HackerTrans
TopNewTrendsCommentsPastAskShowJobs

miketheman

no profile record

Submissions

PyPI has completed its second audit

blog.pypi.org
6 points·by miketheman·3 mesi fa·0 comments

Anthropic Invests $1.5M in the Python Software Foundation and OSS Security

pyfound.blogspot.com
7 points·by miketheman·6 mesi fa·1 comments

PyPI in 2025: A Year in Review

blog.pypi.org
79 points·by miketheman·6 mesi fa·42 comments

PyPI and Shai-Hulud: Staying Secure Amid Emerging Threats

blog.pypi.org
3 points·by miketheman·8 mesi fa·0 comments

PyPI: Trusted Publishing Growth, Now for GitLab Self-Managed and Organizations

blog.pypi.org
2 points·by miketheman·8 mesi fa·0 comments

White Paper: Slippery Zips and Sticky Tar-Pits: Security and Archives

alpha-omega.dev
2 points·by miketheman·8 mesi fa·1 comments

Open Infrastructure Is Not Free: PyPI, the PSF, and Sustainability

pyfound.blogspot.com
8 points·by miketheman·8 mesi fa·0 comments

Datadog supports PyPI and the Python community through observability

opensource.datadoghq.com
1 points·by miketheman·9 mesi fa·0 comments

PyPI Blog: Token Exfiltration Campaign via GitHub Actions Workflows

blog.pypi.org
76 points·by miketheman·10 mesi fa·20 comments

comments

miketheman
·6 mesi fa·discuss
The infrastructure sponsors can be found in the PyPI footer, and here: https://pypi.org/sponsors/#:~:text=Infrastructure%20sponsors
miketheman
·6 mesi fa·discuss
Whoops, sorry about that. Should be fixed now. Happy New Year!
miketheman
·6 mesi fa·discuss
PyPI responses are cached at 99% or higher, with less infrastructure to run.

Search is an unbounded context and does not lend itself to caching very well, as every search can contain anything
miketheman
·8 mesi fa·discuss
[flagged]
miketheman
·8 mesi fa·discuss
Alpha Omega is proud to share the newly published white paper from Seth Larson of the Python Software Foundation, titled “Slippery Zips and Sticky Tar Pits: Security and Archives.” Seth serves as Python’s Security Developer in Residence, a role sponsored by Alpha Omega, focused on improving the safety and trustworthiness of open source software that powers systems and applications everywhere.
miketheman
·10 mesi fa·discuss
Incident report of a recent attack campaign targeting GitHub Actions workflows to exfiltrate PyPI tokens, our response, and steps to protect your projects.