Create a Node.js org account on pypi registry

[legendecas]

At the moment, @ryzokuken is the maintainer of the gyp-next package on pypi: https://pypi.org/project/gyp-next/.

I discussed with @ryzokuken to setup a Node.js org account and host gyp-next under that org account so that we can better maintain the ownership of the package.

I would like to request to setup a Node.js organization for this purpose.

Ref: nodejs/gyp-next#234 (comment)

[benjamingr]

SGTM

[MoLow]

+1. there is also this package that can benefit from such an account: nodejs/tap2junit#56

[targos]

Should this be owned by the build WG or the TSC?

[legendecas]

Is https://www.npmjs.com/~nodejs-foundation owned by the build WG or the TSC?

[targos]

Build WG

[legendecas]

I believe the pypi account can follow the npm account ownership.

[targos]

@nodejs/build wdyt?

[richardlau]

I think the question is, who needs access to it?

The original reasons that the Build WG owns the npm account was as an emergency access in the event that people become inactive/leave the project (so we could manage who could publish modules). Initially we did not actively use the account (i.e. individuals published the modules under their own accounts). Over time that changed and I think we now publish modules under that account via GitHub Actions. Possibly another reason might be the TSC at the time didn't have a solution for storing secrets (there's a 1Password account now, I believe), i.e. the account's log in details (I may be misremembering this one).

[mhdawson]

+1 from me. I think using 1password might make the most sense unless this is somehow related to build/infra

[targos]

+1 on 1password + moving the npm credentials there too

[legendecas]

I have submitted request to create a orgnanization named nodejs on pypi.org. Still waiting for response.

[abmusse]

+1 on using 1 password to manage credentials