Package maintainers?

Question

Package maintainers?

Closed this issue 3 months ago · 32 comments

MarcelWilson commented 2 years ago

Is this project actively being maintained? I see a couple PRs submitted from last year without any movement.

Answer 1 · 2023-08-01T14:20:09.000Z

@kimberlythegeek / @davehunt - is Moz still maintaining this or has the project been sunsetted?

Answer 2 · 2023-08-03T19:32:44.000Z

Alternatively, can this project be shifted to a community ownership model? Happy to re-take the reigns.

Answer 3 · 2023-08-11T18:18:26.000Z

I ended up forking the project as an alternatively named package primarily for myself but went ahead and published it to pypi in case it's useful for anyone else. (selenium-axe-python)

Answer 4 · 2023-08-11T19:10:15.000Z

I was the architect of axe-selenium-python and core maintainer. I lost access after leaving Mozilla. I'll contact moz via other channels to understand their intent with this project.

Answer 5 · 2023-08-18T07:48:09.000Z

For what it’s worth, we’ve been investigating using this package for Django (django#16372), so I’d love to know what the maintenance status is as well – and help if help is needed.

Answer 6 · 2023-08-18T14:14:42.000Z

Mozilla staff are attending an All Hands meeting next week. I don't expect to hear back until after their meetings. The gears are in motion, we should receive a status update shortly. I appreciate everyone's patience while we get this sorted out.

Answer 7 · 2023-08-30T10:41:03.000Z

I can confirm that this project is no longer being maintained by anyone at Mozilla. I fully support @m8ttyB's suggestion of handing this over to a new owner or community for future development. My suggestion would be to initiate a repository transfer. If others are in agreement, I believe we would just need to know the new owner.

Answer 8 · 2023-09-04T16:42:13.000Z

thx @davehunt. I'm working to track down @kimberlythegeek to discuss the pypi maintainers list.

An open question to the community - @MarcelWilson + @thibaudcolas:
Deque's Python bindings appear to have significantly improved over the years. The initial goals of this project were to provide Python bindings for axe-core, where Deque (if I remember correctly) only supported JS at the time. This gap has narrowed quite a bit.

Is there an intrinsic reason to continue using axe-selenium-python instead of Deque's axe-devtools-api? I'm not against reviving this project, but I want a sanity check.

Answer 9 · 2023-09-11T20:48:08.000Z

I want to nudge this thread again -- I have not been able to locate @kimberlythegeek yet. I'll continue to work on getting ahold of her. In the meantime, @MarcelWilson or @thibaudcolas, have you given my question some thought? Should we suggest the community begin using axe-devtools-api instead of this project?

Answer 10 · 2023-09-19T13:28:57.000Z

@m8ttyB thanks for following up! I’ve not come across Deque’s axe-devtools-api before. It seems to be a different product? Axe DevTools doesn’t seem to be open source / is only available on an authenticated packages registry. axe-core is what I’m looking for Python/Selenium bindings for. Deque seems to have a lot of language-specific axe-core bindings these days but not one for Python/Selenium. There is a third-party axe-core-python though, which advertises Selenium and Playwright.

As far as ownership, the options I can see working from my side are:

https://github.com/django if there’s agreement from Django ops it makes sense to have a package on there that’s not just for Django use.
A new dedicated organisation
A personal account as a last resort (not keen on the bus factor)

We’d then try to replicate this as appropriate in PyPI, set up an Organization account and invite the relevant maintainers.

Answer 11 · 2023-10-03T13:38:56.000Z

Hey all, my turn to nudge :)

Answer 12 · 2023-10-04T14:32:32.000Z

Hi @thibaudcolas -- I was hoping @MarcelWilson might have a moment to weigh in.

You make fine points, particularly around being pushed towards an authenticated package registry that ties usage to Deque. Is this a blocker? The underlying integration they use to inject Axe with Selenium appears curiously similar to our solution.

Again, I am not dismissing the value of axe-selenium-python; I just want to be clear that folks are comfortable creating/maintaining a solution that roughly parallel to Deque's that still relies on axe-core. Reinvigorating community engagement on this project would give us more fine-grained control and move it out of the pay-walled model that Deque's model suggests.

If you're a 👍🏼, let's move forward, can you approach the Django project to engage in a conversation and take a temperature check? I agree with your assessment. Once it's decided which organization to host this project under, Mozilla folks will assist with transferring the project - ty to @davehunt & @pdehaan.

https://github.com/django if there’s agreement from Django ops, it makes sense to have a package on there that’s not just for Django use.
A new dedicated organization

We’d then try to replicate this as appropriate in PyPI, set up an Organization account and invite the relevant maintainers.

There is a mechanism in place to recover abandoned pypi namespaces. I will begin the process.

Answer 13 · 2023-10-06T18:54:21.000Z

@m8ttyB I'm not against paid libraries, but unfortunately it would be a non-starter for my projects (one of which is also open source).

Personally I would love to see axe-selenium-python continue to thrive. It already seems to have roots, just needs a little TLC. (it would also mean I can ditch my forked version 😆)

Answer 14 · 2023-10-07T01:44:19.000Z

ty @MarcelWilson. Let's do it.

@thibaudcolas, if you will, please approach the Django community about hosting this project.
@m8ttyB will work to transition the pypi project to a state where new maintainers can be added, removed, or deprecated.

Answer 15 · 2023-10-08T14:24:07.000Z

I love the efforts everyone is making here to push this forward. I would be happy to volunteer to help in any manner possible and want to contribute some features inspired by https://github.com/pamelafox/pytest-axe-playwright-snapshot, majorly interested in having inbuilt snapshot testing as starters.

Answer 16 · 2023-11-13T11:19:23.000Z

Quick update – took me a while but this is now in front of the right Django people for review. I’ll keep you all posted.

Answer 17 · 2023-11-16T20:31:20.000Z

Brilliant, ty. That's great news.

Answer 18 · 2024-02-10T12:38:40.000Z

Hi folks, I have good and bad news. The bad news is we can’t get this under the django organization in GitHub, because of the concerns I mentioned earlier about there being a package on there that’s not Django-related enough. The good news is – we can still proceed with the other options I mentioned :)

A new dedicated organisation

A personal account as a last resort (not keen on the bus factor)

Now I’m not keen on the personal account because of the bus factor – so I think the "separate organisation" is the way to go. I’m happy to set that up if that works for others here. Over the last few months I’ve had a good experience moving django-recaptcha to this type of model.

@m8ttyB what do you think? If this works for you, you can initiate the transfer to me and I’ll take it from there, coordinating with other volunteer maintainers to set up the package in a separate org. And then go through the needed maintenance.

For reference, here are people affiliated with Django who have offered to help maintain this: @tushar5526 @thibaudcolas @knyghty @sabderemane. And @MarcelWilson if you’re up for it, the more the merrier.

Answer 19 · 2024-03-19T16:45:32.000Z

I agree a separate github org would make the most sense.

One very minor correction, I'm not affiliated with Django. I use the axe in conjunction with selenium.

I mention this because I feel it's important that the purpose of the package isn't/shouldn't be specifically limited to one umbrella.

Answer 20 · 2024-05-28T13:45:20.000Z

@m8ttyB 👋 checking in where we’re at with this – do you think we could make the GitHub + PyPI transfer happen? I’m happy to have the package transferred to my personal account and take it from there, or you can create a new separate organization yourself and add the above people to it.

Re the PyPI package, same. You mentioned a mechanism to recover packages there, I’m not aware of it but am happy to take care of that if needed.

Answer 21 · 2024-06-13T22:52:52.000Z

Oi vey, I apologize. This conversation fell off my map, and messages were sent to dev/null.

Let's get this back on rails and transfer this project to you. What's the right workflow? Transfer it to your personal account, from which you can move it to an organization to negate the bus factor.
I'll find the docs for PyPI package ownership.

@davehunt, can you help Mozilla formalize the transfer of axe-selenium-python to @thibaudcolas?

/cc @pdehaan

Answer 22 · 2024-06-14T00:15:20.000Z

I've filed a support request with PyPI to initiate the transfer of the maintainer role. Once completed, we'll coordinate a community maintainer model for the package.

Answer 23 · 2024-06-14T11:27:39.000Z

I've opened a ticket for transferring this repository to @thibaudcolas.

Answer 24 · 2024-06-14T14:48:22.000Z

Excellent! :) Yes, as soon as the transfer is done I’ll proceed with creating an org for it, with the people listed above sharing access.

Answer 25 · 2024-07-12T15:44:56.000Z

There's some process involved in transferring a repository, which makes me wonder if it's worth the effort. If we're able to get access to the PyPI project, could we archive this repository and allow a fork to become the canonical repository? Apparently this approach has been used before. What do you think?

Answer 26 · 2024-07-17T10:30:51.000Z

@davehunt with the caveat that I don’t have context on what your process involves, nor on how PyPI package transfers work, that seems ok to me.

Here’s what I think we would lose, in rough order of value:

Automated GitHub redirects from /mozilla-services/axe-selenium-python
Quick access to the GitHub issues and pull requests history via #<number> mentions
Watch status at the repository and individual issue / PR level.
Connection to the project’s forks
GitHub Stars

I’d like to see mitigations in place for items 1. and 2. if possible. I’d run an automated script to recreate placeholder issues for all existing issues, with a link pointing to their source. And it’d be nice if on the existing repository, I could comment with a link to the new repo before it’s archived. And signposting on the README before archival.

Be great if we could rely on GitHub’s support for all of this, but if not, I’ve created axe-selenium-python/axe-selenium-python-fork for now as a placeholder, which I’ll rename if we proceed with this.

Answer 27 · 2024-09-20T20:50:27.000Z

Repository transfer has been approved and should happen soon. Hopefully we can also get some attention on pypi/support#4205 soon. Thank you everyone for your patience.

Answer 28 · 2024-09-26T11:31:54.000Z

Hi everyone, there’s been lots of progress! Thanks to @davehunt, the repository transfer is now completed. The repository moved to thibaudcolas/axe-selenium-python, and I’ve subsequently moved it to axe-selenium-python/axe-selenium-python so we can have @knyghty as an Owner just in case. We might not leave it there, our "plan A" is currently to move the package to Django Commons which is a new community-driven package maintenance organization.

For transparency, here’s the legal agreement between Mozilla and myself about the repository transfer: Mozilla Thibaud Axe-Selenium-Python Agreement For Execution (PDF, 200kb).

PyPI package

The next step is the PyPI package, for which @m8ttyB opened a PEP 541 request with PyPI back in June (pypi/support#4205). Looking at how those requests are processed, the PyPI support team is currently reviewing requests from March-April 2023, about 18 months ago. If those delays hold, we’d be getting support in December 2025 / January 2026.

In the meantime, I’ve set up axe-selenium on PyPI. Please don’t switch to it now. I’ve tried to re-publish the artifacts of axe-selenium-python 2.1.6 as-is, but made no attempt to test the results. This is just there as a placeholder so we have an available package name to publish to.

Onwards

If anyone following this thread has concerns with Django Commons, please share them now before we proceed? And if anyone is interested to help with future maintenance and hasn’t said so yet, now’s also the right time.

And as far as the implementation – I think we’re in a good place to proceed with adoption of modern Python packaging practices / tools; other maintenance-related project health improvements; and subsequently improvements to the functionality (in particular Axe version upgrades). For now I’ve set up a kanban board: 2024 maintenance overhaul.

Answer 29 · 2024-09-26T17:14:34.000Z

This is awesome, thanks for all the work!

Answer 30 · 2024-10-01T11:05:58.000Z

Thank you for making this happen. If you need additional maintainers I'd be happy to get involved in the project health improvements.

Answer 31 · 2025-04-25T16:47:47.000Z

Just checking in. Looking at pypi/support#4205 it would appear they couldn't get ahold of "the owner". Do we have any idea what kind of timeline we can expect? (assuming they move forward).

Should we attempt pushing updates to https://pypi.org/project/axe-selenium/ in the interim?

Answer 32 · 2025-04-30T08:26:36.000Z

We got access yesterday! 🌈 axe-selenium-python on PyPI now has me as the owner and I’ve invited @knyghty as well to have some redundancy in the short term.

I’m not super clear on the order of actions but the plan as I see it is still:

Get a new release out that’s the same as the current latest, with updated metadata to make it clear "new owners"
New package tooling with a focus on automation
Move to Django Commons
Axe upgrade
(New release with Axe upgrade(s))
Other feature development
Onboarding of a sustainable amount of maintainers
Triage of all existing issues and creation of an informal roadmap

I’ll review the Django Commons process a bit more to check if it makes more sense to add everyone to the package "now" or after the move there.