From c5b1116aa08ff742c5e1235a16b5e625ad6b2d40 Mon Sep 17 00:00:00 2001 From: Jarek Potiuk Date: Wed, 5 Mar 2025 17:46:33 +0100 Subject: [PATCH 1/6] Updates to PEP-0752 including co-authoring of the PEP The PEP-0752 is important for community driven projects - such as Apache Airflow, not only because of security risks but also because of concerns with public discussions about new names of distributions following agreed and implemented pattern. As agreed with Ofek, I am happy to become co-author of the PEP and added more motivation explaining this case. --- peps/pep-0752.rst | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/peps/pep-0752.rst b/peps/pep-0752.rst index 79a7173bcee..3de03e122e1 100644 --- a/peps/pep-0752.rst +++ b/peps/pep-0752.rst @@ -1,6 +1,7 @@ PEP: 752 Title: Implicit namespaces for package repositories -Author: Ofek Lev +Author: Ofek Lev , + Jarek Potiuk Sponsor: Barry Warsaw PEP-Delegate: Dustin Ingram Discussions-To: https://discuss.python.org/t/63192 @@ -39,6 +40,9 @@ namespace. A few examples: are prefixed by ``opentelemetry-`` with child prefixes in the form ``opentelemetry---``. The contrib packages live in a central repository and they are the only ones with the ability to publish. +* `Apache Airflow `__ is a platform to programmatically + author, schedule and monitor workflows. It has a providers, where each + provider package is prefixed by ``apache-airflow-providers-``. __ https://github.com/open-telemetry/opentelemetry-python __ https://github.com/open-telemetry/opentelemetry-python-contrib @@ -93,6 +97,16 @@ similar characters but that is insufficient for these use cases. __ https://github.com/pypi/warehouse/blob/8615326918a180eb2652753743eac8e74f96a90b/warehouse/migrations/versions/d18d443f89f0_ultranormalize_name_function.py#L29-L42 +Another problem that namespacing would solve is the issue of choosing new names +for packages following the agreed patterns of naming. Often (this is the case +for ``Apache Airflow`` for example), there are public discussions that precede +the decision to create a new package. The decision is based on the agreed +name and follow the pattern of the existing packages. If more package names are +considered during the discussion, all the names have to be reserved via ``PyPI`` +interface before the discussion is public, otherwise the names can be taken by +other users. This is a problem that actually happened in the past as explained +in the associated discussion. + Rationale ========= From e0eb6a43e381afc420add2118729349eb8ec07f2 Mon Sep 17 00:00:00 2001 From: Jarek Potiuk Date: Wed, 5 Mar 2025 18:26:32 +0100 Subject: [PATCH 2/6] Update peps/pep-0752.rst Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> --- peps/pep-0752.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/peps/pep-0752.rst b/peps/pep-0752.rst index 3de03e122e1..61b844c40ab 100644 --- a/peps/pep-0752.rst +++ b/peps/pep-0752.rst @@ -41,7 +41,7 @@ namespace. A few examples: ``opentelemetry---``. The contrib packages live in a central repository and they are the only ones with the ability to publish. * `Apache Airflow `__ is a platform to programmatically - author, schedule and monitor workflows. It has a providers, where each + author, schedule and monitor workflows. It has providers, where each provider package is prefixed by ``apache-airflow-providers-``. __ https://github.com/open-telemetry/opentelemetry-python From ae660e2f4d7da0f35ee39c521de74738bffa390e Mon Sep 17 00:00:00 2001 From: Jarek Potiuk Date: Wed, 5 Mar 2025 18:26:39 +0100 Subject: [PATCH 3/6] Update peps/pep-0752.rst Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> --- peps/pep-0752.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/peps/pep-0752.rst b/peps/pep-0752.rst index 61b844c40ab..13fd5cd910d 100644 --- a/peps/pep-0752.rst +++ b/peps/pep-0752.rst @@ -99,7 +99,7 @@ __ https://github.com/pypi/warehouse/blob/8615326918a180eb2652753743eac8e74f96a9 Another problem that namespacing would solve is the issue of choosing new names for packages following the agreed patterns of naming. Often (this is the case -for ``Apache Airflow`` for example), there are public discussions that precede +for Apache Airflow for example), there are public discussions that precede the decision to create a new package. The decision is based on the agreed name and follow the pattern of the existing packages. If more package names are considered during the discussion, all the names have to be reserved via ``PyPI`` From 3007164bdf2b304367fcd525008f0ba4ec1ddefb Mon Sep 17 00:00:00 2001 From: Jarek Potiuk Date: Wed, 5 Mar 2025 18:26:47 +0100 Subject: [PATCH 4/6] Update peps/pep-0752.rst Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> --- peps/pep-0752.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/peps/pep-0752.rst b/peps/pep-0752.rst index 13fd5cd910d..00b3ae61d0d 100644 --- a/peps/pep-0752.rst +++ b/peps/pep-0752.rst @@ -102,7 +102,7 @@ for packages following the agreed patterns of naming. Often (this is the case for Apache Airflow for example), there are public discussions that precede the decision to create a new package. The decision is based on the agreed name and follow the pattern of the existing packages. If more package names are -considered during the discussion, all the names have to be reserved via ``PyPI`` +considered during the discussion, all the names have to be reserved via a PyPI interface before the discussion is public, otherwise the names can be taken by other users. This is a problem that actually happened in the past as explained in the associated discussion. From 44d5a8e4e6c494bab65d172d65fe1bee9907b6f9 Mon Sep 17 00:00:00 2001 From: Jarek Potiuk Date: Wed, 5 Mar 2025 18:27:01 +0100 Subject: [PATCH 5/6] Update peps/pep-0752.rst Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> --- peps/pep-0752.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/peps/pep-0752.rst b/peps/pep-0752.rst index 00b3ae61d0d..6cc0fe3db7f 100644 --- a/peps/pep-0752.rst +++ b/peps/pep-0752.rst @@ -104,7 +104,7 @@ the decision to create a new package. The decision is based on the agreed name and follow the pattern of the existing packages. If more package names are considered during the discussion, all the names have to be reserved via a PyPI interface before the discussion is public, otherwise the names can be taken by -other users. This is a problem that actually happened in the past as explained +other users. This has happened in the past as explained in the associated discussion. Rationale From cb82556bedfabbba09f96c5505a29edab4ff3542 Mon Sep 17 00:00:00 2001 From: Jarek Potiuk Date: Wed, 5 Mar 2025 18:30:24 +0100 Subject: [PATCH 6/6] fixup! Update peps/pep-0752.rst --- peps/pep-0752.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/peps/pep-0752.rst b/peps/pep-0752.rst index 6cc0fe3db7f..5b6f4600696 100644 --- a/peps/pep-0752.rst +++ b/peps/pep-0752.rst @@ -105,7 +105,7 @@ name and follow the pattern of the existing packages. If more package names are considered during the discussion, all the names have to be reserved via a PyPI interface before the discussion is public, otherwise the names can be taken by other users. This has happened in the past as explained -in the associated discussion. +in the associated `discussion `__. Rationale =========