opendev/infra-manual
Code Issues Proposed changes

Stop recommending PyPI project name squatting

Browse Source 
For years now, Warehouse (PyPI) has supported automatic project
registration on initial upload. The reason our "registration"
instructions got so complicated, in fact, is that they discouraged
and then entirely stopped supporting any other method of project
registration in order to help curb namesquatting. OpenStack's
release automation has support for this workflow as well, so let's
stop being part of the problem.

Depends-On: https://review.opendev.org/852574
Change-Id: I00a72fd330a24f548b9c87cab852cf3f57d5e910
This commit is contained in:
Jeremy Stanley 2022-08-09 14:03:40 +00:00
parent 6e166e7581
commit f281c80e5c
1 changed files with 8 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
doc/source/creators.rst
View File

@ -106,32 +106,16 @@ choosing a name`_ for new Oslo libraries.
Give OpenDev Permission to Publish Releases
===========================================
New Python packages without any releases need to be manually
registered on PyPI.
New Python projects without any releases do *not* need to be
manually registered on PyPI. The first upload for a nonexistent
project will automatically register it and add the uploader's
account as the initial owner.
If you do not have PyPI credentials, you should create them at
https://pypi.org/account/register/ as they are
required for the next step.
Once you have PyPI credentials see
https://packaging.python.org/tutorials/packaging-projects/
to create and upload your initial package. The initial package should
contain a ``PKG-INFO`` file for a nonexistent version ``0`` of your
package (that way any release you make is guaranteed to be higher).
It can be as simple as a plain text file containing the following
two lines (where ``packagename`` is replaced by the desired package
name)::
Name: packagename
Version: 0
Next your package needs to be updated so the "openstackci" user has
"Owner" permissions.
Visit
If your project already exists on PyPI, update the roles for it so
the "openstackci" user has "Maintainer" permissions. Visit
``https://pypi.org/manage/project/<projectname>/collaboration/``
and add "openstackci" in the "User Name" field, set the role to "Owner",
and click "Add Role".
and add "openstackci" in the "User Name" field, set the role to
"Maintainer", and click "Add Role".
.. image:: images/pypi-role-maintenance.png
:height: 476