On Thu, Jul 30, 2020 at 10:34 AM Kyle Altendorf <sda@fstab.net> wrote:
Following up on: https://github.com/twisted/qt5reactor/issues/50#issuecomment-658432478
qt5reactor has recently been moved into the Twisted organization on GitHub. The intent is that being in an org will make it less likely that existing maintainers disappear and the project is stranded with nobody having the authority to pass it on to any new maintainers. If we happen to get more people interested in maintenance that's a bonus, but it is not the reason for the move.
The question is, how should the Twisted organization manage PyPI access for its projects? Glyph mentioned there is a 1password account that could be relevant. I have not used 1password personally so I don't know any details about how it would fit in here. Twisted itself has six maintainers listed on PyPI: exarkun, glyph, hawkowl, itamarst, jml, and markrwilliams.
Any opinions? 1Password vs. just-add-a-couple-maintainers-to-the-qt5reactor-pypi vs. ...?
Can you clarify this a bit? PyPI has perfectly serviceable support for multiple maintainers per project. What benefits come from sharing some kind of credentials (and what credentials) via a tool like 1Password? It seems like folks who should be qt5reactor PyPI maintainers can have their personal PyPI accounts configured as maintainers on PyPI and then the problem's solved. So, if I've missed something, maybe you can help clarify. Thanks, Jean-Paul