| opendevreview | Francesco Di Nucci proposed openstack/openstack-manuals master: Full review of obtain-images https://review.opendev.org/c/openstack/openstack-manuals/+/918633 | 07:27 |
|---|---|---|
| opendevreview | Merged openstack/openstack-manuals master: Update readme for openstack-manuals repo https://review.opendev.org/c/openstack/openstack-manuals/+/896982 | 14:12 |
| fungi | worth calling out for transparency, about a week ago dan prince added dan sneddon's newly-created pypi account as a maintainer for the retired https://pypi.org/project/os-net-config packages. not sure what the reason was | 20:29 |
| gouthamr | what do we do about PyPi for retired repositories? we | 21:25 |
| gouthamr | * we have retired os-net-config, but the stable/wallaby branch hasn't been dropped.. | 21:26 |
| gouthamr | ah dansneddon wanted to maintain the repo: https://lists.openstack.org/pipermail/openstack-discuss/2023-June/034014.html | 21:28 |
| clarkb | you can't retire the pypi packaging safely because you can't be sure there isn't stuff out there using it | 21:29 |
| clarkb | people have done this to us in the past and it is extremely frustrating to have to deal with | 21:29 |
| clarkb | the best thing is to simply let it be | 21:30 |
| gouthamr | true; but, i was hoping we can update the PyPi page suggesting that there would be no further releases? | 21:30 |
| clarkb | I think that is theoretically possible. I wanted to say the readmes get uploaded as part of the content too but maybe not anymore? | 21:31 |
| clarkb | (and we update the readme to say this isn't maintained anymore when we retire stuff) | 21:31 |
| clarkb | oh its because we don't do a release | 21:31 |
| clarkb | and it looks like maybe the only way to update the readme is with a new release. Which is annoying if you want people to be able to keep using it as it means making a retirement release before fully retiring it | 21:33 |
| fungi | you'd have to upload a new version of it with a readme that says it's retired | 21:34 |
| gouthamr | yes ^; sigh: https://github.com/pypi/warehouse/issues/2170 and https://github.com/pypi/warehouse/issues/4816 | 21:35 |
| gouthamr | so, we'd need a step to publish the readme change with a z version bump - ensure we force CI and push it to PyPi; and then another change deleting all the repo contents... | 21:36 |
| clarkb | I'm honestly not sure it is worth it. We shouldn't let dead things be bigger weights than they already are | 21:37 |
| gouthamr | yes; but for instances like this where, the repo on openstack is retired, and no further changes are possible, but maintainers can push new releases some other way? | 21:38 |
| clarkb | this is one reason why the ask was for individuals to drop their direct access and cede to the centrally controlled account. That isn't really a new issue they could have always pushed new releases | 21:39 |
| gouthamr | yeah; we | 21:40 |
| gouthamr | are in a bad situation here.. i think we can reiterate relinquishing things voluntarily, and pursue recovery requests for those where folks no longer have access to their PyPi accounts | 21:41 |
| gouthamr | clarkb: like you mentioned, i wasn't able to find any API exposing owners of a package; only maintainers.. | 21:42 |
| clarkb | ya. In this case we were not owners I don't think because the new account was added as an owner and old the existing owner can do that | 21:43 |
| gouthamr | I maybe able to use your help in listing packages owned by openstackci - apparently its available on the UI. I can then make a list of packages that we need to worry about | 21:43 |
| clarkb | but maybe we were all owners | 21:44 |
| clarkb | ya we can probably log into the UI and see what that list is. cc fungi since I'm about to be takign a couple days off | 21:44 |
| gouthamr | ++ ty | 21:45 |
| fungi | yep, like i said in the tc meeting, i can do that. keep in mind it's a very large list of projects and paginated in a webui, so... | 22:13 |
| fungi | once logged in, if i go to https://pypi.org/manage/projects/ for the list of "your projects" it tells me there are 739 | 22:18 |
| fungi | some, like eventlet, have the "manage" button greyed out, suggesting maybe we're not an owner but only a maintainer | 22:19 |
| gmann | if it does not give list then we can start the cleanup of maintainers for current remaining repo, and after that we will have only one case list where we are not owner | 22:22 |
| gouthamr | primitive :D paginated to how many? if its possible to save these, i can scrape them.. | 22:22 |
| gmann | I think idea to have list is to know how many we can cleanup as owner, we have openstack remaining pkgs with maintainers so let's start cleanup directly ? | 22:23 |
| fungi | all the ones i see in that state: eventlet, kuryr-lib, pymod2pkg, pbrx, git-nit, certbot-dns-openstack, rally-runners, networking-ovs-dpdk, keystoneclient, keystoneauth3, keystoneauth2, prep_source_repos, solum-infra-guestagent, reviewday | 22:24 |
| fungi | those are the only ones i see with the "manage" button greyed out | 22:24 |
| fungi | so if we assume that's an indicator of whether the account is an owner or only a maintainer, then it's a pretty short list | 22:24 |
| fungi | also i mis-remembered, there seems to be no pagination. it's a page with 739 packages listed | 22:25 |
| fungi | anyway, cross-reference that list against the packages openstack cares about, and the intersection is probably no more than a couple, if that | 22:28 |
| gouthamr | fungi: ah neat; can i ask if you can go to "manila-tempest-plugin" and attempt to remove tbarron? | 22:28 |
| fungi | under https://pypi.org/manage/project/manila-tempest-plugin/collaboration/ i do see a remove button next to his name | 22:29 |
| gouthamr | just seeing if i give you the list of projects where we have had an "okay to remove extra maintainers", we can act on them this way | 22:29 |
| gouthamr | perfect! thank you fungi .. | 22:29 |
| gmann | gouthamr: that list might be outdated but now every repo is "okay to remove extra maintainers" | 22:30 |
| fungi | after clicking that and confirming the username it seems to have worked | 22:30 |
| * gouthamr oh; is that the only painful way of doing this? :D | 22:31 | |
| gmann | that is why I think start doing the cleanup and see how many we can reduce | 22:31 |
| fungi | and https://pypi.org/project/manila-tempest-plugin/ shows only openstackci in the maintainers list | 22:31 |
| gouthamr | \o/ | 22:31 |
| gmann | I think that is best way to shorten the list. and I volunteer to do that manual cleanup if help is needed | 22:31 |
| fungi | there may be an api for collaborator management, i haven't researched it. if someone wanted to offer up a script i'd be happy to look it over | 22:32 |
| JayF | We can all pass around the login and play mechanical turk if not :D | 22:32 |
| * gouthamr wonders how many hours are there in gmann's clock :D | 22:32 | |
| JayF | gouthamr: I just assume at this point gmann is three open source developers in a trenchcoat ;) | 22:32 |
| gouthamr | hahaha | 22:32 |
| fungi | but yeah, in the ui you have to click "remove" next to the unwanted collaborator, then enter the same username into an input box as a safety measure | 22:33 |
| gmann | :). JayF ++ on passing that and help | 22:33 |
| fungi | keep in mind that the package names don't all match the repository names. not sure if the release managers have a list or whether it gets computer dynamically when they perform cross-checking | 22:34 |
| fungi | s/computer/computed/ | 22:35 |
| * gouthamr is working on the list.. | 22:35 | |
| gouthamr | ^ good to know | 22:35 |
| fungi | i can't seem to recall a good example mismatch off the top of my head... clarkb ^ do you happen to remember one? | 22:38 |
| gmann | I think glance-store is one https://pypi.org/project/glance-store/ and repo with glance_store ? | 22:41 |
| gmann | but from description we can get to know the pkg and repo relationship even very different name | 22:41 |
| fungi | that one's more a case of package name normalization | 22:41 |
| fungi | _ and . get normalized to - in warehouse/pypi | 22:42 |
| fungi | but i'm pretty sure we also have a handful where the name on pypi was already taken so we prefixed them with something | 22:45 |
| fungi | aha, yeah here's an example: https://opendev.org/openstack/placement/src/branch/master/setup.cfg#L2 | 22:47 |
| fungi | https://opendev.org/openstack/venus/src/branch/master/setup.cfg#L2 is another | 22:47 |
| clarkb | fungi: some of the oslo repos due to . and - | 22:48 |
| fungi | yeah, normalization again, not as relevant since pypi will send them all to the same place | 22:49 |
| clarkb | I can't think of any with non normalization changes off the top of my head | 22:50 |
| fungi | i remembered that some got prefixed with openstack- so i searched for those in the list of packages | 22:50 |
| fungi | but i want to say there are others as well | 22:51 |
| fungi | so anyway, checking the metadata.name in setup.cfg ends up being important | 22:51 |
| fungi | since that's where they get overridden (at least in openstack's packages historically) | 22:51 |
| gmann | tc-members: need 2nd review one these doc update changes for retired projects https://review.opendev.org/c/openstack/openstack-manuals/+/919395/1 | 23:08 |
| gmann | this and all its base chanegs | 23:08 |
| JayF | on it | 23:08 |
| gmann | thanks JayF | 23:08 |
| gouthamr | yeah my google-fu tells me there's no warehouse API to manage maintainers :/ - there's a bunch of things that are only possible via the web UI: https://github.com/pypi/warehouse/issues/13409 | 23:53 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!