https://pypi.org/security/ ??
Cheers, Stephanie *Stephanie Rivera* |* Vice President, Data Intelligence* 8181 Arista Place | Broomfield, CO 80021 <http://www.google.com/url?q=http%3A%2F%2Fwww.spotxchange.com%2F&sa=D&sntz=1&usg=AFrqEzdlZjMtAvYRCQByfN6D_6PjZhSbSw>*Everyone you will ever meet knows something you don't.* <https://www.google.com/url?q=https%3A%2F%2Fdl.dropbox.com%2Fs%2F5se5ucpqodjsq1h%2Flinkedin.png&sa=D&sntz=1&usg=AFrqEzdTHQrlDWywpW7VZVpwGJJdOBY-Wg> On Wed, Aug 28, 2019 at 10:24 AM Maxime Beauchemin < [email protected]> wrote: > I couldn't find that person's contact info, so I'm not sure how to go about > it. > > Max > > On Wed, Aug 28, 2019 at 9:21 AM Stephanie Rivera <[email protected] > > > wrote: > > > Good point! > > > > Cheers, > > > > Stephanie > > > > > > *Stephanie Rivera* |* Vice President, Data Intelligence* > > > > 8181 Arista Place | Broomfield, CO 80021 > > > > < > > > http://www.google.com/url?q=http%3A%2F%2Fwww.spotxchange.com%2F&sa=D&sntz=1&usg=AFrqEzdlZjMtAvYRCQByfN6D_6PjZhSbSw > > >*Everyone > > you will ever meet knows something you don't.* > > > > < > > > https://www.google.com/url?q=https%3A%2F%2Fdl.dropbox.com%2Fs%2F5se5ucpqodjsq1h%2Flinkedin.png&sa=D&sntz=1&usg=AFrqEzdTHQrlDWywpW7VZVpwGJJdOBY-Wg > > > > > > > > > > > > > On Wed, Aug 28, 2019 at 10:16 AM Bolke de Bruin <[email protected]> > wrote: > > > > > You could argue that for a convenience release you could use "superset > > > based on the source release of Apache superset" which might get > > rid/reduce > > > the licensing challenge. It's not an official release channel so why > > treat > > > it as such? > > > > > > Did you try contacting the author on pypi's superset? It's a bit a > > > trademark issue I guess. You could ask Apache legal to help eventually > as > > > trademark protection is important. Besides malware could be spread this > > way > > > as well. > > > > > > B. > > > > > > Sent from my iPhone > > > > > > > On 28 Aug 2019, at 18:04, Maxime Beauchemin < > > [email protected]> > > > wrote: > > > > > > > > Hi all, > > > > > > > > Now that 0.34.0 is out, I'd like to ship convenience releases in the > > for > > > of > > > > a PyPI.org release and a Docker image, ideally served on dockerhub. > > > > > > > > Now we have a few blockers/concerns: > > > > > > > > * as mentioned before, it looks like someone claimed > "apache-superset" > > on > > > > pypi.org, probably by mistake. > > > https://pypi.org/user/cidiomar.dias.restoque/, > > > > there's no process to re-claim it just yet, but folks seem to be > > working > > > on > > > > it here https://github.com/pypa/warehouse/issues/1506. Anyone has > the > > > > ability to pull strings at pypi.org ? :) > > > > * can we just use `superset` in pypi (which we own) or does it have > to > > be > > > > `apache-superset`? > > > > * for a release to be convenient, we should ship our minified JS > > bundles, > > > > but I'm afraid that forces us to craft a 600+ entries LICENSE file > > > > dynamically. Workaround might be to add a `superset build` command > that > > > > would well build this stuff. Requires having npm/node and such, > working > > > on > > > > some user-space dir as we should treat `site-packages` as be > immutable. > > > I'm > > > > not sure if that's reasonable/doable > > > > * about docker, I'm assuming similar licensing issues for images that > > > > contain minified bundles (is that the case?), but it's probably ok to > > > share > > > > just a Dockerfile itself > > > > * Maybe we should just automate the process that compiles the LICENSE > > > file > > > > with the 600 npm libs? I did a bit of work in that area before > > > > https://github.com/apache/incubator-superset/pull/5801 > > > > > > > > Thoughts? > > > > > > > > Max > > > > > >
