Sounds good to me, in this case they can remain under the PSF general budget no worries. That being said then we don't actually know if those funds have been donated for pip or not as the first post implied: "PyPA where Sentry is donating funds to pip".On Thu, May 23, 2024, 08:18 Phyllis Dobbs <phyllis@python.org> wrote:Hi, folks,
Sorry for the delay - I was a bit busy with PyCon US.PyPA is authorized under the PSF's thanks.dev account under my PSF account, so we'll begin monthly transfers of funds to PyPa's funds to the PSF's accounts for the project's. thanks.dev is an application that can be revoked at any time if you all prefer:Mike, I need to have full admin rights because it is a requirement from thanks.dev to integrate as the billing manager. I promise, I won't do anything else in y'alls repos! I have similar access for Pallets right now as they were the first PSF project with thanks.dev donations. I'm pretty sure David Lord would give me a positive testimonial.Gabor, as far as distributing funds, I believe we receive payments for all pypa pages in one lump, so it is different from Tidelift that identifies page-level income and makes it easy for the PSf to distribute funds back to individual maintainers. There are general PyPA funds that could be used for various purposes and would require a vote from the committers to release funds for a specific purpose. Would it be helpful for us to schedule a call to go over PyPA's finances?Matthias, Jupyter and iPython are NumFOCUS' fiscal sponsorees, so the PSF can't accept funds on their behalf. But, it would be a good idea to talk to the NumFOCUS team to see if they could do a similar arrangement with Armin from thanks.dev so more funds head to those projects.Do you all have any other questions?Python Software FoundationControllerThanks,Phyllis A. DobbsOn Wed, May 22, 2024 at 1:41 PM Pradyun Gedam <mail@pradyunsg.me> wrote:I agree! I've invited Phyllis as a member, and we can bump it to owner if she isn't able to get the relevant bits of access.
I'm not sure that the billing manager approach is gonna work here, but I'd say it won't hurt to make Phyllis that (if she's OK with it, which I'll wait for her to confirm to me separately, since she can't email the list without approvals). The sponsorships they're referring to is the GitHub sponsors functionality.
On Wed, 22 May 2024, 14:52 Mike, <miketheman@gmail.com> wrote:GitHub advertises a Billing Manager role, see more here:One of the listed permissions is: "Start, modify, or cancel sponsorships" - is that what is necessary for the thanks.dev management?In the spirit of what William noted, would it be worth trying that out first, and expanding to full admin only if necessary to manage the integration?-MOn Wed, May 22, 2024 at 9:47 AM William Woodruff <william@yossarian.net> wrote:No objections in principle, but as a practical matter: is there a “principle of least authority” option here? In other OSS orgs I’m in we use fine-grained permissions to avoid giving people credentials that they don’t actually require (to reduce an attacker’s ability to pivot on a compromised account), and it’d probably be good to do the same here rather than providing blanket admin rights to all repos._______________________________________________OTOH this may not be possible from a credential/scoping perspective; not sure how thanks.dev works.Best,WilliamSent from mobile. Please excuse my brevity.On May 22, 2024, at 3:08 PM, Matthias Bussonnier <bussonniermatthias@gmail.com> wrote:No objections,I'm also managing thanks.dev for IPython/Jupyter, do you want me to enable the integration with the PyPA org ?(it only requires read access I believe, and I think I can only send a request to activate the integration, and someone else need to approve).I'm still a bit confused about how exactly thanks.dev works, the UI is a bit confusing, but my experience is that it is similar to tidelift, except you can forward the funds you receive to other projects – both as a one-time process, or recurrent.--Matthias_______________________________________________On Wed, 22 May 2024 at 14:09, Bernat Gabor <gaborjbernat@gmail.com> wrote:Will PSF act here same way it does currently for tidelift? As in virtualenv could also take advantage to acquire funds, that have been donated?_______________________________________________On Wed, May 22, 2024, 08:03 Pradyun Gedam via PyPA-Committers <pypa-committers@python.org> wrote:_______________________________________________Hi folks!Phyllis from the PSF reached out about being added as an admin to the pypa organisation to manage the thanks.dev integration that we have for the PyPA where Sentry is donating funds to pip. If there's any concerns with this, please let me know. If no concerns are raised by next week (Friday, 24th), I'll go ahead and do this.Best,PradyunPS: @Phyllis Dobbs I did send you an invite and redacted it since I think I'll wait for folks to raise concerns before doing this.
PyPA-Committers mailing list -- pypa-committers@python.org
To unsubscribe send an email to pypa-committers-leave@python.org
https://mail.python.org/mailman3/lists/pypa-committers.python.org/
Member address: gaborjbernat@gmail.com
PyPA-Committers mailing list -- pypa-committers@python.org
To unsubscribe send an email to pypa-committers-leave@python.org
https://mail.python.org/mailman3/lists/pypa-committers.python.org/
Member address: bussonniermatthias@gmail.com
PyPA-Committers mailing list -- pypa-committers@python.org
To unsubscribe send an email to pypa-committers-leave@python.org
https://mail.python.org/mailman3/lists/pypa-committers.python.org/
Member address: william@yossarian.net
PyPA-Committers mailing list -- pypa-committers@python.org
To unsubscribe send an email to pypa-committers-leave@python.org
https://mail.python.org/mailman3/lists/pypa-committers.python.org/
Member address: miketheman@gmail.com