HackerTrans
TopNewTrendsCommentsPastAskShowJobs

miketheman

no profile record

Submissions

PyPI has completed its second audit

blog.pypi.org
6 points·by miketheman·3 miesiące temu·0 comments

Anthropic Invests $1.5M in the Python Software Foundation and OSS Security

pyfound.blogspot.com
7 points·by miketheman·6 miesięcy temu·1 comments

PyPI in 2025: A Year in Review

blog.pypi.org
79 points·by miketheman·6 miesięcy temu·42 comments

PyPI and Shai-Hulud: Staying Secure Amid Emerging Threats

blog.pypi.org
3 points·by miketheman·8 miesięcy temu·0 comments

PyPI: Trusted Publishing Growth, Now for GitLab Self-Managed and Organizations

blog.pypi.org
2 points·by miketheman·8 miesięcy temu·0 comments

White Paper: Slippery Zips and Sticky Tar-Pits: Security and Archives

alpha-omega.dev
2 points·by miketheman·8 miesięcy temu·1 comments

Open Infrastructure Is Not Free: PyPI, the PSF, and Sustainability

pyfound.blogspot.com
8 points·by miketheman·9 miesięcy temu·0 comments

Datadog supports PyPI and the Python community through observability

opensource.datadoghq.com
1 points·by miketheman·9 miesięcy temu·0 comments

PyPI Blog: Token Exfiltration Campaign via GitHub Actions Workflows

blog.pypi.org
76 points·by miketheman·10 miesięcy temu·20 comments

comments

miketheman
·6 miesięcy temu·discuss
The infrastructure sponsors can be found in the PyPI footer, and here: https://pypi.org/sponsors/#:~:text=Infrastructure%20sponsors
miketheman
·6 miesięcy temu·discuss
Whoops, sorry about that. Should be fixed now. Happy New Year!
miketheman
·6 miesięcy temu·discuss
PyPI responses are cached at 99% or higher, with less infrastructure to run.

Search is an unbounded context and does not lend itself to caching very well, as every search can contain anything
miketheman
·8 miesięcy temu·discuss
[flagged]
miketheman
·8 miesięcy temu·discuss
Alpha Omega is proud to share the newly published white paper from Seth Larson of the Python Software Foundation, titled “Slippery Zips and Sticky Tar Pits: Security and Archives.” Seth serves as Python’s Security Developer in Residence, a role sponsored by Alpha Omega, focused on improving the safety and trustworthiness of open source software that powers systems and applications everywhere.
miketheman
·10 miesięcy temu·discuss
Incident report of a recent attack campaign targeting GitHub Actions workflows to exfiltrate PyPI tokens, our response, and steps to protect your projects.