Migrate to ``pylint-dev``'s organization ?

[Pierre-Sassoulas]

Hello @carlio, sorry to not have talked about it earlier, I've just thought about it seeing the current migration of prospector/pylint-django. What would you think about moving pylint-django to https://github.com/pylint-dev ?

[carlio]

I am against this for now because I am uncertain about certain ownership and control of those repositories (pylint-celery and pylint-plugin-utils seems to have removed me as an owner, both prospector and pylint-django have been claimed on tidelift by other people) and this causes a problem as I plan to resurrect landscape.io, the side project from which all of these projects was open-sourced. Until I am certain what is happening I have moved them out of PyCQA to maintain ownership while planning the next steps in my projects (I have big ideas for a prospector version 2).

[Pierre-Sassoulas]

We also moved pylint ans astroid out of PyCQA over concerns about ownership and ability to maintain our own projects (we lost admin rights after much drama). I'm the one who claimed prospector : obviousely if you ask tidelift about it I'll tell them you should have full ownership of it and be the sole lifter. (It was liftable without the security policy added to the repo it's a task we had to do as lifters). Sorry about the mis-communication, for pylint when I asked to lift it and pcmanticore was already the sole lifter they asked us what to do but maybe it changed and everything is automated and blocked now.

[carlio]

Given the plan to use prospector in a SaaS again I will keep it away from any unexpected side effects of things such as tidelift, so I appreciate it if I will be able to take over sole ownership for now. I'm also curious what the drama was, in case that also leads to unforeseen consequences. If you don't mind sharing. Feel free to reach out in private if that's preferred (email is on my profile).

(This is a continuation of my reasoning for rejecting the PR https://github.com/PyCQA/prospector/pull/609 )

[Pierre-Sassoulas]

Given the plan to use prospector in a SaaS again I will keep it away from any unexpected side effects of things such as tidelift, so I appreciate it if I will be able to take over sole ownership for now

Sure, no problem. Feel free to shoot me an email or linkedin message if there's something I need to do (I thought it would be simply to confirm that you should be sole lifter to Tidelift if you ask to lift the package but maybe I'm not up to date, Tidelift is a startup after all, the process is changing).

I'm also curious what the drama was, in case that also leads to unforeseen consequences. If you don't mind sharing. Feel free to reach out in private if that's preferred (email is on my profile).

I'm going to answer publicly now that I said both too much and too little, in order to avoid speculations about what I have to say :) Check this if you want the "full picture" https://github.com/PyCQA/meta/issues/54 (barring private conversations of course), but TLDR: one of our frequent contributor was banned after a single interaction concerning pyproject.toml support in flake8, asked us to do something about it, I opened the meta issue to reintegrate the contributor and have a say in PyCQA bans in the future. The contributor unban took a considerable amount of time and multiple people intervening. Regarding the second ask, it was impossible to have a reasonable conversation about the banning process, I had also been begging for admin rights to be able to manage the pylint groups for a year at that point and had to ask PcManticore for it (he was retired from open-source). Then it got pretty irrational and both PcManticore and me lost admin privileges (We've been the two releases managers for pylint since 2014 and are the most active contributors), I've also lost maintainer rights in pydocstyle without any explanations. Daniel (third most active pylint contributor) was granted admin rights in PyCQA but this did not feel like a psychologically safe environment and was requiring too much emotional work so after a discussion with pylint's active maintainers we prepared and enacted the migration.

I think your decision to migrate is a no brainer if you want to resurrect landscape.io.

(This is a continuation of my reasoning for rejecting the PR https://github.com/landscapeio/prospector/pull/609 )

Hmm, that might be why there is a misunderstanding, this PR was merged not rejected/closed so I thought you were okay with doing the coordinated security disclosure with Tidelift.

[carlio]

Thank you for your response @Pierre-Sassoulas - that meta conversation was certainly eye-opening.

I have managed to move the other pylint-* projects I had out of PyCQA; I didn't want to comment further until that happened in case of any accidental push back.

I would be happy to move pylint-{celery,django,plugin-utils} into pylint-dev, as you're right I think it belongs better there. Prospector will remain as it's own thing for now.

Regarding tidelift, I think I merged that branch by accident to be honest, but either way it is lifted now but at least I can be sure that if I want to stop it being lifted, I can do that. I don't think there'll be any conflict with using it in a commercial sense but I don't want to accidentally hamstring myself before even starting. Also: prospector will always be free-as-in-beer and free-as-in-speech and open-source, it was always designed that way and nothing will change.

As always it is a pleasure interacting with you and I certainly will be aiding the pylint ecosystem in the future too. (Same for @DanielNoord :-) )

[carlio]

What would the next steps be for moving those 3 repositories over? It seems like I have the permissions to move all three myself, but I want to double check to make sure it's done "right".

[Pierre-Sassoulas]

Thank you for the kind words Carlio, I appreciated it.

We've checked a lot of thing before migrating because we did not want to break links to the doc and the repo in particular. Github and readthedoc are pretty great for migrations. All the redirects are done correctly for all issues/PR automatically, I don't remember having a single issue on the github side. We created the new org first then migrated the repo to it, then we fixed the pipelines.

Here's the doc for github: https://docs.github.com/en/repositories/creating-and-managing-repositories/transferring-a-repository For readthedoc it's actually "just" changing the url in the settings (as long as you don't nuke the git history). You will also need to authorize the readthedoc app in your new organization on the Github side and upgrade any redirection you did in your settings (I realized we missed that yesterday, there was a lot of 404 for messages linked from stackoverflow). If you have questions support@readthedocs.org was pretty helpful to reassure me that this was going to work (with a human answering) but in hindsight I might have wasted their time because it was pretty simple in the end.

[Pierre-Sassoulas]

I might have misunderstood what you asked, if you want to migrate repositories to pylint-dev I think you can just do it, the organization is flat, we don't have subgroups with particular rights, the repo owner can manage their right inside their repositories directly.

[carlio]

Yes it was the second part :-) I wanted to make sure I didn't add them the organisation and find out there was some procedure or some config I needed to set first. I'll get them moved across in the next few days (currently in a hotel with bad wifi, going to be in transit over the weekend).

[carlio]

Done :-) (at least the ownership is, I'll go through and update links etc next)

[carlio]

Hmm, I can't close this ticket though

[Pierre-Sassoulas]

I made you admin of the 3 migrated repositories directly. The other persons who can manage those repositories now are the pylint-dev owners, and you should add contributors in the repo settings to give write access. Let me know if that work for you, we can create groups if necessary but I'm trying to keep the rights simple and stupid.