On Wed, Mar 17, 2021 at 10:09 PM Paul Moore firstname.lastname@example.org wrote:
Personally, I'd have to understand better what this meant in terms of what the pip project might be committing to if we were under tidelift. [...] being "asked to do stuff" by Tidelift is something I need to consider quite carefully.
IIRC the agreement is that you keep maintaining the project as you did before. They won't demand any features. But they will want you to keep the metadata up-to-date (like confirming that they parsed the license properly, publishing the security policy, enabling 2FA for all the maintainer accounts, and so on).