科技回声

PyPI is such an important service and as a Python user it's easy to take for granted that it just works. I recently had to make a config update from my project's GitHub repo to PyPI and lost the password and had to do account recovery, and then suddenly realized "wow, they take care of a lot of other orgs", and "wow, this is a TON of ops work" -- see the issues _just_ on account recovery: <a href="https://github.com/pypi/support/issues">https://github.com/pypi/support/issues</a>.

This is from 2023 and you still need to request approval for an organization. The approval process is also very slow (my friend requested an organization for us last fall and we still don't have it).

It would be great if PyPI could use their position to offer internal mirrors with additional security scanning... and then use that capability to increase their malware detection on every package!

From my understanding these organizations don’t yet do anything. At least they do not grant a namespace unlike they do on npm. That might change though.

This is from 2023 and you still need to request approval for an organization. The approval process is also very slow (my friend requested an organization for us last fall and we still don't have it).

It would be great if PyPI could use their position to offer internal mirrors with additional security scanning... and then use that capability to increase their malware detection on every package!

From my understanding these organizations don’t yet do anything. At least they do not grant a namespace unlike they do on npm. That might change though.

PyPI Organizations (2023)

5 条评论

PyPI Organizations (2023)

5 条评论