Skip to content

Commit 55b113f

Browse files
ofekofek
authored
PEP 752: Address feedback, round 6 (#4329)
1 parent 2f2c7ee commit 55b113f

File tree

1 file changed

+20
-9
lines changed

1 file changed

+20
-9
lines changed

peps/pep-0752.rst

+20-9
Original file line numberDiff line numberDiff line change
@@ -186,10 +186,8 @@ Organizations
186186
-------------
187187

188188
Any package repository that allows for the creation of projects (e.g.
189-
non-mirrors) MAY offer the concept of `organizations`__. Organizations
190-
are entities that own projects and have various users associated with them.
191-
192-
__ https://blog.pypi.org/posts/2023-04-23-introducing-pypi-organizations/
189+
non-mirrors) MAY offer the concept of organizations [6]_. Organizations are
190+
entities that own projects and have various users associated with them.
193191

194192
Organizations MAY reserve one or more namespaces. Such reservations neither
195193
confer ownership nor grant special privileges to existing projects.
@@ -235,12 +233,12 @@ detected when any existing namespace starts with the proposed namespace.
235233
Uploads
236234
-------
237235

238-
If the following criteria are all true for a given upload:
236+
If the name of a package being uploaded matches a reserved namespace and either
237+
of the following criteria are true:
239238

240-
1. The project does not yet exist.
241-
2. The name matches a reserved namespace.
242-
3. The project is not owned by an organization with an active grant for the
243-
namespace.
239+
* The project does not yet exist.
240+
* The project is not owned by an organization with an active grant for the
241+
namespace.
244242

245243
Then the upload MUST fail with a 403 HTTP status code.
246244

@@ -389,6 +387,16 @@ None at this time.
389387
Rejected Ideas
390388
==============
391389

390+
Granting reservations to users
391+
------------------------------
392+
393+
As package repositories have a flat namespace, allowing any user to reserve a
394+
namespace would be untenable not just because there would be
395+
`contention for a finite resource`__, but also because no repository has enough
396+
human operators to manage the vetting of an arbitrary number of users.
397+
398+
__ https://en.wikipedia.org/wiki/Tragedy_of_the_commons
399+
392400
.. _artifact-level-association:
393401

394402
Artifact-level Namespace Association
@@ -756,6 +764,9 @@ Footnotes
756764
.. [5] `Detailed write-up <https://discuss.python.org/t/64679>`__ of the
757765
potential for provenance assertions.
758766
767+
.. [6] As an example, PyPI's concept of organizations is described
768+
`here <https://blog.pypi.org/posts/2023-04-23-introducing-pypi-organizations/>`__.
769+
759770
__ https://www.sphinx-doc.org/en/master/usage/extensions/index.html
760771
__ https://airflow.apache.org/docs/apache-airflow/stable/authoring-and-scheduling/plugins.html
761772
__ https://airflow.apache.org/docs/apache-airflow-providers/index.html

0 commit comments

Comments
 (0)