-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PEP 541 Request: dotenv #2568
Comments
Is there anyone we can poke @ pypi about this - this is a footgun easily hit by many people who do web development, where .env files are common. |
Bump. 👍 |
Hello, |
In that case a patch in python dotenv may be needed, since installing dotenv breaks python-dotenv. Myself I have installed dotenv a few times when I really needed python dotenv, it's hard to quantify how many others do this but from github tickets it looks like a common occurance. |
We cannot grant you the PyPI name "dotenv" for the purpose of replacing the package with another one. As we said two weeks back, the existing package is being used in the wild as demonstrated by the ongoing downloads from PyPI. What we could do instead, is to add a new person as a maintainer of the existing package, for the purposes of its continued maintenance. That could include making it possible to have both If you're interested in taking over maintenance of |
@ambv could you reconsider this case? The problem is that the It's not install able under python 3.10e.g. create a fresh conda python 3.10 env
The reason for the error is because dotenv has The more on the download statisticsFor the download statistics, when check the breakdown of the install, most of the install are from python 3.10, 3.11, 3.12. Given that the package doesn't install under python3, I would think the remaining usage are probably from miss install. Also, overall downloads:
SuggestionIf we don't want to give the name dotenv to python-dotenv, which is understandable. Could we give a notice to dotenv project and withdraw the package after, say 6 months? After the xz attack, I'm really worry about the supply chain attack. Today, I hit this with my personal computer. But I'm worried that one day I may made the same mistake at work while |
Project to be claimed
dotenv
: https://pypi.org/project/dotenvYour PyPI username
theskumar
: https://pypi.org/user/theskumarReasons for the request
dotenv
package has been abandoned for many years, last updated in 2018. There is a handful of pull-request open, which still need to be responded.python-dotenv is quite popular in the python ecosystem with adopters like pyenv, flask, django-environ, etc. with more than 5.5K stars.
We have seen countless cases[1][2][3] of people trying to install dotenv instead of python-dotenv, failing and resorting to google.
[1] theskumar/python-dotenv#6
[2] theskumar/python-dotenv#401
[2] theskumar/python-dotenv#425
Maintenance or replacement?
Replacement
Source code repositories URLs
Current project: https://github.com/pedroburon/dotenv
Replacement: https://github.com/theskumar/python-dotenv
Contact and additional research
I couldn't find an email to contact the owner independently, but others have tried to reach out to the owner by creating an issue on GitHub in Oct 2022, if the owner would like to maintain or remove the repo pedroburon/dotenv#22. No one has responded to it so far.
Code of Conduct
The text was updated successfully, but these errors were encountered: