Re: [Distutils] [Python-ideas] Pypi private repo's
I am fairly sure if you give the PyPA that suggestion, they will just deflate at the thought of the workload. Besides, we already offer private repos for free, several ways ranging from devpi to python -m SimpleHTTPServer in a specially created directory. From: Python-ideas <python-ideas-bounces+tritium-list=sdamon.com@python.org> On Behalf Of Nick Humrich Sent: Wednesday, April 4, 2018 12:26 PM To: python-ideas@python.org Subject: [Python-ideas] Pypi private repo's I am sure this has been discussed before, and this might not even be the best place for this discussion, but I just wanted to make sure this has been thought about. What if pypi.org <http://pypi.org> supported private repos at a cost, similar to npm? This would be able to help support the cost of pypi, and hopefully make it better/more reliable, thus in turn improving the python community. If this discussion should happen somewhere else, let me know. Nick
This was recently discussed on the Packaging-WG mailing list. To summarize, there are a few key reasons why this would be challenging: 1) The PSF is a non-profit. Taking on work generally in the domain of for-profit enterprises might jeopardize our tax-exempt status. 2) PyPI relies heavily (~$1M/yr) on donated services and infrastructure. If we start trying to make money, our sponsors may not appreciate it. 3) If PyPI is in the business of hosting private packages, it may de-incentivize us from helping to make sure "competing" private indices (devpi, Artifactory, gemfury, etc) are functional. 4) With the exception of the current MOSS grant, PyPI is supported entirely by unpaid volunteers. Is it fair to ask volunteers to continue contributing their time to a for-profit enterprise? Not to say that this would be impossible -- PyCon is quite similar (turns a profit, has sponsors, competes with other conferences, uses volunteer support) has addressed (and is addressing) many of these challenges, but it remains that the transition would be challenging. D. On Wed, Apr 4, 2018 at 3:55 PM, Alex Walters <tritium-list@sdamon.com> wrote:
I am fairly sure if you give the PyPA that suggestion, they will just deflate at the thought of the workload. Besides, we already offer private repos for free, several ways ranging from devpi to python -m SimpleHTTPServer in a specially created directory.
From: Python-ideas <python-ideas-bounces+tritium-list=sdamon.com@python.org> On Behalf Of Nick Humrich Sent: Wednesday, April 4, 2018 12:26 PM To: python-ideas@python.org Subject: [Python-ideas] Pypi private repo's
I am sure this has been discussed before, and this might not even be the best place for this discussion, but I just wanted to make sure this has been thought about.
What if pypi.org supported private repos at a cost, similar to npm?
This would be able to help support the cost of pypi, and hopefully make it better/more reliable, thus in turn improving the python community.
If this discussion should happen somewhere else, let me know.
Nick
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
What if there was some kind of “blessed” entity that runs these services and puts the majority of the revenue into a fund that funds development on PyPi (maybe trough the PSF)? Jannis
On 4. Apr 2018, at 23:24, Dustin Ingram <di@di.codes> wrote:
This was recently discussed on the Packaging-WG mailing list. To summarize, there are a few key reasons why this would be challenging:
1) The PSF is a non-profit. Taking on work generally in the domain of for-profit enterprises might jeopardize our tax-exempt status.
2) PyPI relies heavily (~$1M/yr) on donated services and infrastructure. If we start trying to make money, our sponsors may not appreciate it.
3) If PyPI is in the business of hosting private packages, it may de-incentivize us from helping to make sure "competing" private indices (devpi, Artifactory, gemfury, etc) are functional.
4) With the exception of the current MOSS grant, PyPI is supported entirely by unpaid volunteers. Is it fair to ask volunteers to continue contributing their time to a for-profit enterprise?
Not to say that this would be impossible -- PyCon is quite similar (turns a profit, has sponsors, competes with other conferences, uses volunteer support) has addressed (and is addressing) many of these challenges, but it remains that the transition would be challenging.
D.
On Wed, Apr 4, 2018 at 3:55 PM, Alex Walters <tritium-list@sdamon.com> wrote:
I am fairly sure if you give the PyPA that suggestion, they will just deflate at the thought of the workload. Besides, we already offer private repos for free, several ways ranging from devpi to python -m SimpleHTTPServer in a specially created directory.
From: Python-ideas <python-ideas-bounces+tritium-list=sdamon.com@python.org> On Behalf Of Nick Humrich Sent: Wednesday, April 4, 2018 12:26 PM To: python-ideas@python.org Subject: [Python-ideas] Pypi private repo's
I am sure this has been discussed before, and this might not even be the best place for this discussion, but I just wanted to make sure this has been thought about.
What if pypi.org supported private repos at a cost, similar to npm?
This would be able to help support the cost of pypi, and hopefully make it better/more reliable, thus in turn improving the python community.
If this discussion should happen somewhere else, let me know.
Nick
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
On 5 April 2018 at 07:58, Jannis Gebauer <ja.geb@me.com> wrote:
What if there was some kind of “blessed” entity that runs these services and puts the majority of the revenue into a fund that funds development on PyPi (maybe trough the PSF)?
Having a wholly owned for-profit subsidiary that provides commercial services as a revenue raising mechanism is certainly one way to approach something like this without alienating sponsors or tax authorities (although it may still alienate the vendors of now competing services). It would require a big time commitment on the PSF side to get everything set up though, as well as interest from key folks in joining what would essentially be a single-language-focused start up in an already crowded cross-language developer tools marketplace. When the PSF as a whole is still operating with only a handful of full or part time employees, it's far from clear that setting something like that up would be the most effective possible use of their time and energy. At a more basic level, that kind of arrangement technically doesn't require anyone's blessing, it could be as straightforward as downstream tooling vendors signing up as PSF sponsors and saying "please allocate our sponsorship contribution to the Packaging WG's budget so that PyPI keeps operating well and the PyPA tooling keeps improving, increasing the level of demand for our commercial Python repository management services". Historically that wouldn't have helped much, since the PSF itself has struggled with effective project management (for a variety of reasons), but one of the things I think the success of the MOSS grant has shown is the significant strides that the PSF has made in budget management in recent years, such that if funding is made available, it can and will be spent effectively. Cheers, Nick. P.S. PyPA contributors are also free agents in their own right, so folks offering Python-centric developer workflow management tools or features may decide that it's worth their while to invest more directly in smoothing out some of the rough edges that currently still exist. It's a mercenary way of looking at things, but in many cases, it is *absolutely* possible to pay for the time and attention of existing contributors, and if you can persuade them that your proposals are reasonable, they'll often have an easier time than most convincing other community contributors that it's a good way to go :) -- Nick Coghlan | ncoghlan@gmail.com | Brisbane, Australia
Hi Nick, Well, when I created my company I had no intention to work on closed source projects, so "private repositories" is definitely not interesting for us as a feature. However, we're all for helping PyPA to make sustainable revenue, and also having more infra, and why not one day integrate gpg signature checking on packages we've been uploading with python setup.py sdist upload --sign so far .... Please contact me if interested. Have a great day.
PS: forgot to say, the name of the company i'm putting at your disposal for this project is YourLabs Business Service, we have hackers and funds at your disposal for this project.
participants (5)
-
Alex Walters -
Dustin Ingram -
Jamesie Pic -
Jannis Gebauer -
Nick Coghlan