Skip to content

alpha: add PyPI package lifecycle engagement #424

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Oct 7, 2024
Merged

alpha: add PyPI package lifecycle engagement #424

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 29 additions & 0 deletions alpha/engagements/2024/PyPI/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# Alpha Engagement: PyPI Package Lifecycle Engineering

The purpose of this Alpha engagement is to fund the development
of fixes and enhancements to the Python packaging ecosystem's
project "lifecycle," with particular focus on:

1. Improving the reliability of index retrieval by driving the
ecosystem towards a soft removal model ("yanking") instead of hard
deletion;
2. Improving project status reporting abilities, including giving
Python project maintainers the ability to emit structured metadata
on PyPI regarding a project's status (e.g. "finished", "archived",
"deprecated", etc.);
3. Adding support for project drafting and bulk uploads (i.e. multi-file
uploads) to PyPI, via an implementation of [PEP 694].

## Timeline

This engagement started in September 2024.

## Monthly updates

* [Semptember 2024](./update-2023-09.md)

## Primary Contacts

* William Woodruff - Trail of Bits

[PEP 694]: https://peps.python.org/pep-0694/
22 changes: 22 additions & 0 deletions alpha/engagements/2024/PyPI/update-2023-09.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# PyPI Package Lifecycle Engineering: September 2024

*Logistical note*: This is our first status update, and reflects
only a limited number of hours used this month.

## In progress

* Revived the standards process for [PEP 694] and began reviewing the latest
draft changes. Coordinating with the PEP's authors/delegates on steps
towards finalizing and provisionally accepting the PEP.
* Began a [pre-PEP discussion] for limiting deletions on PyPI. Currently
drafting the accompanying PEP.
* Began preliminary development on deletion eligibility logic for files,
releases, and projects on PyPI.
* Draft PR: https://github.com/pypi/warehouse/pull/16813
* Began preliminary development on project status markers. Coordinating
with PyPI's security and safety engineer on design and implementation
timeline.

[PEP 694]: https://peps.python.org/pep-0694/

[pre-PEP discussion]: https://discuss.python.org/t/pre-pep-limiting-deletions-on-pypi/66351
Loading