cachecontrol icon indicating copy to clipboard operation
cachecontrol copied to clipboard
verified publisher icon psf

Maintainability going forward: one possible, easy solution

Open itamarst opened this issue 4 years ago • 9 comments

Since you have very little time to maintain this, like we all do, one thing I've successfully done, inspired by https://lukasa.co.uk/2016/04/One_Of_The_Team/ via Hynek Schlawack: anyone who lands a PR gets asked if they want commit access.

In particular, same company that is getting me to fix the memory usage bug in pip needed some bug fixes in sparkmagic, which had huge pile-up of PRs and basically zero maintainers. So I finagled commit access, merged some, and then recruited those people to be maintainers, since I didn't actually know anything about Spark :) Basically just "hey do you want to be maintainer, you just need to agree to code of conduct, and try to PRs with reviews instead of pushing directly." You can enforce the latter in repo settings I think?

The result was pretty successful; it hasn't gotten a huge development push, but it is being actively maintained by people who are not me (https://github.com/jupyter-incubator/sparkmagic/commits/master?before=ac0852cbe88a41faa368cf1e1c89045a2de973bf+35&branch=master).

And maybe in this case you want to be a little more careful, given the potential for supply chain attack on pip, but you already have a bunch of commits/PRs from people who are credible and apparently motivated to contribute.

itamarst avatar Oct 27 '21 13:10 itamarst

@itamarst I'm definitely OK getting others to help with the maintenance. I don't have any plans for major changes, but I'm fine if folks wanted to continue to evolve things as well. Let me know what you're thinking and how you'd want to proceed.

ionrock avatar Oct 27 '21 20:10 ionrock

My personal goal is to get a release out :grin: After that my time here is up... unless there's other issues that affect pip, in which I can make a plausible argument that I should be spending my client's money on this. Do point them out, happy to do more!

However, one way you can make it easier for contributors with commit to make things happen is by automating the release process, so e.g. if you tag a release it gets deployed. And then anyone with commit access to repo can do release without having to give them all PyPI credentials. If that's something you're comfortable with I can submit a PR for that.

And if you're happy getting more contributors, probably 30 minutes spent going through issue/closed PR backlog and messaging people who you're comfortable with would get you a person or three you add as a collaborator with commit access in GitHub.

itamarst avatar Oct 28 '21 13:10 itamarst

@itamarst Fair enough! I released 0.12.7. If you did have a PR to perform a release from a tag I would certainly be grateful. I'll also do an audit of the PRs and issues to see if there is anyone who would like to help contribute. Thanks for the suggestions and your help!

ionrock avatar Oct 29 '21 02:10 ionrock

Just curious if there have been any updates on the release process/timing? I know everyone is busy :) I've been trying to use my fork / a git repo source but, because of the way my code is packaged/distributed, I really need to get back to a release from PyPI... I can certainly look into alternatives for myself but was hoping a new release would be coming soon?! Thanks for your work on this!

davegaeddert avatar Dec 22 '21 19:12 davegaeddert

There have been some releases with some fixes, separate from this issue. Is there a specific fix you want to get from git that isn't released?

itamarst avatar Dec 22 '21 19:12 itamarst

Thanks for the quick response @itamarst. Basically everything since the last release, but specifically this PR https://github.com/ionrock/cachecontrol/pull/269.

davegaeddert avatar Dec 22 '21 19:12 davegaeddert

There's an outstanding PR for first part of automation, and then when that's in I will do PR for the rest of release automation. But it's up to ionrock to merge, and he doesn't have a lot of time, so... I'm sure it'll happen eventually.

In short term, you can have pip install off of this git repo instead of your fork?

itamarst avatar Dec 28 '21 20:12 itamarst

Fair enough.

I'll take another look at the workarounds. I've got a bit of a unique situation at the moment where I'm using this as a dependency for something that is both 1) also a pypi package, and 2) being added to a private zip which is delivered to customers. I've got it as https://github.com/ionrock/cachecontrol/archive/7815847.zip right now but that can't be a used for a dependency on pypi (HTTP Error 400: Invalid value for requires_dist. Error: Can't have direct dependency: 'CacheControl[filecache,redis] @ https://github.com/ionrock/cachecontrol/archive/7815847.zip' here), and when I had it as the git ref then I couldn't package my private zip (I think poetry export -> requirements.txt may have been the hangup there). I might just "vendor"/copy it in directly if I can't find another way to make it work for now...

Thanks for getting back to me — let me know if a release sneaks its way out 😉

davegaeddert avatar Dec 28 '21 22:12 davegaeddert

The other alternative is vendoring, I guess.

itamarst avatar Dec 28 '21 23:12 itamarst

See #300

frostming avatar Jun 01 '23 02:06 frostming