The Python Software Foundation Security Developer-in-Residence, Seth Larson, published a new white paper with Alpha-Omega titled "Slippery ZIPs and Sticky tar-pits: Security & Archives" about work to remediate 10 vulnerabilities affecting common archive format implementations such as ZIP and tar for critical Python projects.
This is why most organizations take a blind eye when popular people in their community behave badly; if they even so much as give them a three-month ban from the forum, people will keep bringing it up years later.
> If we accepted and spent the money despite this term, there was a very real risk that the money could be clawed back later. That represents an existential risk for the foundation since we would have already spent the money!
> I was one of the board members who voted to reject this funding - a unanimous but tough decision. I’m proud to serve on a board that can make difficult decisions like this.
Kudos to Simon and the rest of the board. Accepting that money would be more than a strategic mistake, it'd be an existential danger to the PSF itself.
I mean, it's also just the plain common sense move: accepting that money would just be putting a noose around their neck and handing the other end to the Trump administration. (And there is a 100.0% chance they'll just claw it back eventually anyway.)
It's a shame that months of NSF grant-writing work was completely wasted though.
I am going add more on top of that: we should automatically assume bad faith of anyone still willing, in 2025, to give the Trump administration the benefit of the doubt.
Are you comfortable telling us why you were fired while Alex Reid was not? What were the circumstances? (The post on the PlayHaven blog mentions this, but does not go into any detail.)
Because it's cheaper for Zapier.