Re: [Distutils] Name arbitration on PyPI - how about administrative abandonment/replacement meta-data

2016-04-20 Thread Tres Seaver 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 04/20/2016 04:36 PM, Ronny Pfannschmidt wrote:

> its not given lightly, and it shouldn't be easy to weasel out of it. 
> Actually a noop release is a good indicator that the mark is
> well-deserved and should be keept. Making an effort to remove a mark
> without making the reason for its existence go as well is a lie in
> plain sight.

A release, any release, is a sign that the maintainer is around and cares
about the package enough to act.  That should be sufficient to block any
takeover attempt.

> this reminds me of the whole setuptools/distribute situation.

I don't think that means what you think it does:  the situation was
resolved amicably, via negotiation with the owner of the original name.
The fact that it took longer than some wanted was *not* an indication
that it was the wrong outcome.



Tres.
- -- 
===
Tres Seaver  +1 540-429-0999  tsea...@palladion.com
Palladion Software   "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJXGAaCAAoJEPKpaDSJE9HY3FIQAL87jOyqytF1MuC5SHqiw0y1
p7BYWrLf8MVl+DFRJ0x0s9NPVgvkeF+rbx17WD7k8Eik5iuXzTpjIun0oI9UBkwC
iTpogEwDrFg3T/s3bM0ObAphcLFHAY4YFMXsUThODtCHg4qi/04Z9RiMhnabwitP
GfzuI33aDZbgkyi3ozEse5rP1xTn3SmhtHwu7k5gQvAmg8ntpXFzP7l1IXNWtPr+
SGXzsgohZwsDdOBwOibbvQ3VQSmeLBPrfsP0xVzNOIh7GEHT6AXMM8qK52Er4vMd
SQmR2r0WAShqDm+LadfK/KjrvwSgQILpp1z4jvY6k3PWhtLABEeotDZj5mgRY8Hf
0+NTBuifYo7SHs+ElI4nryDbp48q2DZH2PLdh3WgyMlLzTocXTjQcwOTEZGcbb7t
s5u+/cQLzfvg4Z23i7wPGrUrBZvl4YM3YKZfsC3Pl5v9jfwiJm/ay7G7O2NHstdB
inI23H427ELXgPLI8Ffi9u7MQ6zTCd0H/XNxaiWAhG4JmMZyFuNqJQAuZ9+cR9N+
WWPEpfpHhWW9pYdxKWPHJLWKoGTu+6qPqIMnCPn3sY8ACnqH7z5puNu+/uAJ3hBt
PNVh+wKE4R1wNXHKHaHqVqMH/Ut057hEh3EIOwX5e8W/zCojZy8O6PjmaFW7EGdd
BMtyIkp2jgQJMY3ClfP6
=w60N
-END PGP SIGNATURE-

___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig

Re: [Distutils] Name arbitration on PyPI - how about administrative abandonment/replacement meta-data

2016-04-20 Thread Ronny Pfannschmidt 


Am 20.04.2016 um 00:38 schrieb Chris Barker:
> On Tue, Apr 19, 2016 at 9:45 AM, Ronny Pfannschmidt
>  > wrote:
>
> Instead of overtaking,
> how about clearly marking packages as abandoned/maintained clearly
> pointing out the mark was imposed by community action
>
>
> I think that would be a good idea -- and maybe start with just that --
> then we'd learn how big an issue it really was, etc.
>  
>
>  and listing potential/primary replacements
>
>
> that required real work on someone's part -- so not sure when that
> would actually happen.
>  
>
> its important that community imposed abandonment is not simply
> removable
> by doing a minor "noop"-release,
>
>
> why not? I brought tis all up to address truly abandoned projects --
> maybe we want to go some day to the idea of the names being community
> owned, but that's not the way ti is now -- and if someone makes the
> effort to do a noop release, then they have no abandoned the name --
> maybe aren't maintaining it worth a damn, but there you go.

a community action is supposed to be imposed after extended non-reaction,
an next to no effort way to get out of it seems counter such an invsive
move.

its not given lightly, and it shouldn't be easy to weasel out of it.
Actually a noop release is a good indicator that the mark is
well-deserved and should be keept.
Making an effort to remove a mark without making the reason for its
existence go as well is a lie in plain sight.

this reminds me of the whole setuptools/distribute situation.

-- Ronny

> Personally, I think there is no point in anything between the current
> free for all, and a "curated" package repo -- a curated repo would
> support the idea that anything on it had met some minimum standard: no
> malware, some maintenance, some minimum usefulness, etc.
>
> It's kind of a shame that there are so many "toy" packages and
> experiments on PyPi, but in fact, it's worked pretty darn well..
>
> pip could warn on installation/update
>
>
> I think that would be good too
>
> -Chris
>
> -- 
>
> Christopher Barker, Ph.D.
> Oceanographer
>
> Emergency Response Division
> NOAA/NOS/OR(206) 526-6959   voice
> 7600 Sand Point Way NE   (206) 526-6329   fax
> Seattle, WA  98115   (206) 526-6317   main reception
>
> chris.bar...@noaa.gov 

___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig

Re: [Distutils] Parked Names in PyPI under user rodmena

2016-04-20 Thread Richard Jones 
Thanks Steve, it's all good! I have met you, but just the once, and my
memory is terrible :-)

On 20 April 2016 at 22:14, Steve Dower  wrote:

> Thanks for the vouch, we are indeed both current Microsoft employees. I
> stopped using my work email for Python stuff when our server started
> corrupting URLs to add a phishing/malware filter.
>
> Feel free to email the pyt...@microsoft.com address attached to the
> Microsoft user and I'll reply to you.
>
> Cheers,
> Steve
>
> Top-posted from my Windows Phone
> --
> From: Donald Stufft 
> Sent: ‎4/‎19/‎2016 21:52
> To: Richard Jones 
> Cc: disutils-sig ; Christopher Wilcox
> 
> Subject: Re: [Distutils] Parked Names in PyPI under user rodmena
>
> I’m 100% sure Steve is a Microsoft employee and I’m like 95% sure
> Christopher is too :)
>
> On Apr 20, 2016, at 12:24 AM, Richard Jones  wrote:
>
> Just to be clear, are you the user "Microsoft"? You're not posting from a @
> microsoft.com email domain, is all. Or are you just a "concerned
> citizen"? Because in the case of the latter there's really nothing for me
> to do here without a request from someone actually wanting to do something
> with the name.
>
>
>  Richard
>
> On 20 April 2016 at 07:52, Christopher Wilcox  wrote:
>
>> DistUtils-Sig:
>>
>> I was searching warehouse for all Microsoft owned packages today and came
>> across a certain user that seems to have parked on a few different package
>> names that I don’t believe he has any intention of using (@rodmena).
>> https://warehouse.python.org/user/rodmena/
>>
>> Can we get these released to the proper owners? He seems to have done
>> this rather broadly.
>>
>> If possible can the user @Microsoft be marked as the owner of the
>> Microsoft package?
>>
>> Thanks!
>> Chris Wilcox
>>
>> ___
>> Distutils-SIG maillist  -  Distutils-SIG@python.org
>> https://mail.python.org/mailman/listinfo/distutils-sig
>>
>>
> ___
> Distutils-SIG maillist  -  Distutils-SIG@python.org
> https://mail.python.org/mailman/listinfo/distutils-sig
>
>
>
> -
> Donald Stufft
> PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372
> DCFA
>
>
___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig

Re: [Distutils] Parked Names in PyPI under user rodmena

2016-04-20 Thread Steve Dower 
Thanks for the vouch, we are indeed both current Microsoft employees. I stopped 
using my work email for Python stuff when our server started corrupting URLs to 
add a phishing/malware filter.

Feel free to email the pyt...@microsoft.com address attached to the Microsoft 
user and I'll reply to you.

Cheers,
Steve

Top-posted from my Windows Phone

-Original Message-
From: "Donald Stufft" 
Sent: ‎4/‎19/‎2016 21:52
To: "Richard Jones" 
Cc: "disutils-sig" ; "Christopher Wilcox" 

Subject: Re: [Distutils] Parked Names in PyPI under user rodmena

I’m 100% sure Steve is a Microsoft employee and I’m like 95% sure Christopher 
is too :)


On Apr 20, 2016, at 12:24 AM, Richard Jones  wrote:


Just to be clear, are you the user "Microsoft"? You're not posting from a 
@microsoft.com email domain, is all. Or are you just a "concerned citizen"? 
Because in the case of the latter there's really nothing for me to do here 
without a request from someone actually wanting to do something with the name.




 Richard


On 20 April 2016 at 07:52, Christopher Wilcox  wrote:

DistUtils-Sig:

I was searching warehouse for all Microsoft owned packages today and came 
across a certain user that seems to have parked on a few different package 
names that I don’t believe he has any intention of using (@rodmena). 
https://warehouse.python.org/user/rodmena/ 

Can we get these released to the proper owners? He seems to have done this 
rather broadly.
If possible can the user @Microsoft be marked as the owner of the Microsoft 
package? 

Thanks!
Chris Wilcox

___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig




___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig




-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA ___
Distutils-SIG maillist  -  Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig