From f281c80e5c1e66952358eb97f1bb2040048850b3 Mon Sep 17 00:00:00 2001 From: Jeremy Stanley Date: Tue, 9 Aug 2022 14:03:40 +0000 Subject: [PATCH] Stop recommending PyPI project name squatting For years now, Warehouse (PyPI) has supported automatic project registration on initial upload. The reason our "registration" instructions got so complicated, in fact, is that they discouraged and then entirely stopped supporting any other method of project registration in order to help curb namesquatting. OpenStack's release automation has support for this workflow as well, so let's stop being part of the problem. Depends-On: https://review.opendev.org/852574 Change-Id: I00a72fd330a24f548b9c87cab852cf3f57d5e910 --- doc/source/creators.rst | 32 ++++++++------------------------ 1 file changed, 8 insertions(+), 24 deletions(-) diff --git a/doc/source/creators.rst b/doc/source/creators.rst index 98f361c..bd037b0 100644 --- a/doc/source/creators.rst +++ b/doc/source/creators.rst @@ -106,32 +106,16 @@ choosing a name`_ for new Oslo libraries. Give OpenDev Permission to Publish Releases =========================================== -New Python packages without any releases need to be manually -registered on PyPI. +New Python projects without any releases do *not* need to be +manually registered on PyPI. The first upload for a nonexistent +project will automatically register it and add the uploader's +account as the initial owner. -If you do not have PyPI credentials, you should create them at -https://pypi.org/account/register/ as they are -required for the next step. - -Once you have PyPI credentials see -https://packaging.python.org/tutorials/packaging-projects/ -to create and upload your initial package. The initial package should -contain a ``PKG-INFO`` file for a nonexistent version ``0`` of your -package (that way any release you make is guaranteed to be higher). -It can be as simple as a plain text file containing the following -two lines (where ``packagename`` is replaced by the desired package -name):: - - Name: packagename - Version: 0 - -Next your package needs to be updated so the "openstackci" user has -"Owner" permissions. - -Visit +If your project already exists on PyPI, update the roles for it so +the "openstackci" user has "Maintainer" permissions. Visit ``https://pypi.org/manage/project//collaboration/`` -and add "openstackci" in the "User Name" field, set the role to "Owner", -and click "Add Role". +and add "openstackci" in the "User Name" field, set the role to +"Maintainer", and click "Add Role". .. image:: images/pypi-role-maintenance.png :height: 476