Hi folks, I've been CC'd into a bunch of discussion recently (example <https://github.com/pypa/pip/issues/12250>) on whether PyPA projects should add themselves to the PyPA organization on PyPI <https://pypi.org/org/pypa/> and wanted to start a thread to clear up any confusion and answer any questions. *Why was the PyPA org created on PyPI?* Mostly to provide an early example of a community organization on PyPI, with the assumption that some PyPA projects may eventually want to move their projects into the organization. *Should projects move to the PyPA org on PyPI?* This is entirely up to the maintainers of the project in question. Projects should definitely not feel obligated to move to the organization. *What's the benefit to moving to the PyPA org on PyPI?*Currently, the primary benefit is that the project can further display its relationship to the PyPA by having an organization listed on the project page on PyPI ( example <https://pypi.org/project/readme-renderer/>): [image: image.png] Additionally, the nature of the permissions model means that all PyPA organization owners effectively will have the same permissions as a project owner. This could be a benefit (e.g., an additional backstop if the project were to become unmaintained or abandoned) or could be a downside (e.g., another owner means another potential point of compromise) -- I think both are equally unlikely, though. *Who are the PyPA organization owners?* Currently just me and @Ee Durbin <ee@python.org>, although I have no reservations about adding other owners of the GitHub organization (who are currently me, ewdurbin, dstufft, jaraco, pfmoore, pradyunsg and xavfernandez) to owners of the PyPI organization. *What can owners do to a project in the organization?* TL;DR, adding a project to an organization makes all organization owners equivalent to project owners. Here's the matrix on organization roles: [image: image.png] Currently, this does not give Ee and I the ability to do anything we can't already *effectively* do as PyPI administrators, and we'll continue to exercise the same judgement/caution with our PyPI credentials as we always do. Note that this *could* extend privileges that didn't previously exist to new individuals if we add additional organization owners. If that were to happen, I would expect them to act as responsibly as they already do with their GitHub organization ownership. *Could projects join the PyPA organization but keep the same list of people with authority to do releases?* Yes, the existing list of owners/maintainers does not change (with one exception if the transferring user is both a project owner and an organization owner <https://github.com/pypi/warehouse/issues/13558>). *Is every member of the PyPA organization able to release any project that's in the organization?* No, project owner/maintainer permissions to publish remains at the per-project level. *I would like to add my project to the PyPA organization, what should I do?* Email me directly or @mention me into an issue on your repository and we will sort out the necessary steps. If you have any additional questions, feel free to respond here and I'll be happy to answer them.