Pip-tools: [Important] Blocked, unable to make new releases.

Heads up: Still waiting for the roadies to investigate and/or address the security issue and reactivate the PyPi uploads. I try to monitor this daily, so you'll be notified as soon as I get the green light.

Also, no promises, but I'll try to get some simple PRs merged and add them to the 1.10.0 release, as this release issue is taking longer than I expected.

Thanks for your patience!

@vphilippon any updates on this front?

@dfee None, unfortunately. I'm still waiting for a reply from the roadies about the PyPi authentication.

@nvie By any chance, do you still have access to PyPi to make a pip-tools release, or were your rights revoked when moving to jazzband?

Strange as it sounds, is it possible to back this repo out of the jazzband organization, as it's been going on three months now where you've been unable to push code?

Small update here: It seems the original security issue is still in cause (according to a recent reply from @jezdez to another similar issue).

@dfee I feel like it's not a small decision to take (which I can't take either), and we might have other solutions to look at right now.
Also, small clarification just in case: we're still able to merge PRs and push code. We just can't publish the package to PyPi.

@jezdez As a roadie, in the current situation, is it possible for you to manually perform an upload to PyPi for us?
I don't intend to ask for a release each week, but at least we could release the work from the past few months.

Good news: While the release-on-tag feature is still disabled, @jezdez indicated he'll be able to do a one-off release of pip-tools.

I've marked PR #567 and PR #557 for the 1.10.0 release, as they'll fix some common issues. I suggest we get those in, and then go ahead for the 1.10.0 release.

Hi all, the last PRs for 1.10.0 are merged, I've given the go for the release, so we'll freeze the code until the release.

🎉 pip-tools 1.10.0 was officially released! 🎉

@jezdez We missed a pretty awful bug, essentially breaking pip-sync on Python 3. If you find some time for releasing 1.10.1, that would be great.
Sorry about that.

@jezdez We got another important bugfix in that would require a 1.10.2 release, if you have the time.
If we ever meet at PyCon or somewhere, I owe you a coffee.

Great news: We should be able to get back on making pip-tools releases. I'll let you all read up here:
https://github.com/jazzband/roadies/issues/64#issuecomment-345477476

So @davidovich and myself are currently assuming the new Lead role on pip-tools. This essentially means that we are responsible for approving any release before it reaches the main PyPi.

I intend to release 1.10.2 soon. I'll report back to confirm that we're unblocked once I'll see the release on PyPi.

1.10.2 is out, everything is rolling!
🍰