PEP 541 Request: Requests for projects owned by user etingof #2420
Comments
|
My team have published several new releases of Now this request long passed the six-week reachability phase, so any update on whether to move on to next phase? |
|
@yeraydiazdiaz Thanks for at least responding with the progress. |
|
@di I was writing about the company of inexio GmbH, which was once the sponsor of Ilya, and was trying to fork and maintain the documentation site as well as some repos that their products depend on, such as snmpsim. I wrote to both support@inexio.net and info@inexio.net in Nov 2022, but never got a reply. It is not clear to me what's the relationship between inexio GmbH and @Lostboi except what you might find under #802, where @Lostboi seemed to request package ownership on behalf of inexio. |
|
Hey guys, I know that support@inexio.net does not answer because they dont know whom they could address the task. Since Ilya has unfortunately passed away, I would think it best that the co-worker (e.g. https://github.com/tiran) of Ilya maintain the project as far as they can, because of the security relevant topics. |
|
While this request is being further reviewed, I'd like to ask for clarity on how the security risks are being evaluated. The original comment left by @tiran contains several key points,
|
|
Greetings! I'm curious if there is an update or if any consensus has been reached? Ilya was on my team when he went on leave to never return, and I can say with certainty that he wouldn't want to see pysnmp fragment. Pysnmp for Ilya was much more a project out of passion instead of work funded by any specific employer. As someone who is looking for the next logical path with pysnmp because I have partners using it in driver code today, I really hope a forward path can be reached. One aspect which comes to mind is passion. To me, it seems like @lextm is approaching this with passion, which reminds me so very much of Ilya. 😢 |
…mp-mibs The original author of pysnmp passed away and the lextudio folks took over maintenance [1]. A request to take over the pysnmp PyPi project is pending [2]. Let's move the the maintained fork rather now than later. While at it, drop the pysnmp-mibs dependency altogether, because this is no longer required for pysnmp>=4.3 [3]. [1] etingof/pysnmp#429 [2] pypi/support#2420 [3] https://github.com/lextudio/pysnmp-mibs/blob/master/README.md Signed-off-by: Bastian Krause <bst@pengutronix.de>
|
As a casual, interested observer, this request appears to be stalled, to our collective detriment. In the interests of the PySNMP project and its constituent components, the projects that depend on them, and the broader PyPI community, I would seek greater clarity on the status of this request relative to the PEP 541 process. Starting from the top, the section on Reachability stipulates that "the maintainers" (meaning those who operate PyPI) "will try to [contact the user] at least three times" (where "the user" is evidently one who is able to publish material to a PyPI project, and "contact" is by email according to one of three defined addresses). I have to identify evidence linked from this request to show that the maintainers have carried out this step. If this step has been completed, could a maintainer please post evidence here? If not, what is preventing progress? I welcome enlightenment on points I have failed to sufficiently grasp. |
|
Hi - I'd like to re-raise this request. I think passing ownership to @lextm makes sense, for a few reasons. There appear to be two active forks of PySNMP; besides https://github.com/lextudio/pysnmp (currently Furthermore, the pysnmp GitHub organization also has its own fork of pyasn1, published as If I understand correctly, you cannot have both But you can have I also agree with the point above that @tiran's statement about security sensitivity is more about pyasn1 than pysnmp - yes, pysnmp is used in security-sensitive contexts, but pyasn1 is very widely used and the risk of passing it to someone untrustworthy is much, much higher. To the most recent question about contact: the user cannot be contacted due to his death, and so this step is moot. But I don't know what the next step is, then. Can a PyPI maintainer comment on what needs to be done, please? (@tiran, since you specifically requested a hold on transferring Ilya's projects in #1104, would you mind sharing thoughts on what should happen with pysnmp and more generally the non-pyasn1 projects?) |
|
While this request remains pending, projects have migrated to the
|
|
We could not reach Ilya, and we consider his projects abandoned per PEP 541. We recommend that the PyPI Administrators assign @lextm as the new owner of the following projects, and we confirm that the community is already using Lex's forks in considerable numbers: https://github.com/etingof/pysnmp-mibs Please note that Ilya used two accounts on PyPI. The main one's https://pypi.org/user/etingof/ and the other is https://pypi.org/user/ilya/. We determined this is the same person, as corroborated by the fact multiple projects list both accounts as an owner, and the remaining projects use the Disclaimer: We are providing support to the PyPI Administrators to validate this request and make a recommendation on the outcome and actions to be taken. Final determination will be made by the PyPI Administrators when our process is complete. |
PyPI
TestPyPINone of the listed projects exist. |
Project to be claimed
See below
Your PyPI username
lextm: https://pypi.org/user/lextmReasons for the request
Grouping of 13 PEP 541 requests for projects:
pysnmp-mibs
pysnmp-apps
pysnmpcrypto
snmpfwd
snmpreceiver
snmpdiscoverer
snmpresponder
pysmi
snmpsim
snmpsim-data
snmpsim-control-plane
snmpclitools
pysnmp
All of them owned by the same user Ilya Etingof (@entingof). But sadly he passed away a few months ago, as announced here.
The packages are dependencies for many open source software or tools used by many of my clients and a broader community. I'd like to take ownership of the packages and keep them up-to-date.
I have contacted owners of several forks, but either no reply or they are not interested in taking over the ecosystem. I also contacted Yeray who has previously requested project ownership in ticket #1104.
Please add me as admin to the projects on PyPI and Test PyPI.
pysnmp-mibs: https://pypi.org/project/pysnmp-mibspysnmp-apps: https://pypi.org/project/pysnmp-appspysnmpcrypto: https://pypi.org/project/pysnmpcryptosnmpfwd: https://pypi.org/project/snmpfwdsnmpreceiver: https://pypi.org/project/snmpreceiversnmpdiscoverer: https://pypi.org/project/snmpdiscoverersnmpresponder: https://pypi.org/project/snmpresponderpysmi: https://pypi.org/project/pysmisnmpsim: https://pypi.org/project/snmpsimsnmpsim-data: https://pypi.org/project/snmpsim-datasnmpsim-control-plane: https://pypi.org/project/snmpsim-control-planesnmpclitools: https://pypi.org/project/snmpclitoolspysnmp: https://pypi.org/project/pysnmpMaintenance or replacement?
Replacement
Source code repositories URLs
Ilya's repos
https://github.com/etingof/pysnmp-mibs
https://github.com/etingof/pysnmp-apps
https://github.com/etingof/pysnmpcrypto
https://github.com/etingof/snmpfwd
https://github.com/etingof/snmpreceiver
https://github.com/etingof/snmpdiscoverer
https://github.com/etingof/snmpresponder
https://github.com/etingof/pysmi
https://github.com/etingof/snmpsim
https://github.com/etingof/snmpsim-data
https://github.com/etingof/snmpsim-control-plane
https://github.com/etingof/snmpclitools
https://github.com/etingof/pysnmp
new repos owned by me
https://github.com/lextudio/pysnmp-mibs
https://github.com/lextudio/pysnmp-apps
https://github.com/lextudio/pysnmpcrypto
https://github.com/lextudio/snmpfwd
https://github.com/lextudio/snmpreceiver
https://github.com/lextudio/snmpdiscoverer
https://github.com/lextudio/snmpresponder
https://github.com/lextudio/pysmi
https://github.com/lextudio/snmpsim
https://github.com/lextudio/snmpsim-data
https://github.com/lextudio/snmpsim-control-plane
https://github.com/lextudio/snmpclitools
https://github.com/lextudio/pysnmp
Contact and additional research
The previous owner Ilya Etingof (@entingof) passed away a few months ago, as announced here.
I already outlined the complete plan to take over the ownership of the entire ecosystem, as documented
etingof/pysnmp#429
and contacted parties that might be interested in owning the pieces,
Code of Conduct
The text was updated successfully, but these errors were encountered: