Wednesday, September 25, 2019

PyPI Security Q4 2019 Request for Proposals period opens.

The Python Software Foundation Packaging Working Group has received a grant from Facebook Research to implement advanced security features for PyPI. These features include cryptographic signing of uploaded artifacts and the infrastructure necessary to implement automated detection of malicious files uploaded to the index.
The Python Package Index (PyPI) is a foundational component of the Python ecosystem and broader computer software and technology landscape. This project aims to improve the security and accessibility of PyPI for all users worldwide, whether they are direct users, like project maintainers and pip installers, or indirect users. The impact of this work will be highly visible and improve crucial features of the service.
We plan to begin the project in Quarter 4 of 2019. Because of the size of the project, funding has been allocated to secure one or more contractors to complete the development, testing, verification, and assist in the rollout of necessary features.

Timeline

DateMilestone
September 25Request for Proposal period opened.
October 21Request for Proposal period closes.
October 29Date proposals will have received a decision.
December 2Contract work commences.

What is the Request for Proposals period?

A Request for Proposal (RFP) is a process intended to allow us (The Python Software Foundation) to collect proposals from potential contractors and select contractor(s) best suited to fulfill the specified work.
After the RFP period closes we will evaluate the received proposals based on the evaluation criteria, seek clarification from proposers as necessary, and select one or more contractors to complete the work specified in the scope.
The Request for Proposals period opens today, September 25th, 2019, and is scheduled to close October 21, 2019 AoE.

How do I submit a proposal?

First, please read the full contents of the Request for Proposals here!
You'll find the instructions for submissionevaluation criteria, as well as scope of the project there.
Posted by at
Labels: ,

Tuesday, September 24, 2019

The Python Software Foundation has updated its Code of Conduct

The Python community values members who are accepting, helpful, and respectful: for many years, the Python Software Foundation (PSF) has had an organization-wide Code of Conduct that defines these values, and behaviors that we want to have in our community. The Foundation has also insisted for years that every event that we sponsor have a Code of Conduct in place.

But spaces where our community meets – online, or in person – need a Code of Conduct that does more than just emphasize our values. The PSF’s flagship conference, PyCon US, has had its own Code of Conduct – separate from the PSF Code of Conduct – for many years. The PyCon US Code of Conduct not only highlights our community’s values, but it also identified behaviors that are not acceptable at the conference, explained how to report violations, and included enforcement procedures.

The PSF Board approved a new organization-wide Code of Conduct and enforcement guidelines at the August 2019 board meeting, and reporting guidelines at the September 2019 board meeting, taking effect immediately.

Our new Code of Conduct brings together the statement of values defined in the former PSF Code of Conduct, and enforcement guidelines – proven through our experience at PyCon US – that the PSF can now apply to every space that we oversee.

It saves the PSF from having to enforce two Codes of Conduct: one for PyCon US, and another for our other spaces. In crafting the Code of Conduct, we undertook an intentional effort to account for the unique needs of an international community that spans all seven continents on Earth.

Community members will now know that if they’re participating in an online space, a project, or an event facilitated by the PSF they will be subject to the same Code of Conduct, and will be able to report incidents in the same way.

The process of defining the new Code of Conduct was led by the PSF’s Conduct Working Group, which the PSF established in 2018. The PSF worked with Sage Sharp of Otter Tech to produce the draft of the new Code of Conduct. Sage has previously worked on the Codes of Conduct for Open Source communities including the Data Carpentries, Elastic Search, and GNOME, and previously worked with the PSF on modernizing PyCon US’ Code of Conduct and incident response procedures. 

In the future, the Conduct Working Group will help the Board oversee the reporting and enforcement of Code of Conduct reports, following the enforcement guidelines that accompany the new Code of Conduct.

The Board thanks the Conduct Working Group, and Sage Sharp for their invaluable service in getting our new Code of Conduct in place.

Posted by at
Subscribe to: Posts (Atom)