1500
Comment:
|
29407
placeholders for meeting notes from August and September
|
Deletions are marked like this. | Additions are marked like this. |
Line 1: | Line 1: |
#acl All:read NOTE: This is still a draft and not yet finalized. = Agenda = The purpose of this working group is to support the larger efforts of improving and maintaining the packaging ecosystem in Python through fundraising and disbursement of raised funds. It will largely focus on efforts such as PyPI, pip, packaging.python.org, setuptools, and cross project efforts. = Resources = * Discussion, TBD: Will we want primarily realtime communication (Slack?) or primarily asynchronous (Discourse? Mailing lists?). Will we want this to be private or public to outsiders? * Accounting: We will rely on the PSF's donation and accounting mechanisms to raise funds and disburse them to the selected recipients. = Current Projects = * Support the implementation & deployment of Warehouse (PyPI 2.0) to replace the legacy code base that powers PyPI. = Administration = * Donald Stufft <donald@python.org> (chair?) * Ewa Jodlowska <ewa@python.org> (co-chair?) = Members = * Who? Should we keep this limited? = Meetings = As Needed? Not Needed? = Governance = Decisions on what fundraising and projects/efforts to support will be done by a simple majority and in the case of a tie, will escalate to the PSF Board. TBD: Does this make sense? The other WG's don't seem to have it but the example does. Is there a better option here? If we open this open to lots of members this could become difficult to deal with. |
#acl PackagingWGGroup:read,write,revert, All:read <<TableOfContents()>> = Packaging Working Group = The Packaging Working Group is a volunteer [[https://www.python.org/psf/committees/#packaging-work-group|work group of the Python Software Foundation]]. == Agenda == The purpose of this working group is to support the larger efforts of improving and maintaining the packaging ecosystem in Python through fundraising (including [[https://pyfound.blogspot.com/2020/04/sponsoring-python-packaging.html|a sponsorship program]]) and disbursement of raised funds. It largely focuses on efforts such as PyPI, pip, packaging.python.org, setuptools, and cross-project efforts. == Resources == * Discussion: Slack and mailing list. The archives are set to private since there is voting. * Accounting: We rely on the PSF's [[http://donate.pypi.org/|donation]] and accounting mechanisms to raise funds and disburse them to the selected recipients. * Project ideas: [[https://github.com/psf/fundable-packaging-improvements/|Fundable packaging improvements]] == Governance == Decisions on what fundraising and projects/efforts to support will be done by a simple majority and in the case of a tie, will escalate to the PSF Board. See [[PackagingWG/Charter|the PSF Packaging WG Charter]]. === Administration and Contact === * Donald Stufft <[[mailto:donald@python.org|donald@python.org]]> (chair) * Dustin Ingram <[[mailto:di@python.org|di@python.org]]> (co-chair) * Nicole Harris <[[mailto:n.harris@kabucreative.com|n.harris@kabucreative.com]]> (co-chair) * [[PackagingWG/Charter|PSF Packaging WG Charter]] To contact the Packaging WG, email Ewa Jodlowska. === Members === * Nick Coghlan * Ernest W. Durbin III * Thea Flowers * Sumana Harihareswara * Nathaniel J. Smith * Jannis Leidel (non-voting observer from PSF board) * Ewa Jodlowska (non-voting observer from PSF board) * (others will be added as they accept their invitation to the WG) === Meetings === As needed. == Current Projects == === Fundraising === The Packaging Working Group is seeking [[https://pyfound.blogspot.com/2020/04/sponsoring-python-packaging.html|sponsorships]] and grants to raise funds for [[https://github.com/psf/fundable-packaging-improvements|fundable packaging improvements]]. === Sprints === We run [[PackagingSprints]] at conventions and as standalone events. We're open to companies and organizations hosting sprints and work weeks to help us move packaging forward; get in contact with a Working Group member. === Warehouse: Facebook gift === The Packaging Working Group applied for and is receiving a gift from Facebook to implement & deploy security features for Warehouse (PyPI's codebase). * ''Summary'': Cryptographic signing of artifacts, and malware detection. [[https://pyfound.blogspot.com/2018/12/upcoming-pypi-improvements-for-2019.html|See announcement blog post]], and [[https://github.com/pypa/warehouse/milestone/16|the milestone description on GitHub]]. * ''Schedule'': As of 2 January 2020, the PSF has hired contractors to carry out this work, and has commenced work. * ''Roadmap'': [[WarehouseRoadmap]] * ''Code and discussion'': [[https://github.com/pypa/warehouse/|GitHub repository for Warehouse]], [[https://python.zulipchat.com/#narrow/stream/223926-pep458-implementation/|Zulip livechat]], and [[https://discuss.python.org/c/packaging|Discourse forum]]. * ''Deployment'': [[https://pypi.org/|pypi.org]]. * ''Testing'': To be determined * ''Manager'': Ernest W. Durbin III. * ''Meetings and Updates'': See below. Meetings and status updates: || Meeting/update || Type || Date || || [[PackagingWG/2019-06-20-Warehouse|Scoping Facebook-funded work]] || Meeting notes || June 20th, 2019 || || [[https://pyfound.blogspot.com/2019/08/pypi-security-q4-2019-request-for.html|Announcement of Request for Information]] || Blog post || August 28th, 2019 || || [[https://pyfound.blogspot.com/2019/09/pypi-security-q4-2019-request-for.html|Announcement of Request for Proposals]] || Blog post || September 25th, 2019 || || [[PackagingWG/2019-12-11-Warehouse|Kickoff - 2019 Q4 RFP Milestone 2 - Automated Detection of Malicious Uploads]] || Meeting notes || December 11th, 2019 || || [[https://ssl.engineering.nyu.edu/blog/2020-02-03-transparent-logs|Contrasting Transparent Logs and The Update Framework]] || Blog post || February 3rd, 2020 || || [[https://pyfound.blogspot.com/2020/03/an-update-pypi-funded-work.html|An Update PyPI Funded Work]] || Blog post || March 4th, 2020 || || [[https://www.meetup.com/pacifichackers/events/267932809/|Automatic detection of Malware in PyPi]] ([[https://www.youtube.com/watch?v=28BoQLWKGWw|video]]) || Online talk || March 14th, 2020 || === Dependency resolver and user experience improvements for pip === The Packaging Working Group applied for and is receiving funding to work in 2020 on the design, implementation, and rollout of [[https://github.com/psf/fundable-packaging-improvements/blob/master/FUNDABLES.md#finish-dependency-resolver-for-pip|pip's next-generation dependency resolver]]. The donors funding this work are the [[https://chanzuckerberg.com/eoss/proposals/improving-user-experience-and-debuggability-of-pip-for-all-python-users/|Chan Zuckerberg Initiative]] (USD$200,000) and [[https://www.mozilla.org/en-US/moss/|Mozilla Open Source Support]] (USD$207,000). * ''Summary'': Complete [[https://github.com/psf/fundable-packaging-improvements/blob/master/FUNDABLES.md#finish-dependency-resolver-for-pip|pip's next-generation dependency resolver]], and do [[https://github.com/psf/fundable-packaging-improvements/blob/master/FUNDABLES.md#improve-pip-user-experience|user experience research and design to improve pip's usability and debuggability]] * ''Schedule'': As of 13 January 2020, the PSF has chosen contractors to carry out this work, and has commenced work. In July 2020 the team delivered pip 20.2, which includes a beta of the new resolver, and the team plans to ship the new resolver as default in pip 20.3, in October. The work will end in December 2020. * ''Roadmap'': [[Pip2020DonorFundedRoadmap]] * ''Code and discussion'': [[https://github.com/pypa/pip/|GitHub repository for pip]], [[https://python.zulipchat.com/#narrow/stream/218659-pip-development|Zulip livechat]], and [[https://discuss.python.org/c/packaging|Discourse forum]]. * ''Testing'': To be determined * ''Manager'': Sumana Harihareswara * ''Meetings and Updates'': See below. Meetings and status updates: || Meeting/update || Type || Date || || [[PackagingWG/2020-09-02-pip-teamwidemeeting|Teamwide meeting]] || Meeting notes || September 2nd, 2020 || || [[PackagingWG/2020-08-26-pip-teamwidemeeting|Teamwide meeting]] || Meeting notes || August 26th, 2020 || || [[PackagingWG/2020-08-19-pip-teamwidemeeting|Teamwide meeting]] || Meeting notes || August 19th, 2020 || || [[PackagingWG/2020-08-12-pip-teamwidemeeting|Teamwide meeting]] || Meeting notes || August 12th, 2020 || || [[PackagingWG/2020-08-05-pip-teamwidemeeting|Teamwide meeting]] || Meeting notes || August 5th, 2020 || || [[https://testandcode.com/124|Test & Code 124: pip dependency resolver changes]] || Podcast interview || August 3rd, 2020 || || [[https://blog.python.org/2020/07/upgrade-pip-20-2-changes-20-3.html|Upgrade to pip 20.2, plus, changes coming in 20.3]] || Blog post || July 30th, 2020 || || [[PackagingWG/2020-07-29-pip-teamwidemeeting|Teamwide meeting]] || Meeting notes || July 29th, 2020 || || [[PackagingWG/2020-07-22-pip-teamwidemeeting|Teamwide meeting]] || Meeting notes || July 22nd, 2020 || || [[PackagingWG/2020-07-15-pip-teamwidemeeting|Teamwide meeting]] || Meeting notes || July 15th, 2020 || || [[https://pyfound.blogspot.com/2020/07/pip-team-midyear-report.html|Pip team midyear report]] || Blog post || July 13th, 2020 || || [[PackagingWG/2020-07-08-pip-teamwidemeeting|Teamwide meeting]] || Meeting notes || July 8th, 2020 || || [[PackagingWG/2020-07-01-pip-teamwidemeeting|Teamwide meeting]] || Meeting notes || July 1st, 2020 || || [[PackagingWG/2020-06-24-pip-teamwidemeeting|Teamwide meeting]] || Meeting notes || June 24th, 2020 || || [[PackagingWG/2020-06-17-pip-teamwidemeeting|Teamwide meeting]] || Meeting notes || June 17th, 2020 || || [[PackagingWG/2020-06-10-pip-teamwidemeeting|Teamwide meeting]] || Meeting notes || June 10th, 2020 || || [[PackagingWG/2020-06-03-pip|Developer team syncup, and teamwide meeting]] || Meeting notes || June 3rd, 2020 || || [[PackagingWG/2020-05-27-pip|Developer team syncup, and teamwide meeting]] || Meeting notes || May 27th, 2020 || || [[https://www.pythonpodcast.com/pip-resolver-dependency-management-episode-264/|Podcast.__init__ episode "Dependency Management Improvements In Pip's Resolver - Episode 264"]] || Podcast interview || May 25th, 2020 || || [[PackagingWG/2020-05-20-pip-teamwidemeeting|Teamwide meeting]] || Meeting notes || May 20th, 2020 || || [[PackagingWG/2020-05-20-pip|Developer team meeting]] || Meeting notes || May 20th, 2020 || || [[PackagingWG/2020-05-18-pip|UX-dev collaboration discussion]] || Meeting notes || May 18th, 2020 || || [[PackagingWG/2020-05-14-pip|Teamwide syncup]] || Meeting notes || May 14th, 2020 || || [[PackagingWG/2020-05-13-pip|Nicole-Pradyun discussion]] || Meeting notes || May 13th, 2020 || || [[PackagingWG/2020-05-11-pip|Developer team syncup]] || Meeting notes || May 11th, 2020 || || [[PackagingWG/2020-05-07-pip|Teamwide syncup]] || Meeting notes || May 7th, 2020 || || [[PackagingWG/2020-05-05-pip|Developer team syncup, and pip UX/resolver collaboration notes]] || Meeting notes || May 5th-7th, 2020 || || [[https://blog.python.org/2020/04/pip-20-1-released.html|Pip 20.1 has been released]] || Blog post || April 30th, 2020 || || [[PackagingWG/2020-04-30-pip|Teamwide syncup]] || Meeting notes || April 30th, 2020 || || [[PackagingWG/2020-04-29-pip|Tzu-Ping and Pradyun discussion]] || Meeting notes || April 29th, 2020 || || [[PackagingWG/2020-04-28-pip|Developer team syncup]] || Meeting notes || April 28th, 2020 || || [[PackagingWG/2020-04-23-pip|Resolver planning team syncup]] || Meeting notes || April 23rd, 2020 || || [[PackagingWG/2020-04-22-pip|Developer team syncup]] || Meeting notes || April 22nd, 2020 || || [[https://discuss.python.org/t/an-update-on-pip-and-dependency-resolution/1898/4|An update on pip and dependency resolution]] || Forum post || April 20th, 2020 || || [[PackagingWG/2020-04-16-pip|Resolver planning discussion and team syncup]] || Meeting notes || April 16th, 2020 || || [[PackagingWG/2020-04-14-pip|Resolver planning discussion]] || Meeting notes || April 14th, 2020 || || [[PackagingWG/2020-04-09-pip|Weekly team syncup]] || Meeting notes || April 9th, 2020 || || [[PackagingWG/2020-04-08-pip|Resolver planning discussion]] || Meeting notes || April 8th, 2020 || || [[PackagingWG/2020-04-04-pip|Test-writing planning meeting]] || Meeting notes || April 4th, 2020 || || [[PackagingWG/2020-04-02-pip|Resolver planning discussion and team syncup]] || Meeting notes || April 2nd, 2020 || || [[PackagingWG/2020-03-28-pip|Test-writing planning meeting]] || Meeting notes || March 28th, 2020 || || [[PackagingWG/2020-03-27-pip|Test planning meeting]] || Meeting notes || March 27th, 2020 || || [[PackagingWG/2020-03-26-pip|Resolver planning discussion and team syncup]] || Meeting notes || March 26th, 2020 || || [[https://pyfound.blogspot.com/2020/03/new-pip-resolver-to-roll-out-this-year.html|New pip resolver to roll out this year]] || Blog post || March 23rd, 2020 || || [[PackagingWG/2020-03-19-pip|Resolver planning discussion and team syncup]] || Meeting notes || March 19th, 2020 || || [[PackagingWG/2020-03-17-pip|Resolver planning discussion]] || Meeting notes || March 17th, 2020 || || [[PackagingWG/2020-03-12-pip|Resolver planning discussion and team syncup]] || Meeting notes || March 12th, 2020 || || [[PackagingWG/2020-03-10-pip|Resolver planning discussion]] || Meeting notes || March 10th, 2020 || || [[http://www.ei8fdb.org/thoughts/2020/03/pip-ux-study-recruitment/|Sign-up for the pip UX Studies!]] || Blog post || March 5th, 2020 || || [[PackagingWG/2020-03-05-pip|Resolver planning discussion and weekly team syncup]] || Meeting notes || March 5th, 2020 || || [[PackagingWG/2020-03-03-pip|Resolver planning discussion]] || Meeting notes || March 3rd, 2020 || || [[PackagingWG/2020-02-27-pip|Weekly team syncup]] || Meeting notes || February 27th, 2020 || || [[PackagingWG/2020-02-20-pip|Weekly team syncup]] || Meeting notes || February 20th, 2020 || || [[PackagingWG/2020-02-19-pip|PyCon UX research planning discussion]] || Meeting notes || February 19th, 2020 || || [[PackagingWG/2020-02-17-pip|Resolver planning discussion]] || Meeting notes || February 17th, 2020 || || [[PackagingWG/2020-02-13-pip|Weekly team syncup]] || Meeting notes || February 13th, 2020 || || [[PackagingWG/2020-02-07-pip-explanation|Explanation of pip's moving parts]] || Meeting notes || February 7th, 2020 || || [[PackagingWG/2020-02-06-pip|Weekly team syncup]] || Meeting notes || February 6th, 2020 || || [[PackagingWG/2020-01-29-pip|Planning UX research work]] || Meeting notes || January 29th, 2020 || || [[PackagingWG/2020-01-23-pip|Planning test infrastructure work]] || Meeting notes || January 23rd, 2020 || || [[PackagingWG/2020-01-08-pip|Beginning to plan resolver work]] || Meeting notes || January 8th, 2020 || || [[https://pyfound.blogspot.com/2019/12/moss-czi-support-pip.html|Mozilla and Chan Zuckerberg Initiative to support pip]] || Blog post || December 4th, 2019 || || [[https://pyfound.blogspot.com/2019/11/seeking-developers-for-paid-contract.html|Seeking Developers for Paid Contract Improving pip]] || Blog post || November 11th, 2019 || == Past projects == === Warehouse: OTF grant === The Packaging Working Group applied for and [[https://www.opentech.fund/results/supported-projects/pypi-improvements/|received a performance-based contract (like a grant) from the Open Technology Fund]] to implement & deploy security, localization, and accessibility improvements for Warehouse (PyPI's codebase). * ''Summary'': [[http://pyfound.blogspot.com/2019/03/commencing-security-accessibility-and.html|See March 13 2019 blog post]]. * ''Roadmap'': [[https://warehouse.readthedocs.io/roadmap/|On Read the Docs.]] * ''Schedule'': Several contractors worked, paid by PSF using the OTF funds, from March 2019 till October 2019. As of 8 October 2019, OTF-funded contractors [[http://pyfound.blogspot.com/2019/03/commencing-security-accessibility-and.html|have finished security improvements, accessibility and internationalization/localization improvements to Warehouse]], and volunteers are working on Milestone 6, "Post Legacy Shutdown". * ''Code'': [[https://github.com/pypa/warehouse/|GitHub repository]]. * ''Deployment'': [[https://pypi.org/|pypi.org]]. * ''Testing'': [[WarehousePackageMaintainerTesting]] * ''Manager'': Sumana Harihareswara * ''Meetings and Updates'': See below. Meetings and status updates from the OTF grant-funded project: || Meeting/update || Type || Date || || [[https://pyfound.blogspot.com/2020/01/start-using-2fa-and-api-tokens-on-pypi.html|Start using 2FA and API Tokens on PyPI]] || Blog post || January 17th, 2020 || || [[https://discuss.python.org/t/pypi-security-work-multifactor-auth-progress-help-needed/1042/49|API tokens and all 2FA methods are out of beta]] || Forum post || January 17th, 2020 || || [[https://discuss.python.org/t/pypi-localization-accessibility-progress/2284/4|Concluding report on localisation and accessibility work]] || Forum post || October 8th, 2019 || || [[https://discuss.python.org/t/pypi-localization-accessibility-progress/2284|Early Sept. update on accessibility & localisation work]] || Forum post || September 8th, 2019 || || [[https://discuss.python.org/t/pypi-security-work-multifactor-auth-progress-help-needed/1042/47|Early September update on security work]] || Forum post || September 8th, 2019 || || [[https://twit.tv/shows/floss-weekly/episodes/545?autostart=false|FLOSS Weekly 545, PyPI Security]] || Podcast interview || September 4th, 2019 || || [[PackagingWG/2019-08-29-Warehouse|Prioritizing and estimating security, l10n and a11y work]] || Meeting notes || August 29th, 2019 || || [[https://www.pythonpodcast.com/pypi-improvements-episode-225/|Podcast.__init__ Episode 225: Security, UX, and Sustainability For The Python Package Index]] || Podcast interview || August 19th, 2019 || || [[https://blog.python.org/2019/08/inspect-pypi-event-logs-audit-security.html|Inspect PyPI event logs to audit your account's and project's security]] || Blog post || August 15th, 2019 || || [[https://discuss.python.org/t/pypi-security-work-multifactor-auth-progress-help-needed/1042/43|Early Aug. update on 2FA, API keys, audit log, & a11y work]] || Forum post || August 6th, 2019 || || [[PackagingWG/2019-08-02-Warehouse|Prioritizing API token and 2FA issues]] || Meeting notes || August 2nd, 2019 || || [[PackagingWG/2019-07-31-Warehouse|Audit log design planning]] || Meeting notes || July 31st, 2019 || || [[https://blog.python.org/2019/07/pypi-now-supports-uploading-via-api.html|PyPI now supports uploading via API token]] || Blog post || July 31st, 2019 || || [[https://discuss.python.org/t/pypi-security-work-multifactor-auth-progress-help-needed/1042/31|preliminary announcement of API token beta]] || Forum post || July 25th, 2019 || || [[https://discuss.python.org/t/pypi-security-work-multifactor-auth-progress-help-needed/1042/29|Mid-July update on 2FA, API keys, and a11y work]] || Forum post || July 17th, 2019 || || [[https://discuss.python.org/t/pypi-security-work-multifactor-auth-progress-help-needed/1042/27|Early July update on 2FA, API keys, and a11y work]] || Forum post || July 3rd, 2019 || || [[PackagingWG/2019-06-24-Warehouse|API key design planning]] || Meeting notes || June 24th, 2019 || || [[https://pyfound.blogspot.com/2019/06/pypi-now-supports-two-factor-login-via.html|PyPI Now Supports Two-Factor Login via WebAuthn]] || Blog post || June 18th, 2019 || || [[https://discuss.python.org/t/pypi-security-work-multifactor-auth-progress-help-needed/1042/23|Early June update on WebAuthn and accessibility work]] || Forum post || June 8th, 2019 || || [[PackagingWG/2019-06-07-Warehouse|Initial a11y and i18n planning]] || Meeting notes || June 7th, 2019 || || [[https://pyfound.blogspot.com/2019/05/use-two-factor-auth-to-improve-your.html|Use two-factor auth to improve your PyPI account's security]] || Blog post || May 30th, 2019 || || [[https://discuss.python.org/t/pypi-security-work-multifactor-auth-progress-help-needed/1042/17|Late May update on TOTP and WebAuthN work]] || Forum post || May 22nd, 2019 || || [[https://mail.python.org/archives/list/distutils-sig@python.org/thread/JMOBWXWYC2EFYB5JBFMXWBEGD4EAD3CC/|PyPI two-factor auth (2FA) trial May 3-20]] || Mailing list post || May 2nd, 2019 || || [[https://discuss.python.org/t/pypi-two-factor-auth-2fa-trial-may-3-20/1590|(cross-post) PyPI two-factor auth (2FA) trial May 3-20]] || Forum post || May 2nd, 2019 || || [[https://discuss.python.org/t/pypi-security-work-multifactor-auth-progress-help-needed/1042/10?|Early April update on work and request for advice]] || Forum post || April 3rd, 2019 || || [[https://discuss.python.org/t/pypi-security-work-multifactor-auth-progress-help-needed/1042|PyPI security work: multifactor auth progress & help needed]] || Forum post || March 22nd, 2019 || || [[PackagingWG/2019-03-22-Warehouse|Prioritizing extant security issues]] || Meeting notes || March 22nd, 2019 || || [[http://pyfound.blogspot.com/2019/03/commencing-security-accessibility-and.html|Commencing security, a11y, & i18n improvements to PyPI for 2019]] || Blog post || March 13th, 2019 || || [[PackagingWG/2019-03-11-Warehouse|Kickoff planning meeting with grant-funded team]] || Meeting notes || March 11th, 2019 || || [[https://pyfound.blogspot.com/2018/12/upcoming-pypi-improvements-for-2019.html|Upcoming PyPI Improvements for 2019]] || Blog post || December 20th, 2018 || || [[https://pyfound.blogspot.com/2018/12/pypi-security-and-accessibility-q1-2019.html|PyPI Security and Accessibility Q1 2019 Request for Proposals Update]] || Blog post || December 19th, 2018 || || [[https://pyfound.blogspot.com/2018/11/pypi-security-and-accessibility-q1-2019.html|PyPI Security and Accessibility Q1 2019 Request for Proposals period opens]] || Blog post || November 19th, 2018 || || [[https://pyfound.blogspot.com/2018/10/pypi-security-and-accessibility-q1-2019.html|PyPI Security and Accessibility Q1 2019 Request for Information period opens]] || Blog post || October 30th, 2018 || === Warehouse rollout === The Packaging Working Group supported the implementation & deployment of Warehouse (PyPI 2.0) to replace the legacy code base that powered [[https://github.com/pypa/pypi-legacy|legacy PyPI]]. [[https://pyfound.blogspot.com/2016/01/welcome-to-warehouse.html|Announced on PSF blog in January 2016]]; see its history in [[https://lwn.net/Articles/751458/|this April 2018 LWN article]]. * ''Summary'': [[https://pyfound.blogspot.com/2017/11/the-psf-awarded-moss-grant-pypi.html|PSF blog post about the MOSS grant]]. * ''Roadmap'': [[WarehouseRoadmap]]. As of 30 April 2018, the Warehouse team has shut down the legacy PyPI installation, and -- on a volunteer basis -- is working on Milestone 6, "Post Legacy Shutdown". * ''Code'': [[https://github.com/pypa/warehouse/|GitHub repository]]. * ''Deployment'': [[https://pypi.org/|pypi.org]]. * ''Testing'': See [[https://pyfound.blogspot.com/2018/03/warehouse-all-new-pypi-is-now-in-beta.html#test|the PSF blog post about testing for the beta]]. (Previously: [[WarehousePackageMaintainerTesting]], [[https://pyfound.blogspot.com/2018/02/python-package-maintainers-help-test.html|PSF blog post about testing package maintainer functionality]].) * ''Manager'': Sumana Harihareswara * ''Meetings and Updates'': See below. Meetings and status updates from the MOSS-funded project: || Meeting/update || Type || Date || || [[https://pyfound.blogspot.com/2017/11/the-psf-awarded-moss-grant-pypi.html|PSF announcement of $170,000 MOSS award to improve sustainability of PyPI]] || Blog post || November 27, 2017 || || [[PackagingWG/2017-12-04-Warehouse|Kickoff meeting]] || Meeting notes || Monday, Dec. 4, 2017 || || [[https://mail.python.org/pipermail/distutils-sig/2017-December/031803.html|Kickoff/milestone update]] || Mailing list post || Thursday, Dec. 7, 2017 || || Developer experience audit walkthrough || in-person meeting || Tuesday, December 12, 2017 || || [[PackagingWG/2017-12-19-Warehouse|Maintainer MVP milestone bug triage]] || Meeting notes || Tuesday, Dec. 19, 2017 || || [[PackagingWG/2018-01-10-Warehouse|Maintainer MVP milestone schedule discussion]] || Meeting notes || January 10, 2018 || || [[https://groups.google.com/forum/#!topic/pypa-dev/u-RSxosXQh4|Mid-January progress]] || Mailing list post || Jan. 15, 2018 || || [[https://groups.google.com/forum/#!topic/pypa-dev/f7VZ_gh5Je0|Role management and welcoming first-time contributors]] || Mailing list post || Jan. 23, 2018 || || [[PackagingWG/2018-01-29-Warehouse|Standup, bug triage, and milestone schedule discussion]] || Meeting notes || January 29, 2018 || || [[https://groups.google.com/forum/#!topic/pypa-dev/es_-fC-sdpk|Late January progress]] || Mailing list post || Jan. 30, 2018 || || [[PackagingWG/2018-02-05-Warehouse|Standup, bug triage, milestone schedule discussion]] || Meeting notes || February 5, 2018 || || [[https://groups.google.com/forum/#!topic/pypa-dev/OuFoQqo8ajA|Warehouse update: still on track, new features]] || Mailing list post || Feb. 6, 2018 || || [[PackagingWG/2018-02-12-Warehouse|Standup/bug triage/milestone schedule update meeting]] || Meeting notes || Feb. 12th, 2018 || || [[https://groups.google.com/forum/#!topic/pypa-dev/xQb5RvDb5rc|Warehouse: package manager features & question about advertising]] || Mailing list post || Feb. 13, 2018 || || [[PackagingWG/2018-02-20-Warehouse|Standup, bug triage, & milestone schedule update meeting]] || Meeting notes || Feb. 20th, 2018 || || [[https://mail.python.org/pipermail/distutils-sig/2018-February/032013.html|Warehouse: essential maintainer features & next steps]] || Mailing list post || Feb. 21st, 2018 || || [[PackagingWG/2018-02-26-Warehouse|Standup, bug triage, and milestone schedule update meeting]] || Meeting notes || Feb. 26th, 2018 || || [[https://pyfound.blogspot.com/2018/02/python-package-maintainers-help-test.html|Python package maintainers, help test the new PyPI!]] || Blog post || Feb. 26th, 2018 || || [[https://mail.python.org/pipermail/distutils-sig/2018-February/032020.html|Warehouse update: a week of testing, polish, & infrastructure]] || Mailing list post || Feb. 27th, 2018 || || [[PackagingWG/2018-03-06-Warehouse|Planning meeting]] || Meeting notes || March 6th, 2018 || || [[https://groups.google.com/forum/#!topic/pypa-dev/L9sF30_Yr2A|PyPI & Warehouse update: redirecting & shutting down legacy by end of April]] || Mailing list post || March 7th, 2018 || || [[PackagingWG/2018-03-12-Warehouse|Core Warehouse developers' planning meeting]] || Meeting notes || March 12th, 2018 || || [[https://mail.python.org/pipermail/distutils-sig/2018-March/032043.html|new stuff overview, beta next week, user tests, & other Warehouse updates]] || Mailing list post || March 14th, 2018 || || [[PackagingWG/2018-03-19-Warehouse|Planning meeting with core Warehouse developers]] || Meeting notes || March 19th, 2018 || || [[https://mail.python.org/pipermail/distutils-sig/2018-March/032065.html|PyPI/Warehouse: infrastructure hardening & the CAPTCHA conundrum]] || Mailing list post || March 20th, 2018 || || [[PackagingWG/2018-03-26-Warehouse|Weekly planning meeting with core Warehouse developers]] || Meeting notes || March 20th, 2018 || || [[https://pyfound.blogspot.com/2018/03/warehouse-all-new-pypi-is-now-in-beta.html|Warehouse: All New PyPI is now in beta]] || Blog post || March 26th, 2018 || || [[https://blog.python.org/2018/03/the-all-new-python-package-index-is-now.html|The all new Python Package Index is now in beta at pypi.org]] || Blog post || March 26th, 2018 || || [[https://mail.python.org/pipermail/distutils-sig/2018-March/032100.html|beta, pythonhosted docs, PEP 541]] || Mailing list post || March 28th, 2018 || || [[PackagingWG/2018-04-02-Warehouse|Early April planning meeting with core Warehouse developers]] || Meeting notes || April 2nd, 2018 || || [[https://mail.python.org/pipermail/distutils-sig/2018-April/032120.html|PyPI/Warehouse update: new advice & launch, shutdown dates]] || Mailing list post || April 3rd, 2018 || || [[PackagingWG/2018-04-10-Warehouse|Mid-April planning meeting with core Warehouse developers]] || Meeting notes || April 10th, 2018 || || [[https://mail.python.org/pipermail/distutils-sig/2018-April/032143.html|PyPI/Warehouse (short) weekly report: Progress towards launch milestone]] || Mailing list post || April 10th, 2018 || || [[https://mail.python.org/pipermail/distutils-sig/2018-April/032154.html|Summary of PyPI overhaul in new LWN article]] || Mailing list post || April 11th, 2018 || || [[https://status.python.org/incidents/mgjw1g5yjy5j|Next Generation PyPI rollout incident report]] || Statuspage report || April 16th, 2018 || || [[https://blog.python.org/2018/04/new-pypi-launched-legacy-pypi-shutting.html|New PyPI launched, legacy PyPI shutting down April 30]] || Blog post || April 16th, 2018 || || [[PackagingWG/2018-04-17-Warehouse|Post-launch planning with core Warehouse developers]] || Meeting notes || April 17th, 2018 || || [[https://groups.google.com/forum/#!topic/pypa-dev/MBa5300VlI8|Warehouse/PyPI update: launch, project wrapup approaching]] || Mailing list post || April 18th, 2018 || || [[PackagingWG/2018-04-23-Warehouse|Pre-legacy-shutdown planning with core Warehouse developers]] || Meeting notes || April 23rd, 2018 || || [[https://groups.google.com/forum/#!topic/pypa-dev/zzaTiAoQrA0|PyPI update: legacy shutdown 30 April, new classifiers page, seeking funding]] || Mailing list post || April 24th, 2018 || || [[https://talkpython.fm/episodes/show/159/inside-the-new-pypi-launch|Talk Python Episode #159: Inside the new PyPI launch]] || Podcast interview || April 27, 2018 || || [[https://status.python.org/incidents/ptvp1wnn0jmq|Python legacy sunsetting]] || Statuspage report || April 30th, 2018 || || [[https://mail.python.org/mm3/archives/list/distutils-sig@python.org/thread/YREMU56QKRMTTFBFVFJ2B4EHOEKOJZFJ/|legacy.pypi.org shutdown notice]] || Mailing list post || April 30th, 2018 || || [[PackagingWG/2018-04-30-Warehouse|End-of-project conference call]] || Meeting notes || April 30th, 2018 || || [[https://mail.python.org/mm3/archives/list/distutils-sig@python.org/message/EUCKR3LP6WSH3ZY3YHIXDHYHF6R3HFJE/|Final weekly report: legacy is shut down]] || Mailing list post || May 1, 2018 || || [[https://twit.tv/shows/floss-weekly/episodes/482?autostart=false|FLOSS Weekly #482, PyPI]] || Podcast interview || May 2, 2018 || |
Contents
Packaging Working Group
The Packaging Working Group is a volunteer work group of the Python Software Foundation.
Agenda
The purpose of this working group is to support the larger efforts of improving and maintaining the packaging ecosystem in Python through fundraising (including a sponsorship program) and disbursement of raised funds. It largely focuses on efforts such as PyPI, pip, packaging.python.org, setuptools, and cross-project efforts.
Resources
- Discussion: Slack and mailing list. The archives are set to private since there is voting.
Accounting: We rely on the PSF's donation and accounting mechanisms to raise funds and disburse them to the selected recipients.
Project ideas: Fundable packaging improvements
Governance
Decisions on what fundraising and projects/efforts to support will be done by a simple majority and in the case of a tie, will escalate to the PSF Board. See the PSF Packaging WG Charter.
Administration and Contact
Donald Stufft <donald@python.org> (chair)
Dustin Ingram <di@python.org> (co-chair)
Nicole Harris <n.harris@kabucreative.com> (co-chair)
To contact the Packaging WG, email Ewa Jodlowska.
Members
- Nick Coghlan
- Ernest W. Durbin III
- Thea Flowers
- Sumana Harihareswara
- Nathaniel J. Smith
- Jannis Leidel (non-voting observer from PSF board)
- Ewa Jodlowska (non-voting observer from PSF board)
- (others will be added as they accept their invitation to the WG)
Meetings
As needed.
Current Projects
Fundraising
The Packaging Working Group is seeking sponsorships and grants to raise funds for fundable packaging improvements.
Sprints
We run PackagingSprints at conventions and as standalone events. We're open to companies and organizations hosting sprints and work weeks to help us move packaging forward; get in contact with a Working Group member.
Warehouse: Facebook gift
The Packaging Working Group applied for and is receiving a gift from Facebook to implement & deploy security features for Warehouse (PyPI's codebase).
Summary: Cryptographic signing of artifacts, and malware detection. See announcement blog post, and the milestone description on GitHub.
Schedule: As of 2 January 2020, the PSF has hired contractors to carry out this work, and has commenced work.
Roadmap: WarehouseRoadmap
Code and discussion: GitHub repository for Warehouse, Zulip livechat, and Discourse forum.
Deployment: pypi.org.
Testing: To be determined
Manager: Ernest W. Durbin III.
Meetings and Updates: See below.
Meetings and status updates:
Meeting/update |
Type |
Date |
Meeting notes |
June 20th, 2019 |
|
Blog post |
August 28th, 2019 |
|
Blog post |
September 25th, 2019 |
|
Kickoff - 2019 Q4 RFP Milestone 2 - Automated Detection of Malicious Uploads |
Meeting notes |
December 11th, 2019 |
Blog post |
February 3rd, 2020 |
|
Blog post |
March 4th, 2020 |
|
Online talk |
March 14th, 2020 |
Dependency resolver and user experience improvements for pip
The Packaging Working Group applied for and is receiving funding to work in 2020 on the design, implementation, and rollout of pip's next-generation dependency resolver. The donors funding this work are the Chan Zuckerberg Initiative (USD$200,000) and Mozilla Open Source Support (USD$207,000).
Summary: Complete pip's next-generation dependency resolver, and do user experience research and design to improve pip's usability and debuggability
Schedule: As of 13 January 2020, the PSF has chosen contractors to carry out this work, and has commenced work. In July 2020 the team delivered pip 20.2, which includes a beta of the new resolver, and the team plans to ship the new resolver as default in pip 20.3, in October. The work will end in December 2020.
Roadmap: Pip2020DonorFundedRoadmap
Code and discussion: GitHub repository for pip, Zulip livechat, and Discourse forum.
Testing: To be determined
Manager: Sumana Harihareswara
Meetings and Updates: See below.
Meetings and status updates:
Meeting/update |
Type |
Date |
Meeting notes |
September 2nd, 2020 |
|
Meeting notes |
August 26th, 2020 |
|
Meeting notes |
August 19th, 2020 |
|
Meeting notes |
August 12th, 2020 |
|
Meeting notes |
August 5th, 2020 |
|
Podcast interview |
August 3rd, 2020 |
|
Blog post |
July 30th, 2020 |
|
Meeting notes |
July 29th, 2020 |
|
Meeting notes |
July 22nd, 2020 |
|
Meeting notes |
July 15th, 2020 |
|
Blog post |
July 13th, 2020 |
|
Meeting notes |
July 8th, 2020 |
|
Meeting notes |
July 1st, 2020 |
|
Meeting notes |
June 24th, 2020 |
|
Meeting notes |
June 17th, 2020 |
|
Meeting notes |
June 10th, 2020 |
|
Meeting notes |
June 3rd, 2020 |
|
Meeting notes |
May 27th, 2020 |
|
Podcast.__init__ episode "Dependency Management Improvements In Pip's Resolver - Episode 264" |
Podcast interview |
May 25th, 2020 |
Meeting notes |
May 20th, 2020 |
|
Meeting notes |
May 20th, 2020 |
|
Meeting notes |
May 18th, 2020 |
|
Meeting notes |
May 14th, 2020 |
|
Meeting notes |
May 13th, 2020 |
|
Meeting notes |
May 11th, 2020 |
|
Meeting notes |
May 7th, 2020 |
|
Developer team syncup, and pip UX/resolver collaboration notes |
Meeting notes |
May 5th-7th, 2020 |
Blog post |
April 30th, 2020 |
|
Meeting notes |
April 30th, 2020 |
|
Meeting notes |
April 29th, 2020 |
|
Meeting notes |
April 28th, 2020 |
|
Meeting notes |
April 23rd, 2020 |
|
Meeting notes |
April 22nd, 2020 |
|
Forum post |
April 20th, 2020 |
|
Meeting notes |
April 16th, 2020 |
|
Meeting notes |
April 14th, 2020 |
|
Meeting notes |
April 9th, 2020 |
|
Meeting notes |
April 8th, 2020 |
|
Meeting notes |
April 4th, 2020 |
|
Meeting notes |
April 2nd, 2020 |
|
Meeting notes |
March 28th, 2020 |
|
Meeting notes |
March 27th, 2020 |
|
Meeting notes |
March 26th, 2020 |
|
Blog post |
March 23rd, 2020 |
|
Meeting notes |
March 19th, 2020 |
|
Meeting notes |
March 17th, 2020 |
|
Meeting notes |
March 12th, 2020 |
|
Meeting notes |
March 10th, 2020 |
|
Blog post |
March 5th, 2020 |
|
Meeting notes |
March 5th, 2020 |
|
Meeting notes |
March 3rd, 2020 |
|
Meeting notes |
February 27th, 2020 |
|
Meeting notes |
February 20th, 2020 |
|
Meeting notes |
February 19th, 2020 |
|
Meeting notes |
February 17th, 2020 |
|
Meeting notes |
February 13th, 2020 |
|
Meeting notes |
February 7th, 2020 |
|
Meeting notes |
February 6th, 2020 |
|
Meeting notes |
January 29th, 2020 |
|
Meeting notes |
January 23rd, 2020 |
|
Meeting notes |
January 8th, 2020 |
|
Blog post |
December 4th, 2019 |
|
Blog post |
November 11th, 2019 |
Past projects
Warehouse: OTF grant
The Packaging Working Group applied for and received a performance-based contract (like a grant) from the Open Technology Fund to implement & deploy security, localization, and accessibility improvements for Warehouse (PyPI's codebase).
Summary: See March 13 2019 blog post.
Roadmap: On Read the Docs.
Schedule: Several contractors worked, paid by PSF using the OTF funds, from March 2019 till October 2019. As of 8 October 2019, OTF-funded contractors have finished security improvements, accessibility and internationalization/localization improvements to Warehouse, and volunteers are working on Milestone 6, "Post Legacy Shutdown".
Code: GitHub repository.
Deployment: pypi.org.
Testing: WarehousePackageMaintainerTesting
Manager: Sumana Harihareswara
Meetings and Updates: See below.
Meetings and status updates from the OTF grant-funded project:
Meeting/update |
Type |
Date |
Blog post |
January 17th, 2020 |
|
Forum post |
January 17th, 2020 |
|
Forum post |
October 8th, 2019 |
|
Forum post |
September 8th, 2019 |
|
Forum post |
September 8th, 2019 |
|
Podcast interview |
September 4th, 2019 |
|
Meeting notes |
August 29th, 2019 |
|
Podcast.__init__ Episode 225: Security, UX, and Sustainability For The Python Package Index |
Podcast interview |
August 19th, 2019 |
Inspect PyPI event logs to audit your account's and project's security |
Blog post |
August 15th, 2019 |
Early Aug. update on 2FA, API keys, audit log, & a11y work |
Forum post |
August 6th, 2019 |
Meeting notes |
August 2nd, 2019 |
|
Meeting notes |
July 31st, 2019 |
|
Blog post |
July 31st, 2019 |
|
Forum post |
July 25th, 2019 |
|
Forum post |
July 17th, 2019 |
|
Forum post |
July 3rd, 2019 |
|
Meeting notes |
June 24th, 2019 |
|
Blog post |
June 18th, 2019 |
|
Forum post |
June 8th, 2019 |
|
Meeting notes |
June 7th, 2019 |
|
Blog post |
May 30th, 2019 |
|
Forum post |
May 22nd, 2019 |
|
Mailing list post |
May 2nd, 2019 |
|
Forum post |
May 2nd, 2019 |
|
Forum post |
April 3rd, 2019 |
|
PyPI security work: multifactor auth progress & help needed |
Forum post |
March 22nd, 2019 |
Meeting notes |
March 22nd, 2019 |
|
Commencing security, a11y, & i18n improvements to PyPI for 2019 |
Blog post |
March 13th, 2019 |
Meeting notes |
March 11th, 2019 |
|
Blog post |
December 20th, 2018 |
|
PyPI Security and Accessibility Q1 2019 Request for Proposals Update |
Blog post |
December 19th, 2018 |
PyPI Security and Accessibility Q1 2019 Request for Proposals period opens |
Blog post |
November 19th, 2018 |
PyPI Security and Accessibility Q1 2019 Request for Information period opens |
Blog post |
October 30th, 2018 |
Warehouse rollout
The Packaging Working Group supported the implementation & deployment of Warehouse (PyPI 2.0) to replace the legacy code base that powered legacy PyPI. Announced on PSF blog in January 2016; see its history in this April 2018 LWN article.
Summary: PSF blog post about the MOSS grant.
Roadmap: WarehouseRoadmap. As of 30 April 2018, the Warehouse team has shut down the legacy PyPI installation, and -- on a volunteer basis -- is working on Milestone 6, "Post Legacy Shutdown".
Code: GitHub repository.
Deployment: pypi.org.
Testing: See the PSF blog post about testing for the beta. (Previously: WarehousePackageMaintainerTesting, PSF blog post about testing package maintainer functionality.)
Manager: Sumana Harihareswara
Meetings and Updates: See below.
Meetings and status updates from the MOSS-funded project:
Meeting/update |
Type |
Date |
PSF announcement of $170,000 MOSS award to improve sustainability of PyPI |
Blog post |
November 27, 2017 |
Meeting notes |
Monday, Dec. 4, 2017 |
|
Mailing list post |
Thursday, Dec. 7, 2017 |
|
Developer experience audit walkthrough |
in-person meeting |
Tuesday, December 12, 2017 |
Meeting notes |
Tuesday, Dec. 19, 2017 |
|
Meeting notes |
January 10, 2018 |
|
Mailing list post |
Jan. 15, 2018 |
|
Mailing list post |
Jan. 23, 2018 |
|
Meeting notes |
January 29, 2018 |
|
Mailing list post |
Jan. 30, 2018 |
|
Meeting notes |
February 5, 2018 |
|
Mailing list post |
Feb. 6, 2018 |
|
Meeting notes |
Feb. 12th, 2018 |
|
Warehouse: package manager features & question about advertising |
Mailing list post |
Feb. 13, 2018 |
Standup, bug triage, & milestone schedule update meeting |
Meeting notes |
Feb. 20th, 2018 |
Mailing list post |
Feb. 21st, 2018 |
|
Meeting notes |
Feb. 26th, 2018 |
|
Blog post |
Feb. 26th, 2018 |
|
Warehouse update: a week of testing, polish, & infrastructure |
Mailing list post |
Feb. 27th, 2018 |
Meeting notes |
March 6th, 2018 |
|
PyPI & Warehouse update: redirecting & shutting down legacy by end of April |
Mailing list post |
March 7th, 2018 |
Meeting notes |
March 12th, 2018 |
|
new stuff overview, beta next week, user tests, & other Warehouse updates |
Mailing list post |
March 14th, 2018 |
Meeting notes |
March 19th, 2018 |
|
PyPI/Warehouse: infrastructure hardening & the CAPTCHA conundrum |
Mailing list post |
March 20th, 2018 |
Meeting notes |
March 20th, 2018 |
|
Blog post |
March 26th, 2018 |
|
Blog post |
March 26th, 2018 |
|
Mailing list post |
March 28th, 2018 |
|
Meeting notes |
April 2nd, 2018 |
|
PyPI/Warehouse update: new advice & launch, shutdown dates |
Mailing list post |
April 3rd, 2018 |
Meeting notes |
April 10th, 2018 |
|
PyPI/Warehouse (short) weekly report: Progress towards launch milestone |
Mailing list post |
April 10th, 2018 |
Mailing list post |
April 11th, 2018 |
|
Statuspage report |
April 16th, 2018 |
|
Blog post |
April 16th, 2018 |
|
Meeting notes |
April 17th, 2018 |
|
Mailing list post |
April 18th, 2018 |
|
Meeting notes |
April 23rd, 2018 |
|
PyPI update: legacy shutdown 30 April, new classifiers page, seeking funding |
Mailing list post |
April 24th, 2018 |
Podcast interview |
April 27, 2018 |
|
Statuspage report |
April 30th, 2018 |
|
Mailing list post |
April 30th, 2018 |
|
Meeting notes |
April 30th, 2018 |
|
Mailing list post |
May 1, 2018 |
|
Podcast interview |
May 2, 2018 |