-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Read data from the packages? #7
Comments
It somehow seems like a bad idea to have this centralized. How about someone evil sending a payment request to all people mentioned in this single |
So, let's be clear: Today, this needs to be centralized. It's going to be centralized until there's another way. Anyone who wants their info removed, I will respect - so far all of these have been volunteered or are on the public web. This thread is for discussion about how to get to decentralization. |
I understand, I just came to raise an issue and it already fit in this thread. I would vote for an extended CONTRIBUTORS file including payments info. |
If you are keeping a central database, you have to ensure that the PRs adding to that DB are not potentially malicious (i.e. somebody trying to funnel donations of a larger project to their own accounts). I don't think this moderation effort scales even in the mid term. Both the scaling and the security problems go away if you tell packagers to add metadata to their own packages. They have plenty of incentive to do so. |
@untitaker I agree, and I am in the process of filing issues with the relevant repos to make this easier for all. If you have suggestions of the right place to store it, I'm all ears. |
I think an extended CONTRIBUTORS file including payment info would work
…On Feb 12, 2018 21:57, "Philip James" ***@***.***> wrote:
@untitaker <https://github.com/untitaker> I agree, and I am in the
process of filing issues with the relevant repos to make this easier for
all.
If you have suggestions of the right place to store it, I'm all ears.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#7 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ACnnc8FyxqFpQQ2UAHJWgqrZCIUJ3TMeks5tUKW4gaJpZM4SBgTg>
.
|
Update on where I'm thinking of heading. The spec for metadata behind |
@kootenpv there is no standardized format for CONTRIBUTORS. I also wasn't under the impression that @phildini Apart from a field people have to add, what about scraping the README/long_description for patreon/flattr/paypal/...-links or simply links with "donation"/"donate" in them? |
I'd rather not assume from data parsing if I can avoid it. Scraping a text file is not my ideal here, because if I guess wrong it's a crappy experience. As for supporting all contributors vs. supporting the project: Ideally I'd like to allow for both. The link in |
Starting point:
|
A suggestion from @EricaJoy was to figure out some way of reading this info from the packages themselves, rather than a central database.
(Relates to feross/thanks#2)
Today, few-to-no package authors are capturing this metadata in their packages. Two approaches that come to mind:
setup.py
Edit: I have filed pypa/setuptools#1276 to try and get the ball rolling on this.
The text was updated successfully, but these errors were encountered: