PyPI Organizations (2023)

https://blog.pypi.org/posts/2023-04-23-introducing-pypi-organizations/

42•calpaterson•8mo ago

Comments

hobofan•8mo ago

[2023]

mikepurvis•8mo ago

Looks like it's taken a while to really get rolling though; as early as January of this year they had thousands of applications in the backlog and 0 paying customers, per https://discuss.python.org/t/state-of-pypi-organizations/337...

However, later in the thread there are updates that look a little better.

alexchantavy•8mo ago

PyPI is such an important service and as a Python user it's easy to take for granted that it just works. I recently had to make a config update from my project's GitHub repo to PyPI and lost the password and had to do account recovery, and then suddenly realized "wow, they take care of a lot of other orgs", and "wow, this is a TON of ops work" -- see the issues _just_ on account recovery: https://github.com/pypi/support/issues.

datadrivenangel•8mo ago

It would be great if PyPI could use their position to offer internal mirrors with additional security scanning... and then use that capability to increase their malware detection on every package!

bgwalter•8mo ago

You can't make suggestions or criticize PyPI. For 20 years, it has been the worst package manager of any language in existence, yet they still get tons of funding and never take external suggestions. In that sense, the funding model is successful.

woodruffw•8mo ago

PyPI is a package index, not a package manager.

I can also say from direct experience that (1) it doesn't get very much funding, and (2) they take plenty of external suggestions and contributions.

the_mitsuhiko•8mo ago

From my understanding these organizations don’t yet do anything. At least they do not grant a namespace unlike they do on npm. That might change though.

woodruffw•8mo ago

> From my understanding these organizations don’t yet do anything

A key thing they do is offer finer-grained roles[1] for project and team (i.e. subteams within an org) management.

You're right that they don't provide namespaces, yet. I believe there's ongoing discussion about how to enable that, including via PEP 752 and 755.

[1]: https://docs.pypi.org/organization-accounts/roles-entities/

mikepurvis•8mo ago

The big thing is auth so that multiple owners can separately have 2FA set up and push releases, generate service tokens, etc.

maxnoe•8mo ago

Organizations cannot yet create tokens, only the setting up trusted publishing is supported, but that only works on four providers and e.g. not in self hosted gitlabs.

joshdavham•8mo ago

This is from 2023 and you still need to request approval for an organization. The approval process is also very slow (my friend requested an organization for us last fall and we still don't have it).

ayhanfuat•8mo ago

Is it possible they reached out to you requesting some information and you missed it? According to this thread they have cleared the queue recently https://discuss.python.org/t/state-of-pypi-organizations/337...

joshdavham•8mo ago

This is useful to hear about! I'll see if my friend heard anything.

Slint: Cross Platform UI Library

AI and Education: Generative AI and the Future of Critical Thinking

Maple Mono: Smooth your coding flow

Moltbook isn't real but it can still hurt you

Take Back the Em Dash–and Your Voice

Show HN: 289x speedup over MLP using Spectral Graphs

Teaching Mathematics

3D Printed Microfluidic Multiplexing [video]

Abstractions Are in the Eye of the Beholder

Show HN: Routed Attention – 75-99% savings by routing between O(N) and O(N²)

We didn't ask for this internet – Ezra Klein show [video]

The Real AI Talent War Is for Plumbers and Electricians

Show HN: MimiClaw, OpenClaw(Clawdbot)on $5 Chips

I Maintain My Blog in the Age of Agents

The Fall of the Nerds

I'm 15 and built a free tool for reading Greek/Latin texts. Would love feedback

How close is AI to taking my job?

You are the reason I am not reviewing this PR

Show HN: FamilyMemories.video – Turn static old photos into 5s AI videos

How Meta Made Linux a Planet-Scale Load Balancer

A Turing Test for AI Coding

How to Identify and Eliminate Unused AWS Resources

A2CDVI – HDMI output from from the Apple IIc's digital video output connector

CLI for Common Playwright Actions

Would you use an e-commerce platform that shares transaction fees with users?

Show HN: SafeClaw – a way to manage multiple Claude Code instances in containers

The Future of the Global Open-Source AI Ecosystem: From DeepSeek to AI+

The Evolution of the Interface

Azure: Virtual network routing appliance overview

Seedance2 – multi-shot AI video generation