vinnie-mnam
commented
1 month ago Yes, I also can only find 2.1 indexed in PyPI. Could you upload version 3.1?
Open ywu opened 3 months ago
vinnie-mnam
commented
1 month ago Yes, I also can only find 2.1 indexed in PyPI. Could you upload version 3.1?
adalke
commented
1 month ago So people have an idea of what's going on in the background.
I tried for years to get funding to support mmpdb. That didn't work out. I've therefore stopped being involved with the mmpdb project, other than to finish off some contractual requirements which resulted in the 3.1 release.
Nowadays I'll answer interesting questions through private email, and am available for paid consulting for less interesting or more difficult questions, otherwise I advise people to submit a GitHub issue/discussion.
My 20 year effort of being an independent developer of free/libre/open source cheminformatics software has burned me out. Every funding strategy I tried has required devaluing my worth by about 80% compared to what I could make as a proprietary software developer for a large company, and I cannot support my family this way. I have therefore decided to stop working on any projects unless there was a clear funding mechanism or it's something I'm doing solely out of my own interest.
The normal process to hand over the mmpdb entry on PyPI is to for the project owner to transfer PyPI project ownership to the current mmpdb maintainers.
This turns out to be difficult as I do not have nor want a smartphone, so only have a single factor method to log into PyPI, which nowadays requires 2FA. The PyPI developers all have smartphones and expect everyone to have smartphone, or pay for a commercial password manager, so provide no step-by-step information for how I can use PyPI.
Which is fine. The PyPI developers are understaffed and managing a very high workload as PyPI is under continual attack. They can't be expected to handle everyone's needs.
While there are no doubt ways to get a 2FA solution installed on my laptop - making it a very complicated 1FA solution - or by purchasing a hardware token, this requires time to figure out and possibly requires me to buy hardware.
In whichever case, it means I would need to figure out a solution on my own, which requires my time and possibly money, which I am not being funded to do.
PyPI has a mechanism where PyPI will transfer project ownership. However, that goes through GitHub, which also requires 2FA.
The right process seems to be that the current mmpdb developers should send a transfer request to the PyPI maintainers through a GitHub issue. I have said that I will gladly confirm the transfer request, but they need to initiate it.
Longer term, I think the centralization on GitHub is a threat to free software. I see it as yet another example of how the principles of free software are being made subordinate to the goals of a large company. Microsoft can use their gatekeeping abilities to sell supply chain solutions to governments and other companies, and as a low-cost data source for training their proprietary AI system, while proving only a small amount of that profit back through a proprietary app for free software developers which ends up locking them into GitHub and so increase Microsoft's market power.
The network effects of GitHub are clearly very large, but it comes with a lot of negatives that I am not willing to take on unless very well compensated. I urge people to consider using a freedom-respecting hosting site like Codeberg or SourceHut, which is where I host my projects using a paid account.
What it means in the mmpdb context is that it's very unlikely I'll soon resolve the 2FA issues keeping me off of PyPI or GitHub.
Andrew
***@***.***
The one indexed in PyPI is 2.1. It would be great if the latest version is also in PyPI. Thanks.