PyPI introduced PyPI Organizations last year: https://blog.pypi.org/posts/2023-04-23-introducing-pypi-organizations/
It would be nice if the SPDX Project has a PyPI Organization presence and "spdx-tools", "ntia-conformance-checker", and other official Python packages from SPDX are published under this PyPI Organization. This will aid the discovery of relevant official tools and libraries from SPDX Project itself, and will also help with security as the users will know that the tool/library is published from an organization that they trust. A package published under a PyPI Organization will have the organization name displayed as an owner (organization account). -- I put an example screenshot here: https://github.com/spdx/tools-python/issues/837 Example of PyPI Organizations: * https://pypi.org/org/pyca/ * https://pypi.org/org/pallets/ * https://pypi.org/org/certifi/ -- SPDX Python package maintainers can request an PyPI Organization name at https://pypi.org/manage/organizations/ More info about the PyPI Organization: https://docs.pypi.org/organization-accounts/ cheers, Art -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5797): https://lists.spdx.org/g/Spdx-tech/message/5797 Mute This Topic: https://lists.spdx.org/mt/109821029/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
