On 5 April 2018 at 07:58, Jannis Gebauer firstname.lastname@example.org wrote:
What if there was some kind of “blessed” entity that runs these services and puts the majority of the revenue into a fund that funds development on PyPi (maybe trough the PSF)?
Having a wholly owned for-profit subsidiary that provides commercial services as a revenue raising mechanism is certainly one way to approach something like this without alienating sponsors or tax authorities (although it may still alienate the vendors of now competing services). It would require a big time commitment on the PSF side to get everything set up though, as well as interest from key folks in joining what would essentially be a single-language-focused start up in an already crowded cross-language developer tools marketplace. When the PSF as a whole is still operating with only a handful of full or part time employees, it's far from clear that setting something like that up would be the most effective possible use of their time and energy.
At a more basic level, that kind of arrangement technically doesn't require anyone's blessing, it could be as straightforward as downstream tooling vendors signing up as PSF sponsors and saying "please allocate our sponsorship contribution to the Packaging WG's budget so that PyPI keeps operating well and the PyPA tooling keeps improving, increasing the level of demand for our commercial Python repository management services".
Historically that wouldn't have helped much, since the PSF itself has struggled with effective project management (for a variety of reasons), but one of the things I think the success of the MOSS grant has shown is the significant strides that the PSF has made in budget management in recent years, such that if funding is made available, it can and will be spent effectively.
P.S. PyPA contributors are also free agents in their own right, so folks offering Python-centric developer workflow management tools or features may decide that it's worth their while to invest more directly in smoothing out some of the rough edges that currently still exist. It's a mercenary way of looking at things, but in many cases, it is *absolutely* possible to pay for the time and attention of existing contributors, and if you can persuade them that your proposals are reasonable, they'll often have an easier time than most convincing other community contributors that it's a good way to go :)
Well, when I created my company I had no intention to work on closed source projects, so "private repositories" is definitely not interesting for us as a feature.
However, we're all for helping PyPA to make sustainable revenue, and also having more infra, and why not one day integrate gpg signature checking on packages we've been uploading with python setup.py sdist upload --sign so far ....
Please contact me if interested.
Have a great day.
PS: forgot to say, the name of the company i'm putting at your disposal for this project is YourLabs Business Service, we have hackers and funds at your disposal for this project.
Hi Jamesie, and welcome.
You are responding to a six-month old email from Nick. (And I only know that much by the merest chance.) A bit of context would be nice, otherwise your post is rather mysterious and not very interesting.
I thought they were looking for a company to help them with this project.
I didn't want to take the lead on this but if I am then I'm sorry to say that the user story list for the beta is extremely boring:
- user can subscribe for free during beta with an email - user can create a private repository - user can create a token - user can upload packages to the repository with their token - user can delete a package - user can delete a repository - user can delete their account
But then if we want to pay for that it has to be much more interesting, you could go completely crazy on ideas:
- user can create groups, assign permissions on packages etc - user has a command to upload that supports encryption for their packages to host on the public server, - user has a command to spawn a server for a given repository given a token, then packages could be uploaded/downloaded directly from their own network - that could also run on their private network in which case the public server can serve as proxy, - fun & profit