Moving `dependency-groups` under the `pypa` org

I’d like to move the dependency-groups package under pypa.

I’ve vendored it in a PR to pip, but right now I’m the sole maintainer on it.

@henryiii has given some awesome contributions (and could be a co-maintainer as far as I’m concerned if he wishes), but I don’t like the idea having a potential pip vendored dependency with a sole-owner in GitHub.

Assuming a :+1: from the relevant folks, do any special steps need to be taken for

  • new pypa member (moi!)
  • Trusted Publishers for pypi

?

6 Likes

You need an existing PyPA sponsor, IIRC, which I could be, I think, and then it needs to be sent to the mailing list for a vote. I’ve been intending to suggest this, actually.

1 Like

Ah, I’m rereading this bit of doc:
https://www.pypa.io/en/latest/members/#project-membership

I took the last sentence literally, but I’m now reading PEP 609 to see if it lays out a process for me to follow.

To be clear, I believe this is exactly correct for the first step, you want to make sure there’s interest and a sponsor before the mailing list. I was just outlining what I remember from the remaining part of the process.

For anyone reading and not following links above, this is a small first-party implementation of PEP 735, and cibuildwheel and nox are already using it in main. It also contains a helper CLI. You can use it to read [dependency-groups] and get nice errors.

3 Likes

The process is to have a vote on the mailing list, yes. Personally, I don’t see why it couldn’t live under PyPA.
As for Trusted Publishing, for as long as you remain the project owner, you can add that to it. TP is not bound to users or orgs within Warehouse and so it survives changing maintainers or transferring to orgs.
That said, there’s no concensus on whether PyPA projects need to be under the PyPA org (Profile of Python Packaging Authority · PyPI). I suggested that in a number of places and some were in favor while others seemed indecisive. Either way, there’s no such rule/requirement.

1 Like

@sirosen I think we should go ahead and start a vote. I could also do that, I think. Or second it if Henry does.

1 Like

I’m drafting the email. @sirosen If you’d like to add me as a co-maintainer, I can mention that in the email.

Current draft:

I’d like to propose the transfer of the dependency-groups project to the PyPA org. This is a reference implementation and tool for PEP 735’s dependency groups. Some links:

The author of the package and PEP, Stephen Rosen, would be a new PyPA member. dependency-groups has already become a dependency of cibuldwheel and nox.

Per PEP 609:

The proposal will be put to a vote on the PyPA-Committers mailing list,
over a 7-day period. Each PyPA committer can vote once, and can choose one
of +1 and -1. If at least two thirds of recorded votes are +1, then the
vote succeeds.

1 Like

To me, it really depends on whether or not you’d like to be one. Your contributions are very welcome and valuable either way!

It’s mostly a question of having another person able to push releases out, and adding the responsibility for reviewing my changes (not that I’m making a ton of changes every day).


I’m a little limited in my ability to respond for a couple of weeks, travelling, but the draft email looks great!

I’d be fine with that - I’m assuming it will be pretty stable unless new PEPs add features, so a low frequency of reviewing required. :slight_smile:

1 Like

xref to the ML thread: Mailman 3 Move dependency-groups to PyPA - PyPA-Committers - python.org

1 Like

@sirosen Passed!

The vote is now closed. With all +1’s and no -1’s, the motion has passed.
Congrats!

In order to transfer to the pypa organization, someone will need to add me (
di (Dustin Ingram) · GitHub) as a repo owner. I’ll set up the relevant team
structure & invite any users to the pypa organization as necessary.

1 Like

Wonderful! I’m traveling for another week, so I plan to take care of the permissions when I’m back. (Mostly, I’ve been keeping up with my backlog and making a few posts during train rides.)

I’ll make @henryiii a pypi owner and @dustin a GitHub owner soon.

Thanks all!

1 Like