+1 Henry Sent from my iPhone On Aug 25, 2022, at 2:03 PM, layday via PyPA-Committers <pypa-committers@python.org> wrote: +1 Sent with Proton Mail<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fproton.me%2F&data=05%7C01%7Chenryfs%40princeton.edu%7Cfb3ebdee862045912d6808da86c407be%7C2ff601167431425db5af077d7791bda4%7C0%7C0%7C637970473817369972%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=cjeMdy6k53poND2Pv3xRScBa7zucB52LXRBsM00sp70%3D&reserved=0> secure email. ------- Original Message ------- On Thursday, August 25th, 2022 at 00:35, Dustin Ingram <di@python.org> wrote: I'd like to propose the transfer of the following projects to the PyPA org: - https://github.com/trailofbits/pip-audit/<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftrailofbits%2Fpip-audit%2F&data=05%7C01%7Chenryfs%40princeton.edu%7Cfb3ebdee862045912d6808da86c407be%7C2ff601167431425db5af077d7791bda4%7C0%7C0%7C637970473817369972%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=5fIFbZWBgL55KPQfFXjXszL3q0zr7OpEDxZRwJr5rJs%3D&reserved=0> - https://github.com/trailofbits/gh-action-pip-audit/<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftrailofbits%2Fgh-action-pip-audit%2F&data=05%7C01%7Chenryfs%40princeton.edu%7Cfb3ebdee862045912d6808da86c407be%7C2ff601167431425db5af077d7791bda4%7C0%7C0%7C637970473817369972%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=PxBGOUsyZOPy6zSEP7vGzB2Xpn9CSWh3NDjl57W8KhU%3D&reserved=0> More background for these projects and the long-term plan for them is here: https://discuss.python.org/t/towards-a-pip-audit-subcommand-for-vulnerability-analysis-management/17681<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdiscuss.python.org%2Ft%2Ftowards-a-pip-audit-subcommand-for-vulnerability-analysis-management%2F17681&data=05%7C01%7Chenryfs%40princeton.edu%7Cfb3ebdee862045912d6808da86c407be%7C2ff601167431425db5af077d7791bda4%7C0%7C0%7C637970473817369972%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=qGd21x9ypwhUtgYRDCB7FMweeaePI0XiNcBWU6SqGCM%3D&reserved=0>. We are still hoping to more closely integrate pip-audit with pip, but for now, the PyPA is a much more appropriate home for these projects, and will join https://github.com/pypa/advisory-database<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fpypa%2Fadvisory-database&data=05%7C01%7Chenryfs%40princeton.edu%7Cfb3ebdee862045912d6808da86c407be%7C2ff601167431425db5af077d7791bda4%7C0%7C0%7C637970473817369972%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=E2zAfw9WbigzX0LWS6wBnidZY06CiIcDzkvJO2VzaME%3D&reserved=0>, which they use. This would add two existing maintainers of these projects (William Woodruff and Alex Cameron) as PyPA committers, in addition to myself. Per PEP 609:
The proposal will be put to a vote on the PyPA-Committers mailing list, over a 7-day period. Each PyPA committer can vote once, and can choose one of +1 and -1. If at least two thirds of recorded votes are +1, then the vote succeeds.
_______________________________________________ PyPA-Committers mailing list -- pypa-committers@python.org To unsubscribe send an email to pypa-committers-leave@python.org https://mail.python.org/mailman3/lists/pypa-committers.python.org/ Member address: henryfs@princeton.edu