Create a Node.js org account on pypi registry

[legendecas]

At the moment, @ryzokuken is the maintainer of the gyp-next package on pypi: https://pypi.org/project/gyp-next/.

I discussed with @ryzokuken to setup a Node.js org account and host gyp-next under that org account so that we can better maintain the ownership of the package.

I would like to request to setup a Node.js organization for this purpose.

Ref: nodejs/gyp-next#234 (comment)

[benjamingr]

SGTM

[MoLow]

+1. there is also this package that can benefit from such an account: nodejs/tap2junit#56

[targos]

Should this be owned by the build WG or the TSC?

[legendecas]

Is https://www.npmjs.com/~nodejs-foundation owned by the build WG or the TSC?

[targos]

Build WG

[legendecas]

I believe the pypi account can follow the npm account ownership.

[targos]

@nodejs/build wdyt?

[richardlau]

I think the question is, who needs access to it?

The original reasons that the Build WG owns the npm account was as an emergency access in the event that people become inactive/leave the project (so we could manage who could publish modules). Initially we did not actively use the account (i.e. individuals published the modules under their own accounts). Over time that changed and I think we now publish modules under that account via GitHub Actions. Possibly another reason might be the TSC at the time didn't have a solution for storing secrets (there's a 1Password account now, I believe), i.e. the account's log in details (I may be misremembering this one).

[mhdawson]

+1 from me. I think using 1password might make the most sense unless this is somehow related to build/infra

[targos]

+1 on 1password + moving the npm credentials there too

[legendecas]

I have submitted request to create a orgnanization named nodejs on pypi.org. Still waiting for response.

[abmusse]

+1 on using 1 password to manage credentials

[legendecas]

Account created and saved in 1password.

[targos]

I rotated the npm credentials and saved them in 1Password too.

[richardlau]

I rotated the npm credentials and saved them in 1Password too.

@targos could you update build/test/test_logins.md in the secrets repo, which previously recorded the account name, password and 2fa recovery codes? I don't mind if we move that to 1Password, but we currently document

admin/npm-management.md

Lines 37 to 38 in a2d01cf

	The credentials required for the `nodejs-foundation` user are maintained in
	encrypted form in the [secrets repo][].

[targos]

Ok but can I move them to infra level? IMO this doesn't belong to test

[richardlau]

Ok but can I move them to infra level? IMO this doesn't belong to test

SGTM

[mhdawson]

+1 to moving to infra or storing all the info in 1 password. We need the recovery info.

[targos]

Secrets repo updated.