| *** chandankumar is now known as chkumar|rover | 05:27 | |
| *** dasm|off is now known as dasm | 14:10 | |
| clarkb | https://github.com/openstack/xstatic-font-awesome/pull/2 is something that ya'll might want to followup on. THough seems Rob is pushing in the right direction | 16:03 |
|---|---|---|
| clarkb | looks like that individual was added as a pypi maintainer. I don't know what they intend to do | 17:35 |
| clarkb | looks like Rob didn't add them (Rob called it shady on that PR) and they just made a release... | 18:02 |
| gmann | yeah, not sure how it got added | 18:04 |
| gmann | we should get all other members also removed than openstackci https://pypi.org/project/XStatic-Font-Awesome/ | 18:06 |
| clarkb | it looks like they are also a maintainer of https://pypi.org/project/XStatic-jquery-ui/ with some of the same people but I don't think that package was ever part of openstack | 18:06 |
| clarkb | gmann: well I think going the other way may be fine too. Basically explicitlyremove it from oepnstack and let them maintain it | 18:07 |
| gmann | which is case of many other Xstatic-* repos https://pypi.org/project/XStatic-Hogan/ | 18:07 |
| clarkb | the problem here is the lack of transparency and end around of openstack which is the nominal owner of the code base | 18:07 |
| clarkb | "The package orgin was MoinMoin. And openstack got co-maintainer. I am also belong to the MoinMoin project and we use it there still for moin-2 development." is what they just posted to that PR | 18:09 |
| clarkb | so ya I don't think they are doing anything nefarious just not being clear about who has control of the code base | 18:09 |
| gmann | if we keep/give them the control it is ok to give but we need to talk to Horizon team if they want to remove it from openstack and ok to maintain by individuals | 18:09 |
| clarkb | personally if we haven't maintained it then handing it over makes sense | 18:09 |
| clarkb | gmann: well to be clear as of a few minutes ago it is maintanied by someone else whether we want it to be or not | 18:09 |
| gmann | but how non openstackci members got added, I think that is only case for XStatic-* horizon repo and not other repo owned by openstack? | 18:13 |
| clarkb | gmann: because 4 other people are maintainers and any one of them could add this person. If you look at the other xstatic packages like the jquer-ui one I linked you'll see they are present there | 18:13 |
| clarkb | I suspect they got one of their friends to do it for them | 18:13 |
| gmann | I mean the very first person | 18:14 |
| clarkb | gmann: long ago pypi required you to go through a convoluted package creation process that wasn't automated. IIRC our docs were "go manually create the package and add the openstackci user to it" | 18:15 |
| clarkb | if those indivudals don't remove themselves after the fact then they remain | 18:15 |
| gmann | ohk | 18:15 |
| gmann | we should clean those up now otherwise this case will happen more frequently. | 18:16 |
| gmann | all XStatic-* repo are with independent release model and not released recently. Need to check with Horizon team | 18:16 |
| gmann | either handover to those individual maintainers or keep only openstackci | 18:16 |
| clarkb | for this specific incidence it is probably a good idea for somenoe from openstack to reach out and coordinate (imo by acknowledging the shift in maintainership and retiring things on the openstack side) | 18:18 |
| gmann | yeah | 18:19 |
| gmann | it seems it is not only case for XStatic-* repo but other also, for example: https://pypi.org/project/glance/ https://pypi.org/project/tempest/ https://pypi.org/project/patrole/ | 18:20 |
| gmann | https://pypi.org/project/mistral/ | 18:20 |
| gmann | humm I think it is a lot https://pypi.org/project/murano/ | 18:21 |
| clarkb | for older things it is probably very common due to how the pypi api worked. I think eventually with twine and cheeseshop api updates this chagned though | 18:21 |
| gmann | PTL can help us here to clean it up for their project repos | 18:21 |
| clarkb | all of this should be queryable which should make building a list scriptable | 18:22 |
| clarkb | anyway I'll defer to yall on how you want ot handle things. I just wanted to make sure people saw this happening | 18:22 |
| gmann | clarkb: I think openstackci (who is owner of it) should be able to clean up these right? | 18:23 |
| gmann | clarkb: sure, thanks for reporting. I will add it in TC meeting agenda and we will take it forward. | 18:25 |
| clarkb | gmann: The openstackci pypi creds are managed by opendev (and part of the opendev/base-jobs repo) | 18:26 |
| clarkb | it might be possible to break that out into openstack/project-config instead, but I would have to look at how the jobs are used before being certain of that | 18:27 |
| clarkb | But yes we could use that account to clean up the packages on pypi | 18:27 |
| gmann | clarkb: cool. I will let you know after discussion in TC meeting on Jan 4 | 18:28 |
| jrosser | if you click `repository` on the pypi page it takes you to https://github.com/FortAwesome/Font-Awesome | 18:28 |
| clarkb | jrosser: yes I think all of the xstatic repos point to their vendored js content | 18:30 |
| jrosser | ah i see | 18:30 |
| clarkb | the whole xstatic system was an end around to the js tooling being very difficult to use about 8 years ago :) | 18:32 |
| clarkb | thankfully things have changed since then and it isn't too terrible to combine native tooling for both js and python in the same repo to manage the client side aspects of web development and server side | 18:33 |
| clarkb | zuul does this successfully | 18:33 |
| *** ianw is now known as ianw_pto | 23:43 | |
| *** dasm is now known as dasm|off | 23:57 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!