Add a minimal proxy package to route grpc to grpcio

[lidizheng]

Adding a package that takes the same version of grpcio as dependency. It works as a proxy to install our official gRPC Python package. So, for people who typed grpc accidentally, now they should get grpcio installed properly.

Let's see if our infra are happy first...

[mehrdada]

Why not do the opposite (make grpc official and grpcio depend on it). This can be achieved by putting up one last version of grpcio that depends on the latest grpc and publish future packages under grpc. Should not break anyone using the old versions. Anyone explicitly depending on an old version still uses the appropriate prefix and anyone deliberately depending on a new version uses the grpc prefix, and if they don't care about the version they'll get the proper one anyway. The weird package name of grpcio eventually fades away in history.

[I'm assuming somehow you took over grpc]

[lidizheng]

@mehrdada Personally, I would like to keep grpcio official, so:

1. We won't surprise our users about this change, no need to think about grpc or grpcio;
2. Not breaking anyone, Hyrum's Law.

WDYT @gnossen

[gnossen]

I agree with @mehrdada on this one. It would be great if no one had to use the word "grpcio" ever again. But @lidizheng has a point about Hyrum's law. It's possible that someone is explicitly depending on our current package name. I propose that we make grpcio the proxy and continue releasing in lockstep for a year. We'll emit a DeprecationWarning for users who continue using grpcio. We'll monitor the download numbers to make sure that usage of the old package has tapered off. Then, if the numbers look good, we'll upload a final version of grpcio that has an even more dire warning. Something along the lines of "If you're seeing this, you're not getting security updates."

I'll outline this in a gRFC so we can get community feedback on it.

[mehrdada]

@lidizheng @gnossen I mean, a sure way to not disrupt the user is to never improve anything ever, so I don't really buy that argument :) I believe grpc is a much better and more trustworthy package name than grpcio. For now, how about getting all grpc-* packages corresponding to grpcio-* (although I wish there was just one grpc-protobuf package that would depend oninclude on grpc, protobuf and status, reflection, with the notable exception of tools but whatever).

I think @gnossen's solution is excellent! If user is currently pinning to grpcio==xxx: won't be disrupted, unless they want to upgrade to grpcio==yyy, which must happen on a manual action anyway, at which point they see the deprecation warning. Users who don't pin will be just fine.

[stale]

This issue/PR has been automatically marked as stale because it has not had any update (including commits, comments, labels, milestones, etc) for 30 days. It will be closed automatically if no further update occurs in 7 day. Thank you for your contributions!

[lidizheng]

Yield to #23094