Convenience releases

[Maxime Beauchemin <ma...@gmail.com>]

Hi all,

Now that 0.34.0 is out, I'd like to ship convenience releases in the for of
a PyPI.org release and a Docker image, ideally served on dockerhub.

Now we have a few blockers/concerns:

* as mentioned before, it looks like someone claimed "apache-superset" on
pypi.org, probably by mistake. https://pypi.org/user/cidiomar.dias.restoque/,
there's no process to re-claim it just yet, but folks seem to be working on
it here https://github.com/pypa/warehouse/issues/1506. Anyone has the
ability to pull strings at pypi.org ? :)
* can we just use `superset` in pypi (which we own) or does it have to be
`apache-superset`?
* for a release to be convenient, we should ship our minified JS bundles,
but I'm afraid that forces us to craft a 600+ entries LICENSE file
dynamically. Workaround might be to add a `superset build` command that
would well build this stuff. Requires having npm/node and such, working on
some user-space dir as we should treat `site-packages` as be immutable. I'm
not sure if that's reasonable/doable
* about docker, I'm assuming similar licensing issues for images that
contain minified bundles (is that the case?), but it's probably ok to share
just a Dockerfile itself
* Maybe we should just automate the process that compiles the LICENSE file
with the 600 npm libs? I did a bit of work in that area before
https://github.com/apache/incubator-superset/pull/5801

Thoughts?

Max

Re: Convenience releases

[Charles Givre <cg...@gmail.com>]

All, 
I created a JIRA ticket here: https://github.com/pypa/packaging-problems/issues/284 <https://github.com/pypa/packaging-problems/issues/284> on the PyPA's issue tracker.  I'll follow up with this to see if we can get the apache-superset name assigned to us. 
-- C



> On Aug 28, 2019, at 12:24 PM, Maxime Beauchemin <ma...@gmail.com> wrote:
> 
> I couldn't find that person's contact info, so I'm not sure how to go about
> it.
> 
> Max
> 
> On Wed, Aug 28, 2019 at 9:21 AM Stephanie Rivera <sr...@spotx.tv.invalid>
> wrote:
> 
>> Good point!
>> 
>> Cheers,
>> 
>> Stephanie
>> 
>> 
>> *Stephanie Rivera* |* Vice President, Data Intelligence*
>> 
>> 8181 Arista Place | Broomfield, CO 80021
>> 
>> <
>> http://www.google.com/url?q=http%3A%2F%2Fwww.spotxchange.com%2F&sa=D&sntz=1&usg=AFrqEzdlZjMtAvYRCQByfN6D_6PjZhSbSw
>>> *Everyone
>> you will ever meet knows something you don't.*
>> 
>> <
>> https://www.google.com/url?q=https%3A%2F%2Fdl.dropbox.com%2Fs%2F5se5ucpqodjsq1h%2Flinkedin.png&sa=D&sntz=1&usg=AFrqEzdTHQrlDWywpW7VZVpwGJJdOBY-Wg
>>> 
>> 
>> 
>> 
>> 
>> On Wed, Aug 28, 2019 at 10:16 AM Bolke de Bruin <bd...@gmail.com> wrote:
>> 
>>> You could argue that for a convenience release you could use "superset
>>> based on the source release of Apache superset" which might get
>> rid/reduce
>>> the licensing challenge. It's not an official release channel so why
>> treat
>>> it as such?
>>> 
>>> Did you try contacting the author on pypi's superset? It's a bit a
>>> trademark issue I guess. You could ask Apache legal to help eventually as
>>> trademark protection is important. Besides malware could be spread this
>> way
>>> as well.
>>> 
>>> B.
>>> 
>>> Sent from my iPhone
>>> 
>>>> On 28 Aug 2019, at 18:04, Maxime Beauchemin <
>> maximebeauchemin@gmail.com>
>>> wrote:
>>>> 
>>>> Hi all,
>>>> 
>>>> Now that 0.34.0 is out, I'd like to ship convenience releases in the
>> for
>>> of
>>>> a PyPI.org release and a Docker image, ideally served on dockerhub.
>>>> 
>>>> Now we have a few blockers/concerns:
>>>> 
>>>> * as mentioned before, it looks like someone claimed "apache-superset"
>> on
>>>> pypi.org, probably by mistake.
>>> https://pypi.org/user/cidiomar.dias.restoque/,
>>>> there's no process to re-claim it just yet, but folks seem to be
>> working
>>> on
>>>> it here https://github.com/pypa/warehouse/issues/1506. Anyone has the
>>>> ability to pull strings at pypi.org ? :)
>>>> * can we just use `superset` in pypi (which we own) or does it have to
>> be
>>>> `apache-superset`?
>>>> * for a release to be convenient, we should ship our minified JS
>> bundles,
>>>> but I'm afraid that forces us to craft a 600+ entries LICENSE file
>>>> dynamically. Workaround might be to add a `superset build` command that
>>>> would well build this stuff. Requires having npm/node and such, working
>>> on
>>>> some user-space dir as we should treat `site-packages` as be immutable.
>>> I'm
>>>> not sure if that's reasonable/doable
>>>> * about docker, I'm assuming similar licensing issues for images that
>>>> contain minified bundles (is that the case?), but it's probably ok to
>>> share
>>>> just a Dockerfile itself
>>>> * Maybe we should just automate the process that compiles the LICENSE
>>> file
>>>> with the 600 npm libs? I did a bit of work in that area before
>>>> https://github.com/apache/incubator-superset/pull/5801
>>>> 
>>>> Thoughts?
>>>> 
>>>> Max
>>> 
>> 

Re: Convenience releases

[Beto Dealmeida <ro...@dealmeida.net>]

I'll try to reach out to him.


On 8/28/19 9:24 AM, Maxime Beauchemin wrote:
> I couldn't find that person's contact info, so I'm not sure how to go about
> it.
>
> Max
>
> On Wed, Aug 28, 2019 at 9:21 AM Stephanie Rivera <sr...@spotx.tv.invalid>
> wrote:
>
>> Good point!
>>
>> Cheers,
>>
>> Stephanie
>>
>>
>> *Stephanie Rivera* |* Vice President, Data Intelligence*
>>
>> 8181 Arista Place | Broomfield, CO 80021
>>
>> <
>> http://www.google.com/url?q=http%3A%2F%2Fwww.spotxchange.com%2F&sa=D&sntz=1&usg=AFrqEzdlZjMtAvYRCQByfN6D_6PjZhSbSw
>>> *Everyone
>> you will ever meet knows something you don't.*
>>
>> <
>> https://www.google.com/url?q=https%3A%2F%2Fdl.dropbox.com%2Fs%2F5se5ucpqodjsq1h%2Flinkedin.png&sa=D&sntz=1&usg=AFrqEzdTHQrlDWywpW7VZVpwGJJdOBY-Wg
>>
>>
>>
>> On Wed, Aug 28, 2019 at 10:16 AM Bolke de Bruin <bd...@gmail.com> wrote:
>>
>>> You could argue that for a convenience release you could use "superset
>>> based on the source release of Apache superset" which might get
>> rid/reduce
>>> the licensing challenge. It's not an official release channel so why
>> treat
>>> it as such?
>>>
>>> Did you try contacting the author on pypi's superset? It's a bit a
>>> trademark issue I guess. You could ask Apache legal to help eventually as
>>> trademark protection is important. Besides malware could be spread this
>> way
>>> as well.
>>>
>>> B.
>>>
>>> Sent from my iPhone
>>>
>>>> On 28 Aug 2019, at 18:04, Maxime Beauchemin <
>> maximebeauchemin@gmail.com>
>>> wrote:
>>>> Hi all,
>>>>
>>>> Now that 0.34.0 is out, I'd like to ship convenience releases in the
>> for
>>> of
>>>> a PyPI.org release and a Docker image, ideally served on dockerhub.
>>>>
>>>> Now we have a few blockers/concerns:
>>>>
>>>> * as mentioned before, it looks like someone claimed "apache-superset"
>> on
>>>> pypi.org, probably by mistake.
>>> https://pypi.org/user/cidiomar.dias.restoque/,
>>>> there's no process to re-claim it just yet, but folks seem to be
>> working
>>> on
>>>> it here https://github.com/pypa/warehouse/issues/1506. Anyone has the
>>>> ability to pull strings at pypi.org ? :)
>>>> * can we just use `superset` in pypi (which we own) or does it have to
>> be
>>>> `apache-superset`?
>>>> * for a release to be convenient, we should ship our minified JS
>> bundles,
>>>> but I'm afraid that forces us to craft a 600+ entries LICENSE file
>>>> dynamically. Workaround might be to add a `superset build` command that
>>>> would well build this stuff. Requires having npm/node and such, working
>>> on
>>>> some user-space dir as we should treat `site-packages` as be immutable.
>>> I'm
>>>> not sure if that's reasonable/doable
>>>> * about docker, I'm assuming similar licensing issues for images that
>>>> contain minified bundles (is that the case?), but it's probably ok to
>>> share
>>>> just a Dockerfile itself
>>>> * Maybe we should just automate the process that compiles the LICENSE
>>> file
>>>> with the 600 npm libs? I did a bit of work in that area before
>>>> https://github.com/apache/incubator-superset/pull/5801
>>>>
>>>> Thoughts?
>>>>
>>>> Max

Re: Convenience releases

[Stephanie Rivera <sr...@spotx.tv.INVALID>]

https://pypi.org/security/ ??

Cheers,

Stephanie


*Stephanie Rivera* |* Vice President, Data Intelligence*

8181 Arista Place | Broomfield, CO 80021

<http://www.google.com/url?q=http%3A%2F%2Fwww.spotxchange.com%2F&sa=D&sntz=1&usg=AFrqEzdlZjMtAvYRCQByfN6D_6PjZhSbSw>*Everyone
you will ever meet knows something you don't.*

<https://www.google.com/url?q=https%3A%2F%2Fdl.dropbox.com%2Fs%2F5se5ucpqodjsq1h%2Flinkedin.png&sa=D&sntz=1&usg=AFrqEzdTHQrlDWywpW7VZVpwGJJdOBY-Wg>




On Wed, Aug 28, 2019 at 10:24 AM Maxime Beauchemin <
maximebeauchemin@gmail.com> wrote:

> I couldn't find that person's contact info, so I'm not sure how to go about
> it.
>
> Max
>
> On Wed, Aug 28, 2019 at 9:21 AM Stephanie Rivera <srivera@spotx.tv.invalid
> >
> wrote:
>
> > Good point!
> >
> > Cheers,
> >
> > Stephanie
> >
> >
> > *Stephanie Rivera* |* Vice President, Data Intelligence*
> >
> > 8181 Arista Place | Broomfield, CO 80021
> >
> > <
> >
> http://www.google.com/url?q=http%3A%2F%2Fwww.spotxchange.com%2F&sa=D&sntz=1&usg=AFrqEzdlZjMtAvYRCQByfN6D_6PjZhSbSw
> > >*Everyone
> > you will ever meet knows something you don't.*
> >
> > <
> >
> https://www.google.com/url?q=https%3A%2F%2Fdl.dropbox.com%2Fs%2F5se5ucpqodjsq1h%2Flinkedin.png&sa=D&sntz=1&usg=AFrqEzdTHQrlDWywpW7VZVpwGJJdOBY-Wg
> > >
> >
> >
> >
> >
> > On Wed, Aug 28, 2019 at 10:16 AM Bolke de Bruin <bd...@gmail.com>
> wrote:
> >
> > > You could argue that for a convenience release you could use "superset
> > > based on the source release of Apache superset" which might get
> > rid/reduce
> > > the licensing challenge. It's not an official release channel so why
> > treat
> > > it as such?
> > >
> > > Did you try contacting the author on pypi's superset? It's a bit a
> > > trademark issue I guess. You could ask Apache legal to help eventually
> as
> > > trademark protection is important. Besides malware could be spread this
> > way
> > > as well.
> > >
> > > B.
> > >
> > > Sent from my iPhone
> > >
> > > > On 28 Aug 2019, at 18:04, Maxime Beauchemin <
> > maximebeauchemin@gmail.com>
> > > wrote:
> > > >
> > > > Hi all,
> > > >
> > > > Now that 0.34.0 is out, I'd like to ship convenience releases in the
> > for
> > > of
> > > > a PyPI.org release and a Docker image, ideally served on dockerhub.
> > > >
> > > > Now we have a few blockers/concerns:
> > > >
> > > > * as mentioned before, it looks like someone claimed
> "apache-superset"
> > on
> > > > pypi.org, probably by mistake.
> > > https://pypi.org/user/cidiomar.dias.restoque/,
> > > > there's no process to re-claim it just yet, but folks seem to be
> > working
> > > on
> > > > it here https://github.com/pypa/warehouse/issues/1506. Anyone has
> the
> > > > ability to pull strings at pypi.org ? :)
> > > > * can we just use `superset` in pypi (which we own) or does it have
> to
> > be
> > > > `apache-superset`?
> > > > * for a release to be convenient, we should ship our minified JS
> > bundles,
> > > > but I'm afraid that forces us to craft a 600+ entries LICENSE file
> > > > dynamically. Workaround might be to add a `superset build` command
> that
> > > > would well build this stuff. Requires having npm/node and such,
> working
> > > on
> > > > some user-space dir as we should treat `site-packages` as be
> immutable.
> > > I'm
> > > > not sure if that's reasonable/doable
> > > > * about docker, I'm assuming similar licensing issues for images that
> > > > contain minified bundles (is that the case?), but it's probably ok to
> > > share
> > > > just a Dockerfile itself
> > > > * Maybe we should just automate the process that compiles the LICENSE
> > > file
> > > > with the 600 npm libs? I did a bit of work in that area before
> > > > https://github.com/apache/incubator-superset/pull/5801
> > > >
> > > > Thoughts?
> > > >
> > > > Max
> > >
> >
>

Re: Convenience releases

[Maxime Beauchemin <ma...@gmail.com>]

I couldn't find that person's contact info, so I'm not sure how to go about
it.

Max

On Wed, Aug 28, 2019 at 9:21 AM Stephanie Rivera <sr...@spotx.tv.invalid>
wrote:

> Good point!
>
> Cheers,
>
> Stephanie
>
>
> *Stephanie Rivera* |* Vice President, Data Intelligence*
>
> 8181 Arista Place | Broomfield, CO 80021
>
> <
> http://www.google.com/url?q=http%3A%2F%2Fwww.spotxchange.com%2F&sa=D&sntz=1&usg=AFrqEzdlZjMtAvYRCQByfN6D_6PjZhSbSw
> >*Everyone
> you will ever meet knows something you don't.*
>
> <
> https://www.google.com/url?q=https%3A%2F%2Fdl.dropbox.com%2Fs%2F5se5ucpqodjsq1h%2Flinkedin.png&sa=D&sntz=1&usg=AFrqEzdTHQrlDWywpW7VZVpwGJJdOBY-Wg
> >
>
>
>
>
> On Wed, Aug 28, 2019 at 10:16 AM Bolke de Bruin <bd...@gmail.com> wrote:
>
> > You could argue that for a convenience release you could use "superset
> > based on the source release of Apache superset" which might get
> rid/reduce
> > the licensing challenge. It's not an official release channel so why
> treat
> > it as such?
> >
> > Did you try contacting the author on pypi's superset? It's a bit a
> > trademark issue I guess. You could ask Apache legal to help eventually as
> > trademark protection is important. Besides malware could be spread this
> way
> > as well.
> >
> > B.
> >
> > Sent from my iPhone
> >
> > > On 28 Aug 2019, at 18:04, Maxime Beauchemin <
> maximebeauchemin@gmail.com>
> > wrote:
> > >
> > > Hi all,
> > >
> > > Now that 0.34.0 is out, I'd like to ship convenience releases in the
> for
> > of
> > > a PyPI.org release and a Docker image, ideally served on dockerhub.
> > >
> > > Now we have a few blockers/concerns:
> > >
> > > * as mentioned before, it looks like someone claimed "apache-superset"
> on
> > > pypi.org, probably by mistake.
> > https://pypi.org/user/cidiomar.dias.restoque/,
> > > there's no process to re-claim it just yet, but folks seem to be
> working
> > on
> > > it here https://github.com/pypa/warehouse/issues/1506. Anyone has the
> > > ability to pull strings at pypi.org ? :)
> > > * can we just use `superset` in pypi (which we own) or does it have to
> be
> > > `apache-superset`?
> > > * for a release to be convenient, we should ship our minified JS
> bundles,
> > > but I'm afraid that forces us to craft a 600+ entries LICENSE file
> > > dynamically. Workaround might be to add a `superset build` command that
> > > would well build this stuff. Requires having npm/node and such, working
> > on
> > > some user-space dir as we should treat `site-packages` as be immutable.
> > I'm
> > > not sure if that's reasonable/doable
> > > * about docker, I'm assuming similar licensing issues for images that
> > > contain minified bundles (is that the case?), but it's probably ok to
> > share
> > > just a Dockerfile itself
> > > * Maybe we should just automate the process that compiles the LICENSE
> > file
> > > with the 600 npm libs? I did a bit of work in that area before
> > > https://github.com/apache/incubator-superset/pull/5801
> > >
> > > Thoughts?
> > >
> > > Max
> >
>

Re: Convenience releases

[Stephanie Rivera <sr...@spotx.tv.INVALID>]

Good point!

Cheers,

Stephanie


*Stephanie Rivera* |* Vice President, Data Intelligence*

8181 Arista Place | Broomfield, CO 80021

<http://www.google.com/url?q=http%3A%2F%2Fwww.spotxchange.com%2F&sa=D&sntz=1&usg=AFrqEzdlZjMtAvYRCQByfN6D_6PjZhSbSw>*Everyone
you will ever meet knows something you don't.*

<https://www.google.com/url?q=https%3A%2F%2Fdl.dropbox.com%2Fs%2F5se5ucpqodjsq1h%2Flinkedin.png&sa=D&sntz=1&usg=AFrqEzdTHQrlDWywpW7VZVpwGJJdOBY-Wg>




On Wed, Aug 28, 2019 at 10:16 AM Bolke de Bruin <bd...@gmail.com> wrote:

> You could argue that for a convenience release you could use "superset
> based on the source release of Apache superset" which might get rid/reduce
> the licensing challenge. It's not an official release channel so why treat
> it as such?
>
> Did you try contacting the author on pypi's superset? It's a bit a
> trademark issue I guess. You could ask Apache legal to help eventually as
> trademark protection is important. Besides malware could be spread this way
> as well.
>
> B.
>
> Sent from my iPhone
>
> > On 28 Aug 2019, at 18:04, Maxime Beauchemin <ma...@gmail.com>
> wrote:
> >
> > Hi all,
> >
> > Now that 0.34.0 is out, I'd like to ship convenience releases in the for
> of
> > a PyPI.org release and a Docker image, ideally served on dockerhub.
> >
> > Now we have a few blockers/concerns:
> >
> > * as mentioned before, it looks like someone claimed "apache-superset" on
> > pypi.org, probably by mistake.
> https://pypi.org/user/cidiomar.dias.restoque/,
> > there's no process to re-claim it just yet, but folks seem to be working
> on
> > it here https://github.com/pypa/warehouse/issues/1506. Anyone has the
> > ability to pull strings at pypi.org ? :)
> > * can we just use `superset` in pypi (which we own) or does it have to be
> > `apache-superset`?
> > * for a release to be convenient, we should ship our minified JS bundles,
> > but I'm afraid that forces us to craft a 600+ entries LICENSE file
> > dynamically. Workaround might be to add a `superset build` command that
> > would well build this stuff. Requires having npm/node and such, working
> on
> > some user-space dir as we should treat `site-packages` as be immutable.
> I'm
> > not sure if that's reasonable/doable
> > * about docker, I'm assuming similar licensing issues for images that
> > contain minified bundles (is that the case?), but it's probably ok to
> share
> > just a Dockerfile itself
> > * Maybe we should just automate the process that compiles the LICENSE
> file
> > with the 600 npm libs? I did a bit of work in that area before
> > https://github.com/apache/incubator-superset/pull/5801
> >
> > Thoughts?
> >
> > Max
>

Re: Convenience releases

[Bolke de Bruin <bd...@gmail.com>]

You could argue that for a convenience release you could use "superset based on the source release of Apache superset" which might get rid/reduce the licensing challenge. It's not an official release channel so why treat it as such?

Did you try contacting the author on pypi's superset? It's a bit a trademark issue I guess. You could ask Apache legal to help eventually as trademark protection is important. Besides malware could be spread this way as well.

B.

Sent from my iPhone

> On 28 Aug 2019, at 18:04, Maxime Beauchemin <ma...@gmail.com> wrote:
> 
> Hi all,
> 
> Now that 0.34.0 is out, I'd like to ship convenience releases in the for of
> a PyPI.org release and a Docker image, ideally served on dockerhub.
> 
> Now we have a few blockers/concerns:
> 
> * as mentioned before, it looks like someone claimed "apache-superset" on
> pypi.org, probably by mistake. https://pypi.org/user/cidiomar.dias.restoque/,
> there's no process to re-claim it just yet, but folks seem to be working on
> it here https://github.com/pypa/warehouse/issues/1506. Anyone has the
> ability to pull strings at pypi.org ? :)
> * can we just use `superset` in pypi (which we own) or does it have to be
> `apache-superset`?
> * for a release to be convenient, we should ship our minified JS bundles,
> but I'm afraid that forces us to craft a 600+ entries LICENSE file
> dynamically. Workaround might be to add a `superset build` command that
> would well build this stuff. Requires having npm/node and such, working on
> some user-space dir as we should treat `site-packages` as be immutable. I'm
> not sure if that's reasonable/doable
> * about docker, I'm assuming similar licensing issues for images that
> contain minified bundles (is that the case?), but it's probably ok to share
> just a Dockerfile itself
> * Maybe we should just automate the process that compiles the LICENSE file
> with the 600 npm libs? I did a bit of work in that area before
> https://github.com/apache/incubator-superset/pull/5801
> 
> Thoughts?
> 
> Max

Re: Convenience releases

[Beto Dealmeida <ro...@dealmeida.net>]

On 8/28/19 9:04 AM, Maxime Beauchemin wrote:

> * as mentioned before, it looks like someone claimed "apache-superset" on
> pypi.org, probably by mistake.https://pypi.org/user/cidiomar.dias.restoque/,
> there's no process to re-claim it just yet, but folks seem to be working on
> it herehttps://github.com/pypa/warehouse/issues/1506. Anyone has the
> ability to pull strings at pypi.org ?

There's a process for claiming a package name from PyPI, I recently was 
able to get ownership of the "rison" project. This is the PR I made to 
claim it:

https://github.com/pypa/warehouse/issues/4140

It took more than a year (!), but maybe we can be more vocal about it. :)


--Beto