On Wed, Mar 17, 2021 at 10:09 PM Paul Moore
Personally, I'd have to understand better what this meant in terms of what the pip project might be committing to if we were under tidelift. [...] being "asked to do stuff" by Tidelift is something I need to consider quite carefully.
IIRC the agreement is that you keep maintaining the project as you did before. They won't demand any features. But they will want you to keep the metadata up-to-date (like confirming that they parsed the license properly, publishing the security policy, enabling 2FA for all the maintainer accounts, and so on). -- Warm regards, Sviatoslav Sydorenko Software Hacker @ Ansible Core --- https://useplaintext.email/ () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments ---