Differences between revisions 86 and 87
Revision 86 as of 2019-07-04 00:57:09
Size: 19217
Comment: Discourse post just now, plus making Fundable Packaging Improvements more prominent
Revision 87 as of 2019-07-18 03:39:35
Size: 19413
Comment: today's post
Deletions are marked like this. Additions are marked like this.
Line 89: Line 89:
`Mid-July update on 2FA, API keys, and a11y work <https://discuss.python.org/t/pypi-security-work-multifactor-auth-progress-help-needed/1042/29>`_ Forum post July 17th, 2019

Agenda

The purpose of this working group is to support the larger efforts of improving and maintaining the packaging ecosystem in Python through fundraising and disbursement of raised funds. It largely focuses on efforts such as PyPI, pip, packaging.python.org, setuptools, and cross-project efforts.

Resources

  • Discussion: Slack and mailing list. The archives are set to private since there will be voting.
  • Accounting: We rely on the PSF's donation and accounting mechanisms to raise funds and disburse them to the selected recipients.
  • Project ideas: Fundable Packaging Improvements

Governance

Decisions on what fundraising and projects/efforts to support will be done by a simple majority and in the case of a tie, will escalate to the PSF Board. See the PSF Packaging WG Charter.

Administration

Members

  • Donald Stufft
  • Ewa Jodlowska
  • Nick Coghlan
  • Ernest W. Durbin III
  • Thea Flowers
  • Sumana Harihareswara
  • Nicole Harris
  • Dustin Ingram
  • Kenneth Reitz
  • Nathaniel J. Smith
  • Jacqueline Kazil (non-voting observer from PSF board)
  • Thomas Wouters (non-voting observer from PSF board)
  • Eric Holscher (non-voting member)
  • Laura Hampton (non-voting member)
  • (others will be added as they accept their invitation to the WG)

Meetings

As needed.

Current Projects

Fundraising

The Packaging Working Group is seeking sponsorships and grants to raise funds for Fundable Packaging Improvements.

Sprints

We run PackagingSprints at conventions and as standalone events. We're open to companies and organizations hosting sprints and work weeks to help us move packaging forward; get in contact with a Working Group member.

Warehouse: OTF grant

The Packaging Working Group applied for and is receiving a grant from the Open Technology Fund to implement & deploy security, localization, and accessibility improvements for Warehouse (PyPI's codebase).

Meetings and status updates from the grant-funded project:

Meeting/update Type Date
Mid-July update on 2FA, API keys, and a11y work Forum post July 17th, 2019
Early July update on 2FA, API keys, and a11y work Forum post July 3rd, 2019
API key design planning Meeting notes June 24th, 2019
PyPI Now Supports Two-Factor Login via WebAuthn Blog post June 18th, 2019
Early June update on WebAuthn and accessibility work Forum post June 8th, 2019
Initial a11y and i18n planning Meeting notes June 7th, 2019
Use two-factor auth to improve your PyPI account's security Blog post May 30th, 2019
Late May update on TOTP and WebAuthN work Forum post May 22nd, 2019
PyPI two-factor auth (2FA) trial May 3-20 Mailing list post May 2nd, 2019
(cross-post) PyPI two-factor auth (2FA) trial May 3-20 Forum post May 2nd, 2019
Early April update on work and request for advice Forum post April 3rd, 2019
PyPI security work: multifactor auth progress & help needed Forum post March 22nd, 2019
Prioritizing extant security issues Meeting notes March 22nd, 2019
Starting security, a11y, & i18n improvements to PyPI for 2019 Blog post March 13th, 2019
Kickoff planning meeting with grant-funded team Meeting notes March 11th, 2019

Warehouse: Facebook gift

The Packaging Working Group applied for and is receiving a gift from Facebook to implement & deploy security features for Warehouse (PyPI's codebase).

Meetings and status updates:

Meeting/update Type Date
Scoping Facebook-funded work Meeting notes June 20th, 2019

Past projects

Warehouse

The Packaging Working Group supported the implementation & deployment of Warehouse (PyPI 2.0) to replace the legacy code base that powered legacy PyPI. Announced on PSF blog in January 2016; see its history in this April 2018 LWN article.

Meetings and status updates from the MOSS-funded project:

Meeting/update Type Date
PSF announcement of $170,000 MOSS award to improve sustainability of PyPI Blog post November 27, 2017
Kickoff meeting Meeting notes Monday, Dec. 4, 2017
Kickoff/milestone update Mailing list post Thursday, Dec. 7, 2017
Developer experience audit walkthrough in-person meeting Tuesday, December 12, 2017
Maintainer MVP milestone bug triage Meeting notes Tuesday, Dec. 19, 2017
Maintainer MVP milestone schedule discussion Meeting notes January 10, 2018
Mid-January progress Mailing list post Jan. 15, 2018
Role management and welcoming first-time contributors Mailing list post Jan. 23, 2018
Standup, bug triage, and milestone schedule discussion Meeting notes January 29, 2018
Late January progress Mailing list post Jan. 30, 2018
Standup, bug triage, milestone schedule discussion Meeting notes February 5, 2018
Warehouse update: still on track, new features Mailing list post Feb. 6, 2018
Standup/bug triage/milestone schedule update meeting Meeting notes Feb. 12th, 2018
Warehouse: package manager features & question about advertising Mailing list post Feb. 13, 2018
Standup, bug triage, & milestone schedule update meeting Meeting notes Feb. 20th, 2018
Warehouse: essential maintainer features & next steps Mailing list post Feb. 21st, 2018
Standup, bug triage, and milestone schedule update meeting Meeting notes Feb. 26th, 2018
Python package maintainers, help test the new PyPI! Blog post Feb. 26th, 2018
Warehouse update: a week of testing, polish, & infrastructure Mailing list post Feb. 27th, 2018
Planning meeting Meeting notes March 6th, 2018
PyPI & Warehouse update: redirecting & shutting down legacy by end of April Mailing list post March 7th, 2018
Core Warehouse developers' planning meeting Meeting notes March 12th, 2018
new stuff overview, beta next week, user tests, & other Warehouse updates Mailing list post March 14th, 2018
Planning meeting with core Warehouse developers Meeting notes March 19th, 2018
PyPI/Warehouse: infrastructure hardening & the CAPTCHA conundrum Mailing list post March 20th, 2018
Weekly planning meeting with core Warehouse developers Meeting notes March 20th, 2018
Warehouse: All New PyPI is now in beta Blog post March 26th, 2018
The all new Python Package Index is now in beta at pypi.org Blog post March 26th, 2018
beta, pythonhosted docs, PEP 541 Mailing list post March 28th, 2018
Early April planning meeting with core Warehouse developers Meeting notes April 2nd, 2018
PyPI/Warehouse update: new advice & launch, shutdown dates Mailing list post April 3rd, 2018
Mid-April planning meeting with core Warehouse developers Meeting notes April 10th, 2018
PyPI/Warehouse (short) weekly report: Progress towards launch milestone Mailing list post April 10th, 2018
Summary of PyPI overhaul in new LWN article Mailing list post April 11th, 2018
Next Generation PyPI rollout incident report Statuspage report April 16th, 2018
New PyPI launched, legacy PyPI shutting down April 30 Blog post April 16th, 2018
Post-launch planning with core Warehouse developers Meeting notes April 17th, 2018
Warehouse/PyPI update: launch, project wrapup approaching Mailing list post April 18th, 2018
Pre-legacy-shutdown planning with core Warehouse developers Meeting notes April 23rd, 2018
PyPI update: legacy shutdown 30 April, new classifiers page, seeking funding Mailing list post April 24th, 2018
Python legacy sunsetting Statuspage report April 30th, 2018
legacy.pypi.org shutdown notice Mailing list post April 30th, 2018
End-of-project conference call Meeting notes April 30th, 2018
Final weekly report: legacy is shut down Mailing list post May 1, 2018

PackagingWG (last edited 2023-08-03 09:40:27 by smm)

Unable to view page? See the FrontPage for instructions.