Differences between revisions 100 and 106 (spanning 6 versions)
Revision 100 as of 2019-11-26 21:46:13
Size: 24804
Comment: sprucing up records of past, current, future projects
Revision 106 as of 2020-01-25 00:54:28
Size: 26006
Comment: test infrastructure planning meeting
Deletions are marked like this. Additions are marked like this.
Line 45: Line 45:
* Thomas Wouters (non-voting observer from PSF board)
* Eric Holscher (non-voting member)
* Eric Holscher (non-voting observer from PSF board)
Line 48: Line 47:
* Jannis Leidel (non-voting observer from PSF board)
Line 74: Line 74:
* *Schedule*: As of 11 November 2019, the PSF has closed its `Request For Proposals <https://pyfound.blogspot.com/2019/09/pypi-security-q4-2019-request-for.html>`_ for contractors to carry out this work, and aims to commence work in December 2019. * *Schedule*: As of 2 January 2020, the PSF has hired contractors to carry out this work, and has commenced work.
Line 76: Line 76:
* *Code*: `GitHub repository. <https://github.com/pypa/warehouse/>`_ * *Code and discussion*: `GitHub repository for Warehouse <https://github.com/pypa/warehouse/>`_, and `Discourse forum <https://discuss.python.org/c/packaging>`_.
Line 91: Line 91:
`Kickoff - 2019 Q4 RFP Milestone 2 - Automated Detection of Malicious Uploads <PackagingWG/2019-12-11-Warehouse>`_ Meeting notes December 11th, 2019
Line 97: Line 98:
The Packaging Working Group applied for and is receiving funding to work in 2020 on the design, implementation, and rollout of `pip's next-generation dependency resolver <https://wiki.python.org/psf/Fundable%20Packaging%20Improvements#Finish_dependency_resolver_for_pip>`_. One of the donors funding this work is the `Chan Zuckerberg Initiative <https://chanzuckerberg.com/eoss/proposals/improving-user-experience-and-debuggability-of-pip-for-all-python-users/>`_; we will be able to publicly name the other funder in early December 2019. The Packaging Working Group applied for and is receiving funding to work in 2020 on the design, implementation, and rollout of `pip's next-generation dependency resolver <https://wiki.python.org/psf/Fundable%20Packaging%20Improvements#Finish_dependency_resolver_for_pip>`_. The donors funding this work are the `Chan Zuckerberg Initiative <https://chanzuckerberg.com/eoss/proposals/improving-user-experience-and-debuggability-of-pip-for-all-python-users/>`_ (USD$200,000) and `Mozilla Open Source Support <https://www.mozilla.org/en-US/moss/>`_ (USD$207,000).
Line 100: Line 101:
* *Schedule*: As of 11 November 2019, the PSF has announced a `request for proposals for contractor developers to carry out this work <https://pyfound.blogspot.com/2019/11/seeking-developers-for-paid-contract.html>`_, and aims to commence work in December 2019 or January 2020. The work will end in December 2020. * *Schedule*: As of 13 January 2020, the PSF has chosen contractors to carry out this work, and has commenced work. The work will end in December 2020.
Line 102: Line 103:
* *Code*: `Repository on GitHub <https://github.com/pypa/pip/>`_. * *Code and discussion*: `GitHub repository for pip <https://github.com/pypa/pip/>`_, `Zulip livechat <https://python.zulipchat.com/#narrow/stream/218659-pip-development>`_, and `Discourse forum <https://discuss.python.org/c/packaging>`_.
Line 113: Line 114:
`Planning test infrastructure work <PackagingWG/2020-01-08-pip>`_ Meeting notes January 23rd, 2020
`Beginning to plan resolver work <PackagingWG/2020-01-08-pip>`_ Meeting notes January 8th, 2020
`Mozilla and Chan Zuckerberg Initiative to support pip <https://pyfound.blogspot.com/2019/12/moss-czi-support-pip.html>`_ Blog post December 4th, 2019
Line 141: Line 145:
`Start using 2FA and API Tokens on PyPI <https://pyfound.blogspot.com/2020/01/start-using-2fa-and-api-tokens-on-pypi.html>`_ Blog post January 17th, 2020
`API tokens and all 2FA methods are out of beta <https://discuss.python.org/t/pypi-security-work-multifactor-auth-progress-help-needed/1042/49>`_ Forum post January 17th, 2020

Agenda

The purpose of this working group is to support the larger efforts of improving and maintaining the packaging ecosystem in Python through fundraising and disbursement of raised funds. It largely focuses on efforts such as PyPI, pip, packaging.python.org, setuptools, and cross-project efforts.

Resources

  • Discussion: Slack and mailing list. The archives are set to private since there is voting.
  • Accounting: We rely on the PSF's donation and accounting mechanisms to raise funds and disburse them to the selected recipients.
  • Project ideas: Fundable Packaging Improvements

Governance

Decisions on what fundraising and projects/efforts to support will be done by a simple majority and in the case of a tie, will escalate to the PSF Board. See the PSF Packaging WG Charter.

Administration and Contact

To contact the Packaging WG, email Ewa Jodlowska.

Members

  • Donald Stufft
  • Ewa Jodlowska
  • Nick Coghlan
  • Ernest W. Durbin III
  • Thea Flowers
  • Sumana Harihareswara
  • Nicole Harris
  • Dustin Ingram
  • Kenneth Reitz
  • Nathaniel J. Smith
  • Jacqueline Kazil (non-voting observer from PSF board)
  • Eric Holscher (non-voting observer from PSF board)
  • Laura Hampton (non-voting member)
  • Jannis Leidel (non-voting observer from PSF board)
  • (others will be added as they accept their invitation to the WG)

Meetings

As needed.

Current Projects

Fundraising

The Packaging Working Group is seeking sponsorships and grants to raise funds for Fundable Packaging Improvements.

Sprints

We run PackagingSprints at conventions and as standalone events. We're open to companies and organizations hosting sprints and work weeks to help us move packaging forward; get in contact with a Working Group member.

Warehouse: Facebook gift

The Packaging Working Group applied for and is receiving a gift from Facebook to implement & deploy security features for Warehouse (PyPI's codebase).

Meetings and status updates:

Meeting/update Type Date
Scoping Facebook-funded work Meeting notes June 20th, 2019
Announcement of Request for Information Blog post August 28th, 2019
Announcement of Request for Proposals Blog post September 25th, 2019
Kickoff - 2019 Q4 RFP Milestone 2 - Automated Detection of Malicious Uploads Meeting notes December 11th, 2019

Dependency resolver for pip

The Packaging Working Group applied for and is receiving funding to work in 2020 on the design, implementation, and rollout of pip's next-generation dependency resolver. The donors funding this work are the Chan Zuckerberg Initiative (USD$200,000) and Mozilla Open Source Support (USD$207,000).

Meetings and status updates:

Meeting/update Type Date
Planning test infrastructure work Meeting notes January 23rd, 2020
Beginning to plan resolver work Meeting notes January 8th, 2020
Mozilla and Chan Zuckerberg Initiative to support pip Blog post December 4th, 2019
Seeking Developers for Paid Contract Improving pip Blog post November 11th, 2019

Past projects

Warehouse: OTF grant

The Packaging Working Group applied for and received a grant from the Open Technology Fund to implement & deploy security, localization, and accessibility improvements for Warehouse (PyPI's codebase).

Meetings and status updates from the OTF grant-funded project:

Meeting/update Type Date
Start using 2FA and API Tokens on PyPI Blog post January 17th, 2020
API tokens and all 2FA methods are out of beta Forum post January 17th, 2020
Concluding report on localisation and accessibility work Forum post October 8th, 2019
Early Sept. update on accessibility & localisation work Forum post September 8th, 2019
Early September update on security work Forum post September 8th, 2019
Prioritizing and estimating security, l10n and a11y work Meeting notes August 29th, 2019
Inspect PyPI event logs to audit your account's and project's security Blog post August 15th, 2019
Early Aug. update on 2FA, API keys, audit log, & a11y work Forum post August 6th, 2019
Prioritizing API token and 2FA issues Meeting notes August 2nd, 2019
Audit log design planning Meeting notes July 31st, 2019
PyPI now supports uploading via API token Blog post July 31st, 2019
preliminary announcement of API token beta Forum post July 25th, 2019
Mid-July update on 2FA, API keys, and a11y work Forum post July 17th, 2019
Early July update on 2FA, API keys, and a11y work Forum post July 3rd, 2019
API key design planning Meeting notes June 24th, 2019
PyPI Now Supports Two-Factor Login via WebAuthn Blog post June 18th, 2019
Early June update on WebAuthn and accessibility work Forum post June 8th, 2019
Initial a11y and i18n planning Meeting notes June 7th, 2019
Use two-factor auth to improve your PyPI account's security Blog post May 30th, 2019
Late May update on TOTP and WebAuthN work Forum post May 22nd, 2019
PyPI two-factor auth (2FA) trial May 3-20 Mailing list post May 2nd, 2019
(cross-post) PyPI two-factor auth (2FA) trial May 3-20 Forum post May 2nd, 2019
Early April update on work and request for advice Forum post April 3rd, 2019
PyPI security work: multifactor auth progress & help needed Forum post March 22nd, 2019
Prioritizing extant security issues Meeting notes March 22nd, 2019
Starting security, a11y, & i18n improvements to PyPI for 2019 Blog post March 13th, 2019
Kickoff planning meeting with grant-funded team Meeting notes March 11th, 2019

Warehouse rollout

The Packaging Working Group supported the implementation & deployment of Warehouse (PyPI 2.0) to replace the legacy code base that powered legacy PyPI. Announced on PSF blog in January 2016; see its history in this April 2018 LWN article.

Meetings and status updates from the MOSS-funded project:

Meeting/update Type Date
PSF announcement of $170,000 MOSS award to improve sustainability of PyPI Blog post November 27, 2017
Kickoff meeting Meeting notes Monday, Dec. 4, 2017
Kickoff/milestone update Mailing list post Thursday, Dec. 7, 2017
Developer experience audit walkthrough in-person meeting Tuesday, December 12, 2017
Maintainer MVP milestone bug triage Meeting notes Tuesday, Dec. 19, 2017
Maintainer MVP milestone schedule discussion Meeting notes January 10, 2018
Mid-January progress Mailing list post Jan. 15, 2018
Role management and welcoming first-time contributors Mailing list post Jan. 23, 2018
Standup, bug triage, and milestone schedule discussion Meeting notes January 29, 2018
Late January progress Mailing list post Jan. 30, 2018
Standup, bug triage, milestone schedule discussion Meeting notes February 5, 2018
Warehouse update: still on track, new features Mailing list post Feb. 6, 2018
Standup/bug triage/milestone schedule update meeting Meeting notes Feb. 12th, 2018
Warehouse: package manager features & question about advertising Mailing list post Feb. 13, 2018
Standup, bug triage, & milestone schedule update meeting Meeting notes Feb. 20th, 2018
Warehouse: essential maintainer features & next steps Mailing list post Feb. 21st, 2018
Standup, bug triage, and milestone schedule update meeting Meeting notes Feb. 26th, 2018
Python package maintainers, help test the new PyPI! Blog post Feb. 26th, 2018
Warehouse update: a week of testing, polish, & infrastructure Mailing list post Feb. 27th, 2018
Planning meeting Meeting notes March 6th, 2018
PyPI & Warehouse update: redirecting & shutting down legacy by end of April Mailing list post March 7th, 2018
Core Warehouse developers' planning meeting Meeting notes March 12th, 2018
new stuff overview, beta next week, user tests, & other Warehouse updates Mailing list post March 14th, 2018
Planning meeting with core Warehouse developers Meeting notes March 19th, 2018
PyPI/Warehouse: infrastructure hardening & the CAPTCHA conundrum Mailing list post March 20th, 2018
Weekly planning meeting with core Warehouse developers Meeting notes March 20th, 2018
Warehouse: All New PyPI is now in beta Blog post March 26th, 2018
The all new Python Package Index is now in beta at pypi.org Blog post March 26th, 2018
beta, pythonhosted docs, PEP 541 Mailing list post March 28th, 2018
Early April planning meeting with core Warehouse developers Meeting notes April 2nd, 2018
PyPI/Warehouse update: new advice & launch, shutdown dates Mailing list post April 3rd, 2018
Mid-April planning meeting with core Warehouse developers Meeting notes April 10th, 2018
PyPI/Warehouse (short) weekly report: Progress towards launch milestone Mailing list post April 10th, 2018
Summary of PyPI overhaul in new LWN article Mailing list post April 11th, 2018
Next Generation PyPI rollout incident report Statuspage report April 16th, 2018
New PyPI launched, legacy PyPI shutting down April 30 Blog post April 16th, 2018
Post-launch planning with core Warehouse developers Meeting notes April 17th, 2018
Warehouse/PyPI update: launch, project wrapup approaching Mailing list post April 18th, 2018
Pre-legacy-shutdown planning with core Warehouse developers Meeting notes April 23rd, 2018
PyPI update: legacy shutdown 30 April, new classifiers page, seeking funding Mailing list post April 24th, 2018
Python legacy sunsetting Statuspage report April 30th, 2018
legacy.pypi.org shutdown notice Mailing list post April 30th, 2018
End-of-project conference call Meeting notes April 30th, 2018
Final weekly report: legacy is shut down Mailing list post May 1, 2018

PackagingWG (last edited 2025-01-13 07:09:39 by AlyssaCoghlan)

Unable to view page? See the FrontPage for instructions.