State of PyPI Organizations

Hi,

Sorry if this has been discussed elsewhere but after quite a bit of looking around the series of tubes I have been unable to find any updates on the PyPI organization accounts.

Having applied for a couple when they were made available, is there anything that can streamline this process or any type of code/documentation contributions that are needing to be done before we open the floodgates and start approving/denying requests?

So far I only see the ones initially brought on during the testing period (pallets, etc.)

Thanks

We severely underestimated the amount of work it would be to get our terms of service and billing together for paid/company orgs.

For community orgs it has been the massive influx of low-quality submissions that we have to sift through that makes reviewing the applications a grind.

17 Likes

Thank you for your response, makes sense :slight_smile:

Thanks for the update.

If I were to create a project now (outside of a PyPI organization) using a personal account, how difficult would it be to later to transfer this project to a future PyPI organization that I would be a member of?

It is very easy. Project Actions - PyPI Docs

2 Likes

Any updates on this?

We have submitted two requests for creating a community organization on 5 Oct’23, and have not seen any updates so far.

Is there something we can do to facilitate the procedure?
It’s not clear to me what makes a submission “low quality” (but I guess the ship has sailed, since there doesn’t seem to be a way to edit a submission).

Likewise, I need an update. I’m the founder of the ReportLab PDF library.

ReportLab is a very large and widely used project. Until now we shared a login, so 3-4 people on the team could publish a release. Now, with 2FA being required, basically it needs me and my authenticator app and we have a single point of failure if I get hit by a bus.

We applied both for corporate and community organisations. We maintain this library for the community and unless we can have an organisation with multiple users, it is “at risk”, and the changes to 2FA have had exactly the opposite effect of what was intended.

3 Likes

This is not on topic, but FWIW the “Authenticator app” option for github 2FA is really just a particular secret seed value which can be easily shared between multiple collaborators. The most common 2FA client applications don’t allow you to extract that seed value after it’s been configured. You’d need to configure a new one from scratch, and make sure to save the “setup key” to share with your team.

This can be solved easily: first, you can share the authentication API token for publishing releases with your co-maintainers, and second, you’d give them the recovery codes so they can get access to the account (via the Web interface) if you’re unavailable.

1 Like

If you like the idea of a 2FA application written in Python, and one which uses a simple JSON file to store its information (you can encrypt that with whatever external tool you like), this is what I use: shed/2fa at master · Rosuav/shed · GitHub The PyTOTP library is trivially easy to make use of.

1 Like

This is the latest thread I found about PyPi organisations. What’s the status of it? We (Arm) are interested and would be nice to know the cost associated with it.

@EWDurbin are you able to give an update?

1 Like

Like Arm, we The Khronos Group are interesting in getting our Organization onboarded. We originally signed up in December. For now we are sharing our 2FA token for our personal Khronos Group account, which is not ideal. Can we help in anyway, with the Organization back log?

1 Like

You can expect to see more organization requests processed within the next 2-3 months as the PSF hires roles to support PyPI and other PSF infrastructure (closes May 1st)