From f6396062c3687cb33102a00b52607e9334ecdc85 Mon Sep 17 00:00:00 2001 From: Leighton Chen Date: Mon, 29 Jul 2024 13:37:48 -0700 Subject: [PATCH] Include dummy version upload as part of contributing process to mitigate namespace issues (#4087) --- CONTRIBUTING.md | 4 ++++ RELEASING.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 048a9daa6c8..1a7e58cf1f9 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -284,3 +284,7 @@ When adding support for a new Python release remember to: - Update github workflows accordingly; lint and benchmarks use the latest supported version - Update `.pre-commit-config.yaml` - Update tox examples in the documentation + +## Contributions that involve new packages + +As part of an effort to mitigate namespace squatting on Pypi, please ensure to check whether a package name has been taken already on Pypi before contributing a new package. Contact a maintainer, bring the issue up in the weekly Python SIG or create a ticket in Pypi if a desired name has already been taken. diff --git a/RELEASING.md b/RELEASING.md index e3246216340..09e23ba3577 100644 --- a/RELEASING.md +++ b/RELEASING.md @@ -88,6 +88,10 @@ https://readthedocs.org/projects/opentelemetry-python/builds/. If the build has not run automatically, it can be manually trigger via the readthedocs interface. +## Releasing dev version of new packages to claim namespace + +When a contribution introduces a new package, in order to mitigate name-squatting incidents, release the current development version of the new package under the `opentelemetry` user to simply claim the namespace. This should be done shortly after the PR that introduced this package has been merged into `main`. + ## Troubleshooting ### Publish failed