tac icon indicating copy to clipboard operation
tac copied to clipboard

Published 20 hours ago verified publisher icon AcademySoftwareFoundation

Add 'aswf-pypi' as owner on PyPi accounts

Open jmertic opened this issue 1 year ago • 2 comments

Please share any additional details on this topic

We want all projects using PyPi to add the user 'aswf-pypi' as an owner on any PyPi projects or organizations for hosted projects.

Detail what actions or feedback you would like from the TAC

For hosted projects using PyPi, please add the user 'aswf-pypi' as an owner.

How much time do you need for this topic?

None

jmertic avatar Jun 10 '24 13:06 jmertic

I'd recommend you use organizations instead because in today's world, shared accounts like that are generally frowned upon for a variety of reasons, mostly security-related. Looks like someone just needs to make a request for an ASWF organization.

https://pypi.org/manage/organizations/

Screenshot 2024-06-10 at 2 03 49 PM

aclark4life avatar Jun 10 '24 18:06 aclark4life

@aclark4life, we requested an organization 2 years ago when they first announced public availability. It's never been completed. We've asked again under this new account. While I agree that role based accounts are generally frowned upon, ASWF is contracted with the Release Engineering organization at LF and as such, we need to have a role account to do this sort of work. We keep access very close managed and generally only use the role to grant the appropriate rights to a named individual.

tykeal avatar Jun 10 '24 19:06 tykeal

Closing, added new TAC page to address https://tac.aswf.io/tools/project-accounts.html

jmertic avatar Aug 07 '24 18:08 jmertic