The discussions on PEP-755 and PEP-752 seem to have stalled without getting us any closer to a comfortable consensus on namespaces. Could there be room for some minimalist advances to ease the pain during the next decade of debate? (I myself have been feeling the pain of clashing private and public package names since 2015, I’m sure there are many who have been sighing longer than that).
Could we side-step some of the more contentious issues in namespacing, by putting some drastic limitations on it? These limitations would hopefully not stand in the way of a more elaborate and relaxed future design, but would make it possible to get something, anything, in the way of progress.
This is my suggestion:
- A prefix must match a domain that you prove ownership of, in reverse java-style:
google.combecomescom-google - You may only reserve a prefix for which there is currently no matching packages, unless those packages are owned by you.
- The account/organization that owns a prefix gets to approve or disapprove any new registrations under their prefix. No more, no less. No special meta-data. No badges or UI elements. No mixed multi-org-ownership. No delegations. No nothing except for a reserved prefix.
- A namespace should come with a cost, to cover the admin overhead at PyPI. Perhaps $1000 for ten years of reservation, or some similar round and reasonable numbers like that. Enough to deter casual squatting, but within easy reach of almost any organization, including single-person shops in mid-income countries. Non-profits could have their fee waived.