On 23 January 2012 04:04, Alex Clark <acl...@aclark.net> wrote:
> - I have created a "user" `pythonpackages` on PyPI
> - I have uploaded an ssh key [1].
> - I have added `pythonpackages` as a maintainer of `Pillow`.
> - You can imagine the rest (and if you can't, it's a secret for now.)
>
> Now, I read the TOS very carefully before creating the `pythonpackages`
> "user". And there was nothing in it to indicate this action is anything
> other than "fair use". But I want to bring it to the attention of the PyPI
> maintainers now, in the event the service becomes popular later (I know at
> least I am planning to use it quite a bit. And we have ~70 beta users signed
> up to begin testing.)
My initial only concern is that the registering and uploading of
packages to the index might become too anonymous.
We are frequently called upon to identify the owners of packages (for
a variety of reasons: ownership disputes, transfer of ownership,
reclamation of zombies, that sort of thing).
Currently a person must be registered with PyPI an listed as an
owner/maintainer to be able to register package releases and upload
files for a package. Even if we required a non-pythonpackages user to
be listed against a package that association could become stale (the
person listed in PyPI could have no longer have anything to do with
the package.)
Richard
_______________________________________________
Catalog-SIG mailing list
Catalog-SIG@python.org
http://mail.python.org/mailman/listinfo/catalog-sig
