PEP 541 Request: lightgbm (testpypi only) #3069
Description
Project to be claimed
PROJECT_NAME: https://test.pypi.org/project/lightgbm
Your PyPI username
USER_NAME: https://test.pypi.org/user/jameslamb/
Reasons for the request
I am one of the maintainers of LightGBM and managed its most recent release (microsoft/LightGBM#5952).
I (https://pypi.org/user/jameslamb/) am also one of the owners of the corresponding lightgbm project on non-test PyPI (https://pypi.org/project/lightgbm/). Along with @StrikerRUS (https://pypi.org/user/StrikerRUS/) and @guolinke (https://pypi.org/user/guolinke/).
I want ownership of lightgbm on test PyPI to test packaging changes in releases.
Maintenance or replacement?
Replacement
Source code repositories URLs
current project
Based on my correspondence with the current owner (https://test.pypi.org/user/Jacob_Steinebronn/), it seems to have been published from private sources in a fork maintained by this company, Voloridge Investment Management: https://www.voloridge.com/.
in its place
The actual official LightGBM repository: https://github.com/microsoft/LightGBM.
Contact and additional research
Using the criteria from PEP 541 (link)
the project has been determined abandoned by the rules described above;
The most recent update to https://test.pypi.org/project/lightgbm/ was June 1, 2020.
The owner and email address listed on the package point to @guolinke, one of the actual creators of LightGBM... but only because the person who uploaded that fork did not modify it before uploading. @guolinke did not upload that release, and his PyPI user does not have access to it.
the candidate is able to demonstrate their own failed attempts to contact the existing owner
I found a GitHub account tied to https://test.pypi.org/user/Jacob_Steinebronn/ (the owner of lightgbm on test PyPI) and emailed the email address I found there. That person replied and said that they created this project a few years ago when working at https://www.voloridge.com/. Despite being tied to their personal test PyPI user, that person said they wouldn't release the package name unless I got written approval from that company, Voloridge Investment Management.
I found a current employee of that company on LinkedIn who I am in a private Slack space with. Attempted to contact him 15 days ago via that Slack and have not received a response.
I can share screenshots and specific contact information for these people privately with the PyPI maintainers if you'd like to see more evidence... I don't want to put that on the internet without those individuals' permission.
the candidate is able to demonstrate improvements made on the candidate’s own fork of the project;
I did not "fork" this project. Instead, someone forked my project (https://github.com/microsoft/LightGBM) 3+ years ago and sat on the name on test PyPI.
the candidate is able to demonstrate why a fork under a different name is not an acceptable workaround;
I would have to alter lightgbm's packaging metadata during every release to publish to some other name, and then use that other name when installing.
This isn't a huge amount of effort, but it's very annoying (especially since lightgbm's wheels are prepared by CI/CD process that only runs on commits to its main branch), and I'd prefer not to do it. I think this project https://test.pypi.org/project/lightgbm/ is very clearly an abandoned private fork of the real lightgbm, and that lightgbm's true maintainers should own it.
Thanks for your time and consideration.
Code of Conduct
- I agree to follow the PSF Code of Conduct