Sorry, I’d DMed Brett as well as some interested co-authors a couple weeks ago, but after getting confirmations from each of them, following up with them further on Discord and letting them know I’d post this here, I didn’t realize I’d accidentally left this as a draft and not submitted it. My fault…original message follows:
I’m very sorry to have disappointed everyone yet again with my continued slow progress and delinquency of my responsibilities on PEP 639, and I appreciate all your pings and attempts to get things moving again. While I’m sorry he had to post it, I’m of course very thankful for Brett and others here having been proactive in helping move things along without me given the growing interest in seeing it through.
The good news is that we’ve found not one but two new motivated and very well-qualified authors to help drive this PEP to completion. Please welcome @sethmlarson and @ksurma on board! As I’m sure many of you know, Seth is the new Security Developer in Residence with the PSF, and reached out to Brett and myself to help with this PEP due to its SPDX support helping provide metadata important for SBOMs and in turn, supply chain security. Meanwhile, Karolina works along with Petr Viktorin at Red Hat on Python packaging, and her and her team are already making considerable use of initial implementations of this PEP to more easily ingest Python package license files and metadata, and reached out to me following our discussion at the Python core dev sprint looking to help with this PEP so they can further that goal.
I’ve been following up with them to help get them up to speed on the current status of the PEP and the remaining steps needed to get it over the finish line. While I’d been slowly working through a thorough (if content-preserving) rewrite incorporating editorial improvements, more concise language and a glossary with more consistent, cross-linked terminology and using it throughout the PEP, I’m going to just cut that off at the end of the Specifications section where I am now and just submit what I have, so it doesn’t block further work, and of course update the PEP to formally add them as authors.
I’ll still be as involved as I can be supporting them, contributing my relevant expertise and taking on some of the work as time allows, but I’ll no longer be a blocker to continued progress, and they’ll be able to move the PEP forward however needed.
Here’s the remaining priority work items that I’m aware that we’ll likely be tackling over the next couple months:
- Review the “tool” definitions and validation requirements from the perspective of ensuring a conforming implementation is practical and not over-burdensome for maintainers, while still covering the most important points.
- Make the PEP much shorter and more concise (its the longest current PEP, which is a big barrier to it being useful to reviewers and readers)
- Move the non-core content to separate documents and just linking them
- Edit down the remaining core PEP text to be less verbose and more focused
- Make a few further small content tweaks requested by people on the thread since my last big revision:
- Add mention of license subdir in dist-info being not being technically backward compatible with at least theoretical implementations
- Add rejected idea (for now) of a single file concatenating license file text
- Mention that the design is REUSE-compliant and important for SBOM initiatives
- Link mesonbuild/meson-python#270 and Red Hat’s existing work as additional evidence of existing implementation of the proposed draft
Additionally, Seth and Karolina will each be providing and incorporating additional valuable input and feedback from their organizations, their many contacts and the community, to ensure the PEP delivers on its stated benefits and is practical to implement and make use of in the real world.
Please give a warm welcome and three cheers for Seth and Karolina for helping pick up the torch that I so carelessly dropped much too long ago, and we look forward to sharing more updates and PRs as they get up to speed on the PEP and the remaining work items. And thanks to everyone in the community for keeping the flame alive in the meantime!