Description
openedon Aug 8, 2020
Enough people are getting involved in this project now that I'm not sure anymore about being listed as the author on PyPI. It's really not just me, even ignoring the many times project ownership changed (Phenny->Jenni->Willie).
So I'd like to update the authorship metadata on PyPI, effective for Sopel 8.0. We should say that "Sopel IRC Contributors" (or a similar name) is the author, and list currently active maintainers as maintainers instead.
PyPI has no concept of "team accounts", which is unfortunate. We'll have to make sure a few people always have (secure) access to the project account's credentials, so theoretically there will always be at least one person who can add more maintainers when (not if) someone just suddenly disappears one day. (I fully acknowledge that that could be me—bus factor and all that.)
Other things to think about includes how to handle releases. It's kind of neat to see who released each Sopel version, and if we can store multiple PyPI tokens to use depending on who pushed the release tag, that would be neat. But the simplest option is obviously to continue using one account—the "primary" maintainer's, or the project's—to deploy releases.*
* — No idea if mapping the tagging user to release credentials is possible; it's just a cool idea. Moving off of Travis CI would affect this, too—we've tossed around the idea of switching to GitHub Actions.