Add 'aswf-pypi' as owner on PyPi accounts

AcademySoftwareFoundation / tac

Materials and meeting notes for the ASWF Technical Advisory Council (TAC)

https://tac.aswf.io

Creative Commons Attribution 4.0 International

94 stars 30 forks source link

Add 'aswf-pypi' as owner on PyPi accounts #723

Open jmertic opened 2 weeks ago

jmertic commented 2 weeks ago

Please share any additional details on this topic

We want all projects using PyPi to add the user 'aswf-pypi' as an owner on any PyPi projects or organizations for hosted projects.

Detail what actions or feedback you would like from the TAC

For hosted projects using PyPi, please add the user 'aswf-pypi' as an owner.

How much time do you need for this topic?

None

aclark4life commented 2 weeks ago

I'd recommend you use organizations instead because in today's world, shared accounts like that are generally frowned upon for a variety of reasons, mostly security-related. Looks like someone just needs to make a request for an ASWF organization.

https://pypi.org/manage/organizations/

Screenshot 2024-06-10 at 2 03 49 PM

tykeal commented 2 weeks ago

@aclark4life, we requested an organization 2 years ago when they first announced public availability. It's never been completed. We've asked again under this new account. While I agree that role based accounts are generally frowned upon, ASWF is contracted with the Release Engineering organization at LF and as such, we need to have a role account to do this sort of work. We keep access very close managed and generally only use the role to grant the appropriate rights to a named individual.