I’ve vendored it in a PR to pip, but right now I’m the sole maintainer on it.
@henryiii has given some awesome contributions (and could be a co-maintainer as far as I’m concerned if he wishes), but I don’t like the idea having a potential pip vendored dependency with a sole-owner in GitHub.
Assuming a from the relevant folks, do any special steps need to be taken for
You need an existing PyPA sponsor, IIRC, which I could be, I think, and then it needs to be sent to the mailing list for a vote. I’ve been intending to suggest this, actually.
To be clear, I believe this is exactly correct for the first step, you want to make sure there’s interest and a sponsor before the mailing list. I was just outlining what I remember from the remaining part of the process.
For anyone reading and not following links above, this is a small first-party implementation of PEP 735, and cibuildwheel and nox are already using it in main. It also contains a helper CLI. You can use it to read [dependency-groups] and get nice errors.
The process is to have a vote on the mailing list, yes. Personally, I don’t see why it couldn’t live under PyPA.
As for Trusted Publishing, for as long as you remain the project owner, you can add that to it. TP is not bound to users or orgs within Warehouse and so it survives changing maintainers or transferring to orgs.
That said, there’s no concensus on whether PyPA projects need to be under the PyPA org (Profile of Python Packaging Authority · PyPI). I suggested that in a number of places and some were in favor while others seemed indecisive. Either way, there’s no such rule/requirement.
I’m drafting the email. @sirosen If you’d like to add me as a co-maintainer, I can mention that in the email.
Current draft:
I’d like to propose the transfer of the dependency-groups project to the PyPA org. This is a reference implementation and tool for PEP 735’s dependency groups. Some links:
The author of the package and PEP, Stephen Rosen, would be a new PyPA member. dependency-groups has already become a dependency of cibuldwheel and nox.
Per PEP 609:
The proposal will be put to a vote on the PyPA-Committers mailing list,
over a 7-day period. Each PyPA committer can vote once, and can choose one
of +1 and -1. If at least two thirds of recorded votes are +1, then the
vote succeeds.
To me, it really depends on whether or not you’d like to be one. Your contributions are very welcome and valuable either way!
It’s mostly a question of having another person able to push releases out, and adding the responsibility for reviewing my changes (not that I’m making a ton of changes every day).
I’m a little limited in my ability to respond for a couple of weeks, travelling, but the draft email looks great!
The vote is now closed. With all +1’s and no -1’s, the motion has passed.
Congrats!
In order to transfer to the pypa organization, someone will need to add me ( di (Dustin Ingram) · GitHub) as a repo owner. I’ll set up the relevant team
structure & invite any users to the pypa organization as necessary.
Wonderful! I’m traveling for another week, so I plan to take care of the permissions when I’m back. (Mostly, I’ve been keeping up with my backlog and making a few posts during train rides.)
I’ll make @henryiii a pypi owner and @dustin a GitHub owner soon.