[Distutils] PyPI update: legacy shutdown 30 April, new classifiers page, seeking funding

Sumana Harihareswara sh at changeset.nyc
Tue Apr 24 17:30:22 EDT 2018

Almost the end.

On Monday April 30th we're going to shut down https://legacy.pypi.org/ .
The URL pypi.python.org will continue to redirect to Warehouse
(pypi.org). As you can see from https://status.python.org/ , Warehouse
has been holding up well, and we don't see any reason to delay the
shutdown of Legacy. If you need to compare new Warehouse behavior with
old Legacy behavior, tell us about a redirect that isn't working right,
etc., please do that this week.

Older versions of JFrog's Artifactory have trouble with the
pypi.python.org redirect. Users whose instances proxy/mirror PyPI should
upgrade before April 30th.
(more context[1])

We've been fixing up search[2], dealing with memory consumption[3] and
reliability, adding metrics and monitoring, replying to user issues,
reviewing volunteers' contributions, and improving PyPI admins' ability
to do things like deprecate classifiers[4]. Check out the new page
listing classifiers and linking to a search for each one!
https://pypi.org/classifiers/ And we've been working on user research
to help guide future design decisions and work. We're grateful for the
59 volunteers who have stepped up to participate in Nicole's user
tests.  And if you have a spare 5 minutes, we'd like for you to play
our "buy a feature" game via this Google form!
(short URL: bit.ly/2HpsAWd  & tweet to RT[5]) More in our weekly
meeting notes[6].

Some open issues that could use comments from you:

 * Why does warehouse allow linux_armv6l and linux_armv7l wheels?[7]
 * Derive list of classifiers from a public, version-controlled
 * Offer a discouraged/deprecated releases option?[9]

Thanks to jonparrott for adding sticky caching for release
descriptions[10], to contrepoint for adding a browser warning for IE
10[11], and browniebroke for customizing an email address verification

As I said last week[13], we're running out of MOSS money. We will
probably be able to deal with any issues that come up immediately
following the legacy shutdown, but then this project (and the weekly
emails from me) will be done. Of course Warehouse could use further
sustained effort, so the Packaging Working Group has submitted some
grant proposals and requests to some funders for amounts ranging from
about USD$35,000 to about USD$150,000. Depending on the funders and
their objectives, we've mentioned chunks of work that could happen
faster (or at all) with funding, such as:
 * Adding support for two-factor authentication via TOTP and U2F/Fido.
 * Adding application-specific tokens scoped to individual
   users/projects (also covering adding token-based login support to
   twine and setuptools).
 * Adding a more advanced audit trail of user actions beyond the current
   journal (allowing publishers to track all actions taken by third-
   party services
 * on their behalf).
 * Performing accessibility repair work to follow an
   accessibility audit.
 * Researching and implementing localization and
   internationalization features.
 * Recruiting translators and integrating translations into PyPI.
We also would like to accelerate work on group/organization support[14],
better notifications, better staging/testing workflow for project
maintainers, GitHub signon, and more. If you want details on predicted
costs and are interested in hooking the Packaging Working Group[15] up
with potential funders, email cochair Ewa Jodlowska at ewa at python dot
org -- and she may advise that PSF sponsorship[16] is the route to take!
(Also if I'm wrong here about how the PSF wants to do money things,
trust actual PSF staffers and not me.)

So, things you can do:

 * check legacy.pypi.org for any behavior, links, etc. you need
 * upgrade Artifactory
 * play our "buy a feature" game
 * comment on issues that need discussion
 * help us get more funding for future work
Thanks and best wishes.
Sumana Harihareswara
Warehouse/PyPI project manager
Changeset Consulting
sh at changeset.nyc


   1. https://github.com/pypa/warehouse/issues/3275
   2. https://github.com/pypa/warehouse/pull/3772
   3. https://github.com/pypa/warehouse/pull/3774
   4. https://github.com/pypa/warehouse/pull/3771
   5. https://twitter.com/nlhkabu/status/988856279526465537
   6. https://wiki.python.org/psf/PackagingWG/2018-04-23-Warehouse
   7. https://github.com/pypa/warehouse/issues/3668
   8. https://github.com/pypa/warehouse/issues/3786
   9. https://github.com/pypa/warehouse/issues/3709
  10. https://github.com/pypa/warehouse/pull/3745
  11. https://github.com/pypa/warehouse/pull/3764
  12. https://github.com/pypa/warehouse/pull/3789
  13. https://groups.google.com/forum/#!topic/pypa-dev/MBa5300VlI8
  14. https://github.com/pypa/warehouse/issues/201
  15. https://wiki.python.org/psf/PackagingWG
  16. https://www.python.org/psf/sponsorship/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20180424/137d89b4/attachment.html>

More information about the Distutils-SIG mailing list