[improvement proposal] Manage projects with namespaces

22 views
Skip to first unread message

hervebe...@gmail.com

unread,
Apr 25, 2018, 9:00:04 AM4/25/18
to distutils-sig

Hi everybody!


I want to propose an improvement to distutils and for python packaging management.


Overview


This is a feature proposal. Now when a project is already register on pypi it's not possible to users to test a fork of any projects with the same name when it's already exist, manage projects by namespace increase possiblities for the python community.


With this feature we can introduce trusted packages by allow install/search without namespace and add namespaces on untrusted packages like docker behavior (docker pull nginx or docker pull 4383/nginx).


On docker when the package is trusted (docker trusted image mean maintained by docker itself), namespace does not exist, and when a package is maintain by a third user namespace appear into the name.


I don't want delegate official projects maintainance to the pypa team but we can introduce a vote system for the community and remove namespace when project obtain a certain number of votes from the community (users).


I've already propose this feature to the pypa warehouse (https://github.com/pypa/warehouse/issues/2589). Pypa team like this idea and we want to move forward so now we want your point of view about this.


We can formalize this feature with a PEP for describe more formerly the behaviors etc...


Features

  • Allow users to vote for trust project and allow download (install, search, etc...) without prefix with user namespace
  • Allow users to upload on pypi project with a name who already exist on pypi but prefixed by user namespace.

Benefits

  • Improve project trust
  • Improve package trusting and discrease risk that users deal with a miscellaneous package come from a typo squatting example 1, pypa github discussion
  • Allow users to provide forked version of an official project
  • Allow users to test that packaging work fine on pypi

Examples


With pip:

$ pip install Django # trusted package
$ pip install 4383/Django # untrusted package

Url transposition:

That all folks!


I hope this feature interesting you and you can consider this!

Do not hesitate to ask me more questions and to ask me more descriptions!

It's with pleasure that I want to help you (pypa, distutils) to implement this.


All the best!
Reply all
Reply to author
Forward
0 new messages