Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Transfer ownership of PyPI packages

Tags:

As per PEP-541 abandoned PyPI projects can now be claimed. Has anyone done this? Who to contact? I tried the dist utils mail list as well as filing a ticket in the support forum, but no response so far. How does one actually request transfer of ownership in practice as outlined in PEP-541?

like image 920
vidstige Avatar asked Aug 29 '17 09:08

vidstige


People also ask

What is the difference between a PyPI project and a release?

Projects on PyPI are made and shared by other members of the Python community so that you can use them. A "release" on PyPI is a specific version of a project. For example, the requests project has many releases, like "requests 2.10" and "requests 1.2.1". A release consists of one or more "files".

How are changes to PyPI announced?

Changes to PyPI are generally announced on both the pypi-announce mailing list and the PSF blog under the label "pypi". The PSF blog also has Atom and RSS feeds for the "pypi" label. What does the "beta feature" badge mean? What are Warehouse's current beta features?

Why doesn't PyPI have a project name?

The project name is too similar to an existing project and may be confusable. The project name has been explicitly prohibited by the PyPI administrators. For example, pip install requirements.txt is a common typo for pip install -r requirements.txt, and should not surprise the user with a malicious package.

Why can't I upload my project's release to PyPI?

If you can't upload your project's release to PyPI because you're hitting the project size limit, first remove any unnecessary releases or individual files to lower your overall project size. If that is not possible, we can sometimes increase your limit. File an issue and tell us:


1 Answers

Update: PEP 541 has been approved on 2018-03-23. There is additional work to be done before you could request an ownership transfer, however.

My original answer follows.


The PEP is in draft stage. As such it is not official policy and requests are not likely to be honoured.

If the PEP ever moves to the accepted stage, the terms of service would need to be updated to reflect the new policy. And it may well be that packages that were uploaded before this point in time to be grandfathered in; they were uploaded under the old terms after all. All in all, it'll be some time before packages that are abandoned today can be claimed.

What is in place today is an ad-hoc process, executed without any real mandate or support in the terms of service, based more on common sense than on actual legal standing. There is no telling how long a request will take or what your chances are.

For some background, you can read this thread from 2014 that appears to be the first serious call for a formal process; it was kicked off after a request for control of the django-registration package back-fired with the original maintainer removing a newly-added maintainer. The whole issue came back up again in January 2017, which led to the first draft of PEP 541 (Donald is Donald Stufft, the current maintainer of PyPI).

like image 184
Martijn Pieters Avatar answered Sep 21 '22 09:09

Martijn Pieters