ago (before my time TBH) and the backlash against it was so great that it was a major point of contention on catalog-sig where Package authors wanted it to be gotten rid of and the maintainers at the time pushing back to keep it. We (obviously) eventually got rid of it, and I think that is pretty indicative of the idea in general.
Any sort of user created content requires us, the people running PyPI, to moderate to some degree. We have to do it now with people who create projects with vulgar or offensive names and I don’t believe that we have the man power available to us to moderate the comments of a much larger feature that is going to incentivize people to make negative comments (and let’s be real, 95% of the comments are going to be negative, people rarely reach out to say they’re happy but they’re always ready to complain).
This is a lot of words to say that I would be very against this kind of feature on PyPI. I am not *entirely* against some sort of automated marker for possibly unmaintained packages, but even that I’m sketchy on. Allowing people to poop their own content onto project pages for a project they don’t own is just not tenable I think.
— Donald Stufft
Sure, if it's been tried before and people couldn't control themselves back then (before my time too, and the internet wasn't as blatantly toxic six+ years ago as it is now) then that's reason enough not to try again.
I'm still keen to find a way to redirect people to useful forks or alternative packages that doesn't require thousands of mentions at conferences for all time ala PIL.
Top-posted from my Windows Phone
-----Original Message----- From: "Donald Stufft" donald@stufft.io Sent: 7/14/2016 17:06 To: "Steve Dower" steve.dower@python.org Cc: "Daniel D. Beck" daniel@ddbeck.com; "distutils-sig" distutils-sig@python.org Subject: Re: [Distutils] Outdated packages on pypi
On Jul 14, 2016, at 6:51 PM, Steve Dower steve.dower@python.org wrote:
On 14Jul2016 0619, Daniel D. Beck wrote:
Free-form, user-generated content on PyPI would become a pathway for harassment and abuse. Introducing user-generated content on PyPI would necessarily put an emotional burden on package maintainers in addition to the maintenance burden (unless PyPI moderators are going to screen content before maintainers and users see it—given the dearth of resources for PyPI as it is, this strikes me as exceedingly unlikely).
This is why I listed a set of restrictions to help prevent that:
- 140 chars (flexible, but short enough to prevent rants)
- users must be logged in
- no external links
- maintainers can delete/dispute comments
- clear comments on each new release
- one comment per user per package (implied, but I didn't explicitly call it out in my previous email)
Do you really think this will be worse than the current state, where abusers *only* have access Twitter, github, reddit and email to harass package maintainers?
Assuming harassment is not going to be a problem, is there value in letting people add comments directly on the page where users seem to keep ending up?
I don’t believe you can assume that harassment is not going to be a problem.
There’s a fundamental power dynamic here, where publishing your project to PyPI is not *entirely* optional. It’s optional in the sense that nobody is going to force you to publish your project there, but it’s hard to interact fully with the Python ecosystem as a whole for your project if you don’t at least add an entry for it there. Given that we have this dynamic, we need to be particularly careful how the features we add can be used against people, particularly against the most vulnerable people in our community.
We sadly live in a world where our industry is incredibly toxic to, well basically everyone but white guys and are actively hostile towards efforts to seeing a community become more inclusive. These are people who will regularly create multiple twitter accounts in order to spam harassment at people (in 140 characters) to get around cases where the person has blocked them. These are people who will flood comments on GitHub issue trackers for projects they don’t even use to bitch about someone changing some pronouns to be more inclusive.
Consider that a rude comment can completely crush someone’s motivation to learn Python, or to maintain a package. It can make our community seem all that more hostile and I don’t think the vast majority of comments are going to actually be very useful. I suspect they will largely be used as yet another support venue for random users who are confused (and deleting them doesn’t help those users either).
We had a comments and review system years ago (before my time TBH) and the backlash against it was so great that it was a major point of contention on catalog-sig where Package authors wanted it to be gotten rid of and the maintainers at the time pushing back to keep it. We (obviously) eventually got rid of it, and I think that is pretty indicative of the idea in general.
Any sort of user created content requires us, the people running PyPI, to moderate to some degree. We have to do it now with people who create projects with vulgar or offensive names and I don’t believe that we have the man power available to us to moderate the comments of a much larger feature that is going to incentivize people to make negative comments (and let’s be real, 95% of the comments are going to be negative, people rarely reach out to say they’re happy but they’re always ready to complain).
This is a lot of words to say that I would be very against this kind of feature on PyPI. I am not *entirely* against some sort of automated marker for possibly unmaintained packages, but even that I’m sketchy on. Allowing people to poop their own content onto project pages for a project they don’t own is just not tenable I think.
— Donald Stufft
participants (5)
-
Daniel D. Beck -
Donald Stufft -
Ionel Cristian Mărieș -
Steve Dower -
Wes Turner