PyPI Organizations (2023)

https://blog.pypi.org/posts/2023-04-23-introducing-pypi-organizations/

42•calpaterson•8mo ago

Comments

hobofan•8mo ago

[2023]

mikepurvis•8mo ago

Looks like it's taken a while to really get rolling though; as early as January of this year they had thousands of applications in the backlog and 0 paying customers, per https://discuss.python.org/t/state-of-pypi-organizations/337...

However, later in the thread there are updates that look a little better.

alexchantavy•8mo ago

PyPI is such an important service and as a Python user it's easy to take for granted that it just works. I recently had to make a config update from my project's GitHub repo to PyPI and lost the password and had to do account recovery, and then suddenly realized "wow, they take care of a lot of other orgs", and "wow, this is a TON of ops work" -- see the issues _just_ on account recovery: https://github.com/pypi/support/issues.

datadrivenangel•8mo ago

It would be great if PyPI could use their position to offer internal mirrors with additional security scanning... and then use that capability to increase their malware detection on every package!

bgwalter•8mo ago

You can't make suggestions or criticize PyPI. For 20 years, it has been the worst package manager of any language in existence, yet they still get tons of funding and never take external suggestions. In that sense, the funding model is successful.

woodruffw•8mo ago

PyPI is a package index, not a package manager.

I can also say from direct experience that (1) it doesn't get very much funding, and (2) they take plenty of external suggestions and contributions.

the_mitsuhiko•8mo ago

From my understanding these organizations don’t yet do anything. At least they do not grant a namespace unlike they do on npm. That might change though.

woodruffw•8mo ago

> From my understanding these organizations don’t yet do anything

A key thing they do is offer finer-grained roles[1] for project and team (i.e. subteams within an org) management.

You're right that they don't provide namespaces, yet. I believe there's ongoing discussion about how to enable that, including via PEP 752 and 755.

[1]: https://docs.pypi.org/organization-accounts/roles-entities/

mikepurvis•8mo ago

The big thing is auth so that multiple owners can separately have 2FA set up and push releases, generate service tokens, etc.

maxnoe•8mo ago

Organizations cannot yet create tokens, only the setting up trusted publishing is supported, but that only works on four providers and e.g. not in self hosted gitlabs.

joshdavham•8mo ago

This is from 2023 and you still need to request approval for an organization. The approval process is also very slow (my friend requested an organization for us last fall and we still don't have it).

ayhanfuat•8mo ago

Is it possible they reached out to you requesting some information and you missed it? According to this thread they have cleared the queue recently https://discuss.python.org/t/state-of-pypi-organizations/337...

joshdavham•8mo ago

This is useful to hear about! I'll see if my friend heard anything.

Software Engineering Is Back

Storyship: Turn Screen Recordings into Professional Demos

Reputation Scores for GitHub Accounts

A BSOD for All Seasons – Send Bad News via a Kernel Panic

Show HN: I got tired of copy-pasting between Claude windows, so I built Orcha

Omarchy First Impressions

Reinforcement Learning from Human Feedback

Show HN: Versor – The "Unbending" Paradigm for Geometric Deep Learning

Show HN: HypothesisHub – An open API where AI agents collaborate on medical res

Big Tech vs. OpenClaw

Anofox Forecast

Ask HN: How do you figure out where data lives across 100 microservices?

Motus: A Unified Latent Action World Model

Rotten Tomatoes Desperately Claims 'Impossible' Rating for 'Melania' Is Real

The protein denitrosylase SCoR2 regulates lipogenesis and fat storage [pdf]

Los Alamos Primer

NewASM Virtual Machine

Terminal-Bench 2.0 Leaderboard

I vibe coded a BBS bank with a real working ledger

The Path to Mojo 1.0

Show HN: I'm 75, building an OSS Virtual Protest Protocol for digital activism

Show HN: I built Divvy to split restaurant bills from a photo

Hot Reloading in Rust? Subsecond and Dioxus to the Rescue

Skim – vibe review your PRs

Show HN: Open-source AI assistant for interview reasoning

Tech Edge: A Living Playbook for America's Technology Long Game

Golden Cross vs. Death Cross: Crypto Trading Guide

Hoot: Scheme on WebAssembly

What the longevity experts don't tell you

Monzo wrongly denied refunds to fraud and scam victims