tag:blogger.com,1999:blog-85202024-03-15T16:30:14.383-04:00Python Software Foundation News News from the Python Software FoundationEe Durbinhttp://www.blogger.com/profile/13577459520968677064noreply@blogger.comBlogger626125tag:blogger.com,1999:blog-8520.post-83890100017908937272024-02-29T11:37:00.001-05:002024-02-29T11:37:45.380-05:00 White House recommends use of memory-safe languages like Python<p>Earlier this week the White House <a href="https://www.whitehouse.gov/oncd/briefing-room/2024/02/26/press-release-technical-report/">published a report</a> recommending the use of memory-safe programming languages to eliminate an entire class of vulnerabilities affecting software. The report quotes claims from large software producers like Google and Microsoft which estimate that <b>70% of vulnerabilities affecting software are due to memory-safety issues.</b><br /><br />Back in December of 2023, the Cybersecurity and Infrastructure Security Agency (CISA) <a href="https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3608324/us-and-international-partners-issue-recommendations-to-secure-software-products/">published a report</a> that included a list of memory-safe programming languages, <b>among them was the Python programming language</b>.</p><p>The Python Software Foundation’s <a href="https://www.regulations.gov/comment/ONCD-2023-0002-0107">response to the US Government's Request for Information</a> noted Python's memory-safety and ability to wrap code written in C, C++, and Rust among other systems languages. Part of Python’s popularity stems from the large number of community-maintained packages using this feature for performance, wrapping existing libraries, and low-level API access.</p><p><a href="https://github.com/pyca/cryptography">Cryptography</a> is one of the most depended on Python libraries for cryptographic primitives, installed nearly 10 million times per day. <a href="https://mail.python.org/pipermail/cryptography-dev/2020-December/000998.html">Cryptography started migrating from using C to Rust</a> for security reasons in 2020 and made the first release with Rust binary extensions in 2021. You can listen to maintainers Paul Kehrer and Alex Gaynor <a href="https://www.youtube.com/watch?v=z_Eiy2W0APU">discuss this non-trivial migration in their PyCon 2022 talk</a>.<br /><br />The migration of the cryptography library included tools like <a href="https://pyo3.rs">PyO3</a> and <a href="https://github.com/PyO3/setuptools-rust">setuptools-rust</a> that enable easier adoption of Rust binary extensions. There’s already plenty of buzz for using Rust and Python together, the adoption of Rust in Python packages is <b><a href="https://sethmlarson.dev/security-developer-in-residence-weekly-report-18#querying-the-dataset">steadily increasing</a> from the single digits in 2020 to today with hundreds of packages using Rust.</b><br /><br />There are many opportunities to learn about writing Python binary extensions using Rust, for example, at <a href="https://us.pycon.org/2024">PyCon US 2024</a> there will be a <a href="https://us.pycon.org/2024/schedule/presentation/113/">tutorial about getting started with PyO3</a> and a <a href="https://us.pycon.org/2024/schedule/presentation/89/">talk on PyO3 and maturin</a>, a <a href="https://github.com/PyO3/maturin">PEP 517 build backend for Rust</a> by a maintainer of the PyO3 project.<br /><br />Historically Python binary extensions were built mostly using C and C++ meaning there are many projects which, for reasons like backwards compatibility or lack of resources and time, cannot or do not want to migrate to Rust. For these projects, the use of compiler options can harden binaries against some memory safety issues. The OpenSSF Best Practices working group has <a href="https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++">published a list of compiler options</a> to consider adopting in order to harden builds of C and C++ code.<br /><br />There is still much work to be done to secure the Python ecosystem and it can’t be done without our amazing community of contributors and maintainers. We look forward to more investment in this area as part of the industries’ adoption of memory-safe programming languages. If you are interested in being part of conversations around improving security in Python, we invite you to open a thread on <a href="https://discuss.python.org/">discuss.python.org</a>.<br /><br /></p>Seth Michael Larsonhttp://www.blogger.com/profile/16555309043643874359noreply@blogger.comtag:blogger.com,1999:blog-8520.post-55385546239409449902024-02-08T10:53:00.001-05:002024-02-08T10:53:23.790-05:00Software Bill-of-Materials documents are now available for CPython<p>Our Security Developer-in-Residence, <a href="https://sethmlarson.dev/">Seth Larson</a>, has been working to improve the management of vulnerabilities for Python users. Seth has championed progress on this goal in a variety of areas:<br /></p><ul style="text-align: left;"><li><a href="https://www.cve.org/Media/News/item/news/2023/08/29/Python-Software-Foundation-Added-as-CNA">Authorizing the Python Software Foundation as a CVE Numbering Authority</a> (CNA) to publish CVE IDs and records</li><li>Revitalizing the security advisory mailing list (<a href="https://mail.python.org/mailman3/lists/security-announce.python.org/">security-announce@python.org</a>)</li><li>Migrating all historical vulnerabilities to the <a href="https://ossf.github.io/osv-schema/">Open Source Vulnerability format</a> (OSV) and having the records indexed into the <a href="https://osv.dev/list?ecosystem=&q=PSF">global OSV database</a></li></ul><p>With the <a href="https://www.python.org/downloads/release/python-3122/">release of CPython 3.12.2</a>, the next step of the Python Software Foundation’s vulnerability management strategy is now available in the form of Software Bill-of-Materials (SBOM) documents for CPython source releases. The documents are available for download in their own column labeled “SBOM” in the “Files” table <a href="https://www.python.org/downloads/release/python-3122/">on the release page</a>. User documentation and a getting started guide for CPython SBOMs is <a href="https://www.python.org/download/sbom/">available on python.org</a>.<br /><br />These documents are relatively new but have been tested with multiple tools that accept SPDX SBOM documents. Please report any feedback on the SBOM to the <a href="https://github.com/python/cpython/">CPython issue tracker</a>.</p><h2 style="text-align: left;">What is a Software Bill-of-Materials (SBOM)?</h2><p>Software Bill-of-Materials are machine-readable documents using an ecosystem-independent format like <a href="https://spdx.github.io/spdx-spec/v2.3/">SPDX</a> or <a href="https://cyclonedx.org/">CycloneDX</a> to describe what a piece of software is made of and how each component within the software relates to other components. There are multiple use-cases for SBOMs, but for CPython we primarily focused on software supply chain and vulnerability management.<br /><br />Many vulnerability scanning tools support passing an SBOM document as input to provide a comprehensive scan for software vulnerabilities without needing to rely on fallible software discovery. This means there’s less chances for vulnerabilities to be missed by scanners.<br /><br />There are existing tools for automatically creating SBOMs for software, but SBOMs which aren’t accurate are sometimes more dangerous than having no SBOM due to causing a false sense of security. This is especially true for complex pieces of software or projects which exist outside of package ecosystems, both of which apply to CPython and make generating an SBOM difficult. For this reason the content of CPython SBOMs is curated by hand on first pass to ensure accuracy and completeness and then automated to track updates as the software changes.<br /><br />SBOM documents are becoming a requirement for compliance in multiple areas and industries. In order to meet those requirements we are providing a comprehensive and accurate SBOM for CPython that will provide assurance for Python users.</p><h2 style="text-align: left;">What is included in CPython SBOMs?</h2><p>CPython SBOMs use the SPDX SBOM standard. SBOM documents include a description of the contained software, including all of its dependencies. Information in CPython SBOMs includes:<br /></p><ul style="text-align: left;"><li>Names and versions of all software components</li><li>Software identifiers (like <a href="https://nvd.nist.gov/products/cpe">CPE</a> and <a href="https://github.com/package-url/purl-spec">Package URLs</a>)</li><li>Download URLs for source code with checksums</li><li>File names and content checksums</li><li>Dependency relationships between each component</li></ul><p>CPython SBOMs satisfy the requirements listed in the <a href="https://www.ntia.gov/sites/default/files/publications/sbom_minimum_elements_report_0.pdf">NTIA Minimum Elements for a Software Bill of Materials</a>. Software identifiers can be used for correlating software in use to vulnerability databases like the <a href="https://www.cve.org/">CVE database</a> and <a href="https://osv.dev/">Open Source Vulnerability database</a>, typically done automatically using vulnerability scanning tools.<br /></p><h3 style="text-align: left;">What <i>isn’t</i> included in CPython SBOMs?</h3><p>Keep in mind that software libraries that you supply yourself to compile CPython, such as OpenSSL and zlib, are <b>not included in the SBOMs for source artifacts</b>. <br /><br />This is due to these libraries not being included in source artifacts, so CPython users have a choice of which version and sources to use for these third-party libraries. Folks who are compiling CPython from source are responsible for tracking their own dependencies either in a separate SBOM document or by appending new entries to your local CPython SBOM.<br /><br />CPython’s SBOMs don’t include licensing information for dependencies. See the CPython licensing page for licensing information.</p><h2 style="text-align: left;">What is coming next for CPython SBOMs?</h2><p>This is only the beginning for CPython SBOMs, as mentioned above there are only SBOM documents published for source releases today. The CPython release managers also publish binary installers for <a href="https://www.python.org/downloads/windows/">Windows</a> and <a href="https://www.python.org/downloads/macos/">macOS</a> on a variety of distribution channels. These artifacts will need their own SBOM documents as they are compiled with software that’s typically not available on those platforms (e.g. OpenSSL).<br /><br />There’s also more infrastructure needed to reduce noise and churn for Python users and Python Security Response Team members alike. Vulnerability EXchange (VEX) statements are a set of standards which allows software producers to signal to user tooling whether a piece of software in use is affected by a vulnerability, even for vulnerabilities affecting dependencies. This is an area of active development and is being explored alongside the <a href="https://github.com/ossf/wg-security-tooling">OpenSSF Security Tooling Working Group</a>.<br /><br />The Security Developer-in-Residence role and this work is funded by a substantial investment from the OpenSSF <a href="https://openssf.org/community/alpha-omega/">Alpha-Omega Project</a>. Thanks to Alpha-Omega for their support in improving the security posture of the entire Python ecosystem.The OpenSSF is a non-profit cross-industry collaboration that unifies security initiatives and brings together leaders to improve the security of open source software by building a broader community, targeted initiatives, and best practices. <br /></p>Seth Michael Larsonhttp://www.blogger.com/profile/16555309043643874359noreply@blogger.comtag:blogger.com,1999:blog-8520.post-12317379311302474622024-02-07T11:33:00.002-05:002024-03-15T16:30:13.048-04:00Introducing PSF Grants Program Office Hours<p><span style="font-size: small;">In October 2023, <a href="https://pyfound.blogspot.com/2023/10/september-october-board-votes.html" target="_blank">we acknowledged the situation surrounding DjangoCon Africa</a> and noted our intent to make ongoing improvements to the Grants Program. We also recognize that we are in a new world of hybrid programming since the onset of the pandemic which comes with different funding and cost challenges. One step we are taking to refresh the Grants Program (we’ll be reporting on other steps soon) is to establish PSF Grants Program Office Hours. <br /><br />The office hours will be hosted on the <a href="https://discord.gg/7rthGF3BBe" target="_blank">Python Software Foundation Discord</a> once a month at 1-2PM UTC (9AM Eastern) on the third Tuesday of the month. (Check <a href="https://dateful.com/time-zone-converter" target="_blank">what time</a> that is for you.) We invite the Python community to join in to receive support for Grant-related questions and inquiries! If you have urgent or immediate questions related to the Grants Program, please email grants@pyfound.org.</span></p><h2 style="text-align: left;"><span style="font-size: small;">Direct line of communication</span></h2><p><span style="font-size: small;">As we sat down to address the challenges and issues raised around the Grants Program and how to better support the Python community, we came to realize that refreshing the program would not be an easy and quick task. We need a two-way communication channel dedicated to the topic of grants with the PSF Board, the Grants Working Group, the D&I Working Group, the Code of Conduct Working Group, and most importantly, our vibrant and diverse community.<br /><br />We believe a direct line of communication between the PSF and the worldwide Python community is the best first step. In order to create that direct line, gather your feedback, and collaborate on the future of the program, we are establishing regular PSF Grants Program Office Hours! <br /></span></p><h2 style="text-align: left;"><span style="font-size: small;">What’s the goal?</span></h2><p><span style="font-size: small;">There are a couple of goals we hope to accomplish with the Grants Program Office Hours. In the short term, we believe recurring time supporting communication between the community and the PSF is key. In other words, a place for folks to come with questions and ideas regarding the Grants Program, with an understanding that we don’t have it perfect yet. If we have the answer, or we can point you to the right resource - amazing! If we don’t, that’s an area we know needs more work and will be added to our “To Do.” <br /><br />We hope to see the office hours evolve over time as we work through feedback and make updates to our process, documentation, and resources. In the long term, the PSF hopes Grants Program Office Hours will create a place for our community to ask questions about the Grants Program and for us to have (almost) all the answers. We’d like the office hours to continue to be a place where we receive feedback from the community and continuously improve what we can do for Pythonistas around the world.<br /></span></p><h2 style="text-align: left;"><span style="font-size: small;">PSF Grants Program Office Hour Hosts</span></h2><p><span style="font-size: small;">The PSF Grants Program Office Hours will be hosted by members of the <a href="https://www.python.org/psf/records/staff/" target="_blank">PSF Staff</a>. This will change over time, but for now you can expect to see Laura Graves, Senior Accountant, and Marie Nordin, Community Communications Manager, hosting the sessions. When needed, other PSF staff members will sub in for Laura and Marie. </span><span style="font-size: small;"> </span></p><h2 style="text-align: left;"><span style="font-size: small;">This sounds great! How can I join?</span></h2><p><span style="font-size: small;">The PSF Grants Program Office Hours will be a text-only chat based office hour hosted on the <a href="https://discord.gg/7rthGF3BBe" target="_blank">Python Software Foundation Discord</a> at 1-2PM UTC (9AM Eastern) on the third Tuesday of the month. The server is moderated by PSF Staff and is locked in between office hour sessions. If you’re new to Discord, check out some <a href="https://support.discord.com/hc/en-us/sections/360008206871-Discord-Basics" target="_blank">Discord Basics</a> to help you get started. And as always, if you have urgent or immediate questions related to the Grants Program, please email grants@pyfound.org.<br /><br />Come prepared to the Office Hours with questions and shareable links to your Grant applications drafts in progress via Google docs, etherpad, pastebin, etc. We hope to see you there!</span></p>Marie Nordinhttp://www.blogger.com/profile/15138793242213676112noreply@blogger.comtag:blogger.com,1999:blog-8520.post-20358670448080848982024-01-31T08:00:00.002-05:002024-01-31T08:00:00.144-05:00Kicking off 2024 strong, thanks to our community!<p>We are starting off the year feeling energized and supported, thanks to each of you who shared or donated to our year-end fundraiser and membership drive. We raised a whopping $43,000 through our <a href="https://www.jetbrains.com/pycharm/" target="_blank">PyCharm</a> partnership with <a href="https://www.jetbrains.com/" target="_blank">JetBrains</a>–that’s more than double last year! With over 150 individual donations, new Supporting Memberships, and JetBrains’ generous partnership, we raised $134,175 total for our work supporting Python and the Python community! All in all, during the period of the fundraiser, we raised close to $200K, which includes donations from <a href="https://www.python.org/psf/sponsors/" target="_blank">our sponsors</a>, donations to <a href="https://www.python.org/psf/fiscal-sponsorees/" target="_blank">our Fiscal Sponsorees</a>, Membership renewals, and proceeds from the special replay of our Humble Bundle, thanks to <a href="https://nostarch.com/" target="_blank">No Starch Press</a>.<br /> </p><p>Your generous support means we can confidently start 2024 by investing in our key goals for the year. These goals include:<br /></p><ul style="text-align: left;"><li>Improving dialogue with the global community</li></ul><ul style="text-align: left;"><li>Investing in community support</li></ul><ul style="text-align: left;"><li>Creating more pathways for technical contributions</li></ul><p>We rely on community investment–of money, but also time, energy, ideas, and enthusiasm–to reach each of these goals. </p><p>Supporting Membership is a great way for the community to invest in the PSF’s work. It was exciting to see many new Supporting Members made use of <a href="https://pyfound.blogspot.com/2022/12/introducing-new-sliding-scale-membership.html" target="_blank">our sliding scale rate option</a> to become Members. Welcome aboard, new members, and thank you for joining us! We’re looking forward to having your voice take part in the PSF’s future.<br /><br />Because the PSF doesn’t buy lists or ads, your help in sharing our fundraiser with your networks makes a big difference, and we really appreciate how many of you took the extra time to help promote it. We’re excited about where 2024 will take us together, and as always, we’d love to hear your ideas and feedback. Looking for how to keep in touch with us? You can find all the ways in our <a href="https://pyfound.blogspot.com/2022/11/where-is-psf.html" target="_blank">"Where is the PSF?" blog post</a>.<br /><br /><br />Wishing you all a wonderful & Python-filled new year!<br />- The PSF Team</p>Marie Nordinhttp://www.blogger.com/profile/15138793242213676112noreply@blogger.comtag:blogger.com,1999:blog-8520.post-46764139319139226172024-01-18T09:44:00.000-05:002024-01-18T09:44:25.749-05:00Announcing Python Software Foundation Fellow Members for Q3 2023! 🎉<p><span style="caret-color: rgb(0, 0, 0); color: #666666; font-family: inherit; font-size: 13.2px;">The PSF is pleased to announce its third batch of PSF Fellows for 2023! Let us welcome the new PSF Fellows for Q3! The following people continue to do amazing things for the Python community:</span></p><div style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; margin: 15px 0px; text-align: center; text-size-adjust: auto;"><b style="text-align: left;"><span style="font-size: medium;">Dustin Ingram</span></b></div><div style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; margin: 15px 0px; text-align: center; text-size-adjust: auto;"><span style="color: black;"><a href="https://www.linkedin.com/in/dustingram/" style="color: #2b5b84; text-decoration-line: none;" target="_blank">LinkedIn</a>, </span><a href="https://github.com/di/" style="color: #2b5b84; text-decoration-line: none;" target="_blank">Github</a>, <a href="https://di.social/" style="color: #2b5b84; text-decoration-line: none;" target="_blank">Social</a>, <a href="https://di.dev/" style="color: #2b5b84; text-decoration-line: none;" target="_blank">Website</a></div><div style="margin: 15px 0px; text-align: center; text-size-adjust: auto;"><b style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; text-align: left;"><span style="font-size: medium;">Marlene Mhangami </span></b></div><div style="margin: 15px 0px; text-align: center; text-size-adjust: auto;"><span face=""Trebuchet MS", Trebuchet, Verdana, sans-serif" style="color: #666666; font-size: 13.2px;"><a href="https://twitter.com/marlene_zw" style="color: #2b5b84; text-decoration-line: none;" target="_blank">Twitter</a><span style="color: #0b5394;">, </span><a href="https://github.com/marlenezw" style="color: #2b5b84; text-decoration-line: none;" target="_blank">GitHub</a>, </span><a href="http://marlenemhangami.com" style="color: #2b5b84; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; text-decoration-line: none;" target="_blank">Website</a></div><div style="margin: 15px 0px; text-align: center; text-size-adjust: auto;"><b style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; text-align: left;"><span style="font-size: medium;">Nikita Sobolev</span></b></div><div style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; margin: 15px 0px; text-align: center; text-size-adjust: auto;"><span><a href=" https://github.com/sobolevn/" style="color: #2b5b84; text-decoration-line: none;" target="_blank">GitHub</a><span style="color: black;">,</span> </span><a href="https://sobolevn.me/" style="color: #2b5b84; text-decoration-line: none;" target="_blank">Website</a></div><div style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; margin: 15px 0px; text-align: center; text-size-adjust: auto;"><b style="text-align: left;"><span style="font-size: medium;">Raquel Dou</span></b></div><div style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; margin: 15px 0px; text-align: center; text-size-adjust: auto;"><a href="https://www.linkedin.com/in/raquel-dou/" style="color: #2b5b84; font-size: 13.2px; text-decoration-line: none;" target="_blank">LinkedIn</a><span style="font-size: 13.2px;"> </span></div><p style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; margin: 15px 0px; text-align: justify; text-size-adjust: auto;"><span style="text-align: left;">Thank you for your continued contributions. We have added you to our Fellow roster</span><span class="Apple-converted-space" style="text-align: left;"> </span><a href="https://www.python.org/psf/fellows-roster/" style="-webkit-print-color-adjust: exact; color: #4183c4; font-family: inherit; text-align: left; text-decoration-line: none;">online</a><span style="text-align: left;">.</span></p><p style="-webkit-print-color-adjust: exact; caret-color: rgb(0, 0, 0); color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; margin: 15px 0px; text-align: justify; text-size-adjust: auto;"><span style="font-family: inherit;">The above members help support the Python ecosystem by being phenomenal leaders, sustaining the growth of the Python scientific community, maintaining virtual Python communities, maintaining Python libraries, creating educational material, organizing Python events and conferences, starting Python communities in local regions, and overall being great mentors in our community. Each of them continues to help make Python more accessible around the world. To learn more about the new Fellow members, check out their links above.</span></p><p style="-webkit-print-color-adjust: exact; caret-color: rgb(0, 0, 0); color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; margin: 15px 0px; text-size-adjust: auto;"><span style="font-family: inherit;">Let's continue recognizing Pythonistas all over the world for their impact on our community. The criteria for Fellow members is available online: <a href="https://www.python.org/psf/fellows/" style="color: #2b5b84; text-decoration-line: none;">https://www.python.org/psf/fellows/</a>. If you would like to nominate someone to be a PSF Fellow, please send a description of their Python accomplishments and their email address to psf-fellow at python.org. Quarter 4 nominations are currently in review. We are accepting nominations for Quarter 1 2024 through February 20, 2024.</span></p><p style="-webkit-print-color-adjust: exact; caret-color: rgb(0, 0, 0); color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; margin: 15px 0px; text-size-adjust: auto;"><span style="font-family: inherit;">Are you a PSF Fellow and want to help the Work Group review nominations? Contact us at psf-fellow at python.org</span></p>Olivia Saulshttp://www.blogger.com/profile/02332425566237042576noreply@blogger.comtag:blogger.com,1999:blog-8520.post-7780249886842104362024-01-18T08:46:00.000-05:002024-01-18T08:46:27.849-05:00Announcing the Deputy Developer in Residence and the Supporting Developer in ResidenceWe’re very happy to welcome Petr Viktorin as the Deputy Developer in Residence! Better yet, he is joined by Serhiy Storchaka as the Supporting Developer in Residence. This transforms the residency program into a full blown team! We couldn’t be happier.<br /><br />It’s exciting to be able to begin to realize the full vision of the Developers in Residence program, with special thanks to Bloomberg for making it possible for us to bring Petr on board. The initial idea behind the Developer in Residence was to have three to five people hired directly by the Python Software Foundation to help with developer efficiency at CPython, where most of the contributors are volunteers. Three to five people is a good amount to allow for handling both day-to-day tasks, as well as planning and executing on larger-scale projects.<br /><br />We were only able to start with a single Developer in Residence, initially sponsored by Google for the initial year, and by Meta for the following two years. We were <a href="https://pyfound.blogspot.com/2023/02/the-case-for-second-developer-in.html">clear that adding more developers in residence would multiply the impact of the role</a> but, of course, the big question is funding. Fortunately, the success of the initial one-person program allowed for a new sponsor to participate, interested in extending the program with another developer. Thank you, Bloomberg!<br /><br />We <a href="https://lukasz.langa.pl/40b601fc-2b24-4629-91d9-3b32c58365c6/">announced</a> the job opening back in July, and the interview process was extensive. The Foundation received close to 100 applications, and it was a very tough decision, as most were excellent candidates. One surprise in particular was that despite the Deputy role being described as targeting programmers of various experience levels, we received many more applications from Python core developers than during the initial Developer in Residence job opening.<br /><br />Naturally, the core developers bubbled up in the interview process. We were especially impressed by Petr Viktorin’s experience with maintaining Python at Red Hat, his interest in the C API, and his long-term existing contributions to Python. Given the transformative recent developments inside the interpreter in terms of performance and scalability, Petr’s skillset was the perfect match. We’re excited he accepted the offer!<br /><br />However, there was one more person who we were also ready to hire on the spot: Serhiy Storchaka, a rare example of a core developer generalist, with plenty of C experience and contributions across the entire codebase. Consistently one of the top most prolific contributors to Python, we felt like we needed to secure him as a member for the Residents team. Unexpectedly, a generous anonymous donation allowed us to hire Serhiy as well. Thank you!<br /><br />We are calling the role the Supporting Developer in Residence to make it clear the funding level here isn’t as high as in the Deputy case. Please contact us if your organization can help sponsor Serhiy to bump him to the Deputy salary. Serhiy sure deserves it!<br /><br />After an initial meeting with the Steering Council, the Residents team is now ready to take on a more active role in shaping the development of the language. The Council advised that while every team member is expected to prioritize unblocking other contributors and keeping the developer experience smooth, with three people on the team each Resident can now also spend a percentage of their time on feature work aligned with their interests.<br /><br />There are some exciting times ahead for Python!<br /><br />Łukasz Langahttp://www.blogger.com/profile/12992944444591785142noreply@blogger.comtag:blogger.com,1999:blog-8520.post-73528541916177880772024-01-12T10:40:00.000-05:002024-01-12T10:40:46.372-05:00EU’s Cyber Resilience Act Passes with Wins for Open SourceBack in April, we <a href="https://pyfound.blogspot.com/2023/04/the-eus-proposed-cra-law-may-have.html">wrote to the community</a> about our concerns for the future of the open source ecosystem generally and CPython and PyPI specifically if the European Cyber Resilience Act (CRA) were to pass in the form that had been shared. At the time, we were worried that in the course of providing software for anyone to use, analyze or change that the PSF and/or the Python community might become legally responsible for security issues in the products that are built with the code components that we are providing for free. We asked for increased clarity, specifically:<br /><br /><div style="margin-left: 40px; text-align: left;">“Language that specifically exempts public software repositories that are offered as a public good for the purpose of facilitating collaboration would make things much clearer. We'd also like to see our community, especially the hobbyists, individuals and other under-resourced entities who host packages on free public repositories like PyPI be exempt.”<br /></div><br />The good news is that CRA text* changed a lot between the time the open source community – including the PSF – started expressing our concerns and the Act’s final text which was <a href="https://en.wikipedia.org/wiki/Cyber_Resilience_Act">cemented on December 1st</a>. That text introduces the idea of an “open source steward.” <br /><br /><div style="margin-left: 40px; text-align: left;"><i>“'open-source software steward’ means any legal person, other than a manufacturer, which has the purpose or objective to systematically provide support on a sustained basis for the development of specific products with digital elements qualifying as free and open-source software that are intended for commercial activities, and ensures the viability of those products;” (p. 76)</i><br /></div><br />Furthermore, the final text demonstrates a crisper understanding of how open source software works and the value it provides to the overall ecosystem of software development. <br /><br /><div style="margin-left: 40px; text-align: left;"><i>“More specifically, for the purpose of this Regulation and in relation to the economic operators referred therein, to ensure that there is a clear distinction between the development and the supply phases, the provision of free and open-source software products with digital elements that are not monetised by their manufacturers is not considered a commercial activity.” (p. 10)</i><br /></div><p>So are we totally done paying attention to European legislation? Ah, while it would be nice for the Python community to be able to cross a few things off our to-do list, that’s not quite how it works. Firstly, the concept of an “open source steward” is a brand new idea in European law. So, we will be monitoring the conversation as this new concept is implemented or interacts with other bits of European law to make sure that the understanding continues to reflect the intent and the realities of open source development. Secondly, there are some other pieces of legislation in the works that may also impact the Python ecosystem so we will be watching the Product Liability Directive and keeping up with the discussion around standard-essential patents to make sure that the effects on Python and open source development are intentional (and hopefully benevolent, or at least benign.) </p><p>Thank you to <a href="https://openforumeurope.org/">Open Forum Europe</a> (OFE) — especially Ciarán O’Riordan – for bringing the FOSS community together to share our thoughts on how the proposed text would affect open source, thinking about how the goals of the proposed act might be achieved without unintentionally creating a chilling effect for open source and communicating those ideas to legislators. OFE’s work to coordinate our efforts certainly made it easier for the PSF’s concerns to be heard and I’m fairly certain it made it easier for legislators to assess and consider impacts to the open source ecosystem when we were able to speak with one voice. </p><p><i>*The entire Regulation is published <a href="https://data.consilium.europa.eu/doc/document/ST-17000-2023-INIT/EN/pdf">here</a>, if you want to dive into the text more deeply. </i></p>Deb Nicholsonhttp://www.blogger.com/profile/06173618710147431813noreply@blogger.comtag:blogger.com,1999:blog-8520.post-62337231239701036042023-12-12T03:00:00.034-05:002023-12-12T03:00:00.137-05:00Announcing the Hidden Figures of Python Podcast!<p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwtu2DncDXVqcGyUyQmIO4ZYGQgj3tdpPI2dMCv44oKOVgc35EKFTEv0CxRRkXLZ12_nBHVxiDeRauSI2zycd2okYXekFPmHndil1rAaKVmOZPjnKOMRErXzq3meF4N91f3kXXMTJBae6dG8ra2vVfg7TSkHAw4Gq0NumkxqQSK3iN_xmV8Q/s5000/podcats.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="5000" data-original-width="5000" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwtu2DncDXVqcGyUyQmIO4ZYGQgj3tdpPI2dMCv44oKOVgc35EKFTEv0CxRRkXLZ12_nBHVxiDeRauSI2zycd2okYXekFPmHndil1rAaKVmOZPjnKOMRErXzq3meF4N91f3kXXMTJBae6dG8ra2vVfg7TSkHAw4Gq0NumkxqQSK3iN_xmV8Q/s320/podcats.png" width="320" /></a></p><p dir="ltr" id="docs-internal-guid-29887c2a-7fff-79a2-c468-0090219bca51" style="line-height: 1.38; margin-bottom: 12pt; margin-top: 0pt;"><span style="font-family: inherit; font-size: small;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The <a href="https://www.python.org/psf-landing/">Python Software Foundation</a> is excited to share the launch of the </span><a href="https://pypodcats.live/about/" style="text-decoration: none;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration-skip-ink: none; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">Hidden Figures of Python</span></a><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">, a new podcast series created by the </span><a href="https://pypodcats.live/" style="text-decoration: none;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration-skip-ink: none; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">PyPodcats</span></a><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">. The Hidden Figures of Python series aims to uplift underrepresented folks and their inspiring stories. </span><a href="https://pypodcats.live/episodes/ep-0" style="text-decoration: none;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration-skip-ink: none; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">Episode 0</span></a><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> is available now on the </span><a href="https://pypodcats.live/episodes" style="text-decoration: none;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration-skip-ink: none; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">PyPodcats website</span></a><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">, </span><a href="https://podcasters.spotify.com/pod/show/pypodcats" style="text-decoration: none;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration-skip-ink: none; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">Spotify</span></a><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">, </span><a href="https://podcasts.apple.com/us/podcast/pypodcats/id1720808525" style="text-decoration: none;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration-skip-ink: none; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">Apple Podcasts</span></a><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">, and the </span><a href="https://www.youtube.com/@ThePSF" style="text-decoration: none;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration-skip-ink: none; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">PSF YouTube channel</span></a><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">.</span></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-left: 30pt; margin-right: 30pt; margin-top: 0pt; margin: 0pt 30pt;"><span style="font-family: inherit; font-size: small;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"></span></span></p><blockquote><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-left: 30pt; margin-right: 30pt; margin-top: 0pt; margin: 0pt 30pt;"><span style="font-family: inherit; font-size: small;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Hidden Figures of Python podcast series is hosted by the PyPodcats team: Cheuk Ting Ho, Georgi Ker, Mariatta Wijaya, and Tereza Iofciu. Our aim is to highlight voices of underrepresented group members of the Python community.</span></span></p><span style="font-family: inherit; font-size: small;"><br /></span><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-left: 30pt; margin-right: 30pt; margin-top: 0pt; margin: 0pt 30pt;"><span style="font-family: inherit; font-size: small;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">Within the realm of popular Python community podcasts, women make up less than 15% of podcast speaker guests.</span></span></p><span style="font-family: inherit; font-size: small;"><br /></span><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-left: 30pt; margin-right: 30pt; margin-top: 0pt; margin: 0pt 30pt;"><span style="font-family: inherit; font-size: small;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">We know that there are in fact many underrepresented members in our community who are contributing to the Python community, and they deserve to be seen and heard by the rest of us.</span></span></p><span style="font-family: inherit; font-size: small;"><br /></span><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-left: 30pt; margin-right: 30pt; margin-top: 0pt; margin: 0pt 30pt;"><span style="font-family: inherit; font-size: small;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">By creating this podcast series, we hope for the rest of the Python community to learn more about the underrepresented community members and to appreciate their contributions to the global Python community.</span></span></p></blockquote><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-left: 30pt; margin-right: 30pt; margin-top: 0pt; margin: 0pt 30pt;"><span style="font-family: inherit; font-size: small;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"></span></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 12pt; margin-top: 12pt;"><span style="font-family: inherit; font-size: small;"><span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;">The Hidden Figures of Python Podcast has been created with care by treasured members of the Python and PSF community. We congratulate and applaud Cheuk, Georgi, Mariatta, and Tereza for launching the series and for everything they contribute to Python and the PSF!</span></span></p><div style="line-height: 1.38; margin-bottom: 12pt; margin-top: 12pt; text-align: left;"><span style="font-family: inherit; font-size: small;">Support for community projects like the PyPodcats comes from <a href="https://www.python.org/psf/sponsors/">our sponsors</a>, but also from folks like you through <a href="https://www.python.org/psf/donations/">donations</a> and <a href="https://www.python.org/psf/membership/">Memberships</a>. Make sure to check out <a href="https://pyfound.blogspot.com/2023/11/support-python-q4-2023.html">our blog post</a>
on our end of year Membership and donations drive. Your gifts and
support means the world to us. We’re incredibly grateful to be in
community with you!<span style="background-color: transparent; font-style: normal; font-variant: normal; font-weight: 400; text-decoration: none; vertical-align: baseline; white-space: pre-wrap;"> </span></span></div>Marie Nordinhttp://www.blogger.com/profile/15138793242213676112noreply@blogger.comtag:blogger.com,1999:blog-8520.post-13142325495471604502023-11-15T10:30:00.011-05:002023-12-04T16:50:01.681-05:00It's time for our annual year-end PSF fundraiser and membership drive 🎉<h1 style="text-align: left;"></h1><h2 style="text-align: left;">Support Python in 2023!</h2><h2 style="text-align: center;"> <a class="hoverZoomLink" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5EX0yXqOYNuAGcsuRsJX2wp9TzgU6azoLrCDh9utYsik4eyzjknOM_iUB32yQpkdfpIQlOs5USdc5jxI7J4t_X5Ph55VJSTlWJfqi-4U4NDIwL1lff1s-19VLv-ida4AWNw9-eMz14fdejA74vJzpbLginaeR34p7ydwgVd9LEfBcOmxOxg/s1139/fundraiser_membership_drive_small.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" class="hoverZoomLink" data-original-height="576" data-original-width="1139" height="203" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5EX0yXqOYNuAGcsuRsJX2wp9TzgU6azoLrCDh9utYsik4eyzjknOM_iUB32yQpkdfpIQlOs5USdc5jxI7J4t_X5Ph55VJSTlWJfqi-4U4NDIwL1lff1s-19VLv-ida4AWNw9-eMz14fdejA74vJzpbLginaeR34p7ydwgVd9LEfBcOmxOxg/w400-h203/fundraiser_membership_drive_small.png" width="400" /></a></h2><h3 style="text-align: left;"><span style="font-size: small;"> </span><br /></h3><h2 style="text-align: left;"><span style="font-size: medium;">There are two ways to join in the drive this year:</span></h2><ul style="text-align: left;"><li><span style="font-size: medium;"><a href="https://psfmember.org/civicrm/contribute/transact/?reset=1&id=49"><b>Donate directly to the PSF!</b></a> </span>Every dollar makes a difference. (Does every dollar also make a puppy’s tail wag? We make no promises, but may you should try, just in case? 🐶)</li></ul><ul style="text-align: left;"><li><a href="https://psfmember.org/"><b><span style="font-size: medium;">Become a member!</span></b></a> Sign up as a Supporting member of the PSF. Be a part of the PSF, and help us sustain what we do with your annual support.</li></ul><p style="text-align: left;">Or, heck, why not do both? 🥳</p><p style="text-align: left;"> <span style="font-size: small;"><b>Your Donations:</b></span></p><ul style="text-align: left;"><li><span style="font-size: small;">Keep Python thriving </span></li></ul><div><ul style="text-align: left;"><li><span style="font-size: small;">Invest directly in CPython and PyPI progress</span></li></ul><ul style="text-align: left;"><li><span style="font-size: small;">Bring the global Python community together</span></li></ul><ul style="text-align: left;"><li><span style="font-size: small;">Make our community more diverse and robust every year</span></li></ul></div><p><br /></p><p></p><p></p><h2 style="text-align: left;"><span style="font-size: medium;">Let’s take a look back on 2023:</span></h2><p style="text-align: left;"><b>PyCon US</b> - We held our <a href="https://us.pycon.org/2023/">20th PyCon US</a>, in Salt Lake City and online, which was an exhilarating success! For the online component, PyCon US OX, we added two moderated online hallway tracks (in Spanish and English) and saw a 33% increase in virtual engagement. It was great to see everyone again in 2023, and we’re grateful to all the speakers, volunteers, attendees, and sponsors who made it such a special event.<br /><br /><b>Security Developer in Residence</b> - Seth Larson joined the PSF earlier this year as our first ever Security Developer-in-Residence. Seth is already well-known to the Python community – he was named a PSF Fellow in 2022 and has already written a lot about Python and security on <a href="https://sethmlarson.dev/blog">his blog</a>. This critical role would not be possible without funding from the OpenSSF <a href="https://alpha-omega.dev/">Alpha-Omega Project</a>. <br /><br /><b>PyPI Safety & Security Engineer </b>- Mike Fiedler joined the PSF earlier this year as our first ever PyPI Safety & Security Engineer. Mike is already a dedicated member of the Python packaging community – he has been a Python user for some 15 years, maintains and contributes to open source, and became a PyPI Maintainer in 2022. You can see some of what he's achieved for PyPI already on the <a href="https://blog.pypi.org/">PyPI blog</a>. This critical role would not be possible without funding from <a href="https://aws.amazon.com/opensource/">AWS</a>.<br /><b><br />Welcome, Marisa and Marie!</b> - In 2023 we were able to add two new full time staff members to the PSF. Marisa Comacho joined as Community Events Manager and <a href="https://pyfound.blogspot.com/2023/10/announcing-community-communications-mgr.html">Marie Nordin joined</a> as Community Communications Manager. We are excited to add two full time dedicated staff members to the PSF to support PyCon US, our communications, and the community as a whole. <br /><b><br />CPython Developer in Residence</b> - Our CPython Developer in Residence, Łukasz Langa, continued to provide trusted support and advancement of the Python language, including oversight for the releases of Python 3.8 and 3.9, adoption of Sigstore, and stewardship of PEP 703 (to name a few of many!). Łukasz also engaged with the community by orchestrating the <a href="https://us.pycon.org/2023/events/language-summit/">Python Language Summit</a> and participating in events such as <a href="https://us.pycon.org/2023/">PyCon US 2023</a>, <a href="https://ep2023.europython.eu/">EuroPython</a>, and <a href="https://2023.pycon.co/">PyCon Colombia</a>. This critical role would not be possible without funding from <a href="https://about.facebook.com/meta/">Meta</a>. <br /><br /><b>Authorized as CVE Numbering Authority (CNA)</b> - Being authorized as a CNA is one milestone in the Python Software Foundation's strategy to improve the vulnerability response processes of critical projects in the Python ecosystem. The <a href="https://www.cve.org/PartnerInformation/ListofPartners/partner/PSF">Python Software Foundation CNA scope</a> covers <a href="https://github.com/python/cpython">Python</a> and <a href="https://github.com/pypa/pip">pip</a>, two projects which are fundamental to the rest of Python ecosystem.<br /><b><br />Five new Fiscal Sponsorees</b> - Welcome to <a href="https://github.com/PyCQA/bandit">Bandit</a>, <a href="https://www.bapya.org/">BaPya</a>, <a href="https://twisted.org/">Twisted</a>, <a href="https://www.pyohio.org/2023/">PyOhio</a>, and <a href="https://2023.northbaypython.org/">North Bay Python</a> as new Fiscal Sponsorees of the PSF! The PSF provides 501(c)(3) tax-exempt status to fiscal sponsorees and provides back office support so they can focus on their missions.<span style="font-size: medium;"> <br /></span></p><h2 style="text-align: left;"><span style="font-size: medium;"> </span></h2><h2 style="text-align: left;"><span style="font-size: medium;">Our Thanks:</span></h2><p style="text-align: left;">Thank you for being a part of this drive and of the Python community! Keep an eye on this space and on our social media in the coming weeks for updates on the drive and the PSF 👀<br /><b><i> </i></b></p><p style="text-align: left;"><b><i>Your support means the world to us. We’re incredibly grateful to be in community with you! </i></b><br /><br /></p><br /><br />Marie Nordinhttp://www.blogger.com/profile/15138793242213676112noreply@blogger.comtag:blogger.com,1999:blog-8520.post-19305323074244479642023-11-09T18:00:00.022-05:002023-11-09T18:00:00.135-05:00The Python Sofware Foundation receives the Wonderfully Welcoming Award from GitHub![November 9th, 2023] - The Python Software Foundation is delighted to announce that we are a recipient of a GitHub Award under the Wonderfully Welcoming category, awarded on November 9th at <a href="https://githubuniverse.com/">GitHub Universe 2023</a> in San Francisco, CA, USA. This award exemplifies all the Python community strives to be—enthusiastic, dedicated to encouraging use of the language, and committed to building a diverse and friendly community. We are proud of the Python community for embodying our values on GitHub and this award truly belongs to every contributor. We’re incredibly grateful to be in community with you. <br /><br /><a href="https://github.blog/2023-11-09-celebrating-the-github-awards-2023-recipients">GitHub shares</a>:<br /><blockquote><div style="margin-left: 40px; text-align: left;"><i>The GitHub Awards celebrates the outstanding contributions and achievements in the developer community by honoring individuals, projects, and organizations for creating an outsized positive impact on the community.<br /><br /><a href="https://www.python.org/psf-landing/">Python Software Foundation </a>(<a href="https://github.com/psf">@psf</a>) is not just a hub for Python development; it's a community that embraces diversity and inclusion at its core. Through initiatives like PyCon Charlas, PSF breaks language barriers, providing a platform for Spanish-speaking contributors. It also champions gender diversity by backing the pioneering PyLadiesCon. <br /><br />Above all, the PSF is committed to a respectful and safe community experience, fortified by a strong <a href="https://www.python.org/psf/conduct/">Code of Conduct</a>. It also extends accessibility through captioning and is vigilant about health and safety measures. At PSF, it's not just about code; it's about the people behind it.<br /><br />The Wonderfully Welcoming Award recognizes people or projects that have been the most welcoming and seen an increasing amount of contributors.</i></div></blockquote><br />The PSF Executive Director, Deb Nicholson, states: <i>“We believe that empowering new participants is key to the growth and success of the open source movement. We want to thank GitHub for shining a spotlight on the human side of open source community work.” </i><br /><br />The Python Software Foundation is a non-profit membership organization devoted to advancing open source technology related to the Python programming language. Our mission is to promote, protect, and advance the Python programming language, and to support and facilitate the growth of a diverse and international community of Python programmers.<br /><br />If you would like to help advance our mission, please consider supporting us <a href="https://www.python.org/psf/donations/">with a donation</a>!<br />Marie Nordinhttp://www.blogger.com/profile/15138793242213676112noreply@blogger.comtag:blogger.com,1999:blog-8520.post-74425743157380885162023-11-08T14:51:00.002-05:002023-11-08T14:51:54.859-05:00Join the Python Developers Survey 2023: Share and learn about the community!<p><style type="text/css">td {border: 1px solid #cccccc;}br {mso-data-placement:same-cell;}</style><span data-sheets-hyperlinkruns="{"1":536,"2":"https://survey.alchemer.com/s3/7554174/python-developers-survey-2023"}{"1":586}{"1":637,"2":"https://www.python.org/psf-landing/"}{"1":663}{"1":668,"2":"https://www.jetbrains.com/"}{"1":677}" data-sheets-textstyleruns="{"1":0}{"1":536,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":586}{"1":637,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":663}{"1":668,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":677}" data-sheets-userformat="{"2":1053441,"3":{"1":0},"11":4,"12":0,"15":"Open Sans","23":1}" data-sheets-value="{"1":2,"2":"This year we are conducting the seventh iteration of the official Python Developers Survey. The goal is to capture the current state of the language and the ecosystem around it. By comparing the results with last year’s, we can identify and share with everyone the hottest trends in the Python community and the key insights into it. \n\nWe encourage you to contribute to our community’s knowledge by sharing your experience and perspective. Your participation is valued! The survey should only take you about 10-15 minutes to complete.\n\nContribute to the Python Developers Survey 2023!\n\nThe survey is organized in partnership between the Python Software Foundation and JetBrains. After the survey is over, we will publish the aggregated results and randomly choose 20 winners (among those who complete the survey in its entirety), who will each receive a $100 Amazon Gift Card or a local equivalent."}" style="font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal;"><span style="font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal;"></span></span><span data-sheets-hyperlinkruns="{"1":536,"2":"https://survey.alchemer.com/s3/7554174/python-developers-survey-2023"}{"1":586}{"1":637,"2":"https://www.python.org/psf-landing/"}{"1":663}{"1":668,"2":"https://www.jetbrains.com/"}{"1":677}" data-sheets-textstyleruns="{"1":0}{"1":536,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":586}{"1":637,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":663}{"1":668,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":677}" data-sheets-userformat="{"2":1053441,"3":{"1":0},"11":4,"12":0,"15":"Open Sans","23":1}" data-sheets-value="{"1":2,"2":"This year we are conducting the seventh iteration of the official Python Developers Survey. The goal is to capture the current state of the language and the ecosystem around it. By comparing the results with last year’s, we can identify and share with everyone the hottest trends in the Python community and the key insights into it. \n\nWe encourage you to contribute to our community’s knowledge by sharing your experience and perspective. Your participation is valued! The survey should only take you about 10-15 minutes to complete.\n\nContribute to the Python Developers Survey 2023!\n\nThe survey is organized in partnership between the Python Software Foundation and JetBrains. After the survey is over, we will publish the aggregated results and randomly choose 20 winners (among those who complete the survey in its entirety), who will each receive a $100 Amazon Gift Card or a local equivalent."}" style="font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal;"><span style="font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal;"> </span></span></p><p><span data-sheets-hyperlinkruns="{"1":536,"2":"https://survey.alchemer.com/s3/7554174/python-developers-survey-2023"}{"1":586}{"1":637,"2":"https://www.python.org/psf-landing/"}{"1":663}{"1":668,"2":"https://www.jetbrains.com/"}{"1":677}" data-sheets-textstyleruns="{"1":0}{"1":536,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":586}{"1":637,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":663}{"1":668,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":677}" data-sheets-userformat="{"2":1053441,"3":{"1":0},"11":4,"12":0,"15":"Open Sans","23":1}" data-sheets-value="{"1":2,"2":"This year we are conducting the seventh iteration of the official Python Developers Survey. The goal is to capture the current state of the language and the ecosystem around it. By comparing the results with last year’s, we can identify and share with everyone the hottest trends in the Python community and the key insights into it. \n\nWe encourage you to contribute to our community’s knowledge by sharing your experience and perspective. Your participation is valued! The survey should only take you about 10-15 minutes to complete.\n\nContribute to the Python Developers Survey 2023!\n\nThe survey is organized in partnership between the Python Software Foundation and JetBrains. After the survey is over, we will publish the aggregated results and randomly choose 20 winners (among those who complete the survey in its entirety), who will each receive a $100 Amazon Gift Card or a local equivalent."}" style="font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal;"><span style="font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal;"> This year we are conducting the seventh iteration of the official Python Developers Survey. The goal is to capture the current state of the language and the ecosystem around it. By comparing the results with last year’s, we can identify and share with everyone the hottest trends in the Python community and the key insights into it. <br /> </span></span></p><p><span data-sheets-hyperlinkruns="{"1":536,"2":"https://survey.alchemer.com/s3/7554174/python-developers-survey-2023"}{"1":586}{"1":637,"2":"https://www.python.org/psf-landing/"}{"1":663}{"1":668,"2":"https://www.jetbrains.com/"}{"1":677}" data-sheets-textstyleruns="{"1":0}{"1":536,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":586}{"1":637,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":663}{"1":668,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":677}" data-sheets-userformat="{"2":1053441,"3":{"1":0},"11":4,"12":0,"15":"Open Sans","23":1}" data-sheets-value="{"1":2,"2":"This year we are conducting the seventh iteration of the official Python Developers Survey. The goal is to capture the current state of the language and the ecosystem around it. By comparing the results with last year’s, we can identify and share with everyone the hottest trends in the Python community and the key insights into it. \n\nWe encourage you to contribute to our community’s knowledge by sharing your experience and perspective. Your participation is valued! The survey should only take you about 10-15 minutes to complete.\n\nContribute to the Python Developers Survey 2023!\n\nThe survey is organized in partnership between the Python Software Foundation and JetBrains. After the survey is over, we will publish the aggregated results and randomly choose 20 winners (among those who complete the survey in its entirety), who will each receive a $100 Amazon Gift Card or a local equivalent."}" style="font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal;"><span style="font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal;">We encourage you to contribute to our community’s knowledge by sharing your experience and perspective. Your participation is valued! The survey should only take you about 10-15 minutes to complete.</span></span></p><p><span data-sheets-hyperlinkruns="{"1":536,"2":"https://survey.alchemer.com/s3/7554174/python-developers-survey-2023"}{"1":586}{"1":637,"2":"https://www.python.org/psf-landing/"}{"1":663}{"1":668,"2":"https://www.jetbrains.com/"}{"1":677}" data-sheets-textstyleruns="{"1":0}{"1":536,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":586}{"1":637,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":663}{"1":668,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":677}" data-sheets-userformat="{"2":1053441,"3":{"1":0},"11":4,"12":0,"15":"Open Sans","23":1}" data-sheets-value="{"1":2,"2":"This year we are conducting the seventh iteration of the official Python Developers Survey. The goal is to capture the current state of the language and the ecosystem around it. By comparing the results with last year’s, we can identify and share with everyone the hottest trends in the Python community and the key insights into it. \n\nWe encourage you to contribute to our community’s knowledge by sharing your experience and perspective. Your participation is valued! The survey should only take you about 10-15 minutes to complete.\n\nContribute to the Python Developers Survey 2023!\n\nThe survey is organized in partnership between the Python Software Foundation and JetBrains. After the survey is over, we will publish the aggregated results and randomly choose 20 winners (among those who complete the survey in its entirety), who will each receive a $100 Amazon Gift Card or a local equivalent."}" style="font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal;"><span style="font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal;"><br /></span></span></p><div class="separator" style="clear: both; text-align: center;"><a class="hoverZoomLink" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOuNIzVTdqffnS_Gwvcw0H5kLspjnCUjSwVY2RXMBnTvWVdRpBWqzDBgaN9nU3lmoEyxk8J8GCnlrw-tGNeO5hI88lSm3Kq8EJaSZhXiC4X8zlWkDXjEWshbq6Ft47YSwOot0huASY4HttDdo2V72CauCJa5iG3wsU-ZfYMsWKmSJKUhK2mg/s1200/Facebook_1200x630.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" class="hoverZoomLink" data-original-height="630" data-original-width="1200" height="201" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOuNIzVTdqffnS_Gwvcw0H5kLspjnCUjSwVY2RXMBnTvWVdRpBWqzDBgaN9nU3lmoEyxk8J8GCnlrw-tGNeO5hI88lSm3Kq8EJaSZhXiC4X8zlWkDXjEWshbq6Ft47YSwOot0huASY4HttDdo2V72CauCJa5iG3wsU-ZfYMsWKmSJKUhK2mg/w384-h201/Facebook_1200x630.png" width="384" /></a></div><p></p><p><span data-sheets-hyperlinkruns="{"1":536,"2":"https://survey.alchemer.com/s3/7554174/python-developers-survey-2023"}{"1":586}{"1":637,"2":"https://www.python.org/psf-landing/"}{"1":663}{"1":668,"2":"https://www.jetbrains.com/"}{"1":677}" data-sheets-textstyleruns="{"1":0}{"1":536,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":586}{"1":637,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":663}{"1":668,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":677}" data-sheets-userformat="{"2":1053441,"3":{"1":0},"11":4,"12":0,"15":"Open Sans","23":1}" data-sheets-value="{"1":2,"2":"This year we are conducting the seventh iteration of the official Python Developers Survey. The goal is to capture the current state of the language and the ecosystem around it. By comparing the results with last year’s, we can identify and share with everyone the hottest trends in the Python community and the key insights into it. \n\nWe encourage you to contribute to our community’s knowledge by sharing your experience and perspective. Your participation is valued! The survey should only take you about 10-15 minutes to complete.\n\nContribute to the Python Developers Survey 2023!\n\nThe survey is organized in partnership between the Python Software Foundation and JetBrains. After the survey is over, we will publish the aggregated results and randomly choose 20 winners (among those who complete the survey in its entirety), who will each receive a $100 Amazon Gift Card or a local equivalent."}" style="font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal;"><span style="font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal;"></span></span></p><p><span data-sheets-hyperlinkruns="{"1":536,"2":"https://survey.alchemer.com/s3/7554174/python-developers-survey-2023"}{"1":586}{"1":637,"2":"https://www.python.org/psf-landing/"}{"1":663}{"1":668,"2":"https://www.jetbrains.com/"}{"1":677}" data-sheets-textstyleruns="{"1":0}{"1":536,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":586}{"1":637,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":663}{"1":668,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":677}" data-sheets-userformat="{"2":1053441,"3":{"1":0},"11":4,"12":0,"15":"Open Sans","23":1}" data-sheets-value="{"1":2,"2":"This year we are conducting the seventh iteration of the official Python Developers Survey. The goal is to capture the current state of the language and the ecosystem around it. By comparing the results with last year’s, we can identify and share with everyone the hottest trends in the Python community and the key insights into it. \n\nWe encourage you to contribute to our community’s knowledge by sharing your experience and perspective. Your participation is valued! The survey should only take you about 10-15 minutes to complete.\n\nContribute to the Python Developers Survey 2023!\n\nThe survey is organized in partnership between the Python Software Foundation and JetBrains. After the survey is over, we will publish the aggregated results and randomly choose 20 winners (among those who complete the survey in its entirety), who will each receive a $100 Amazon Gift Card or a local equivalent."}" style="font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal;"><span style="font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal;"></span></span></p><p><span data-sheets-hyperlinkruns="{"1":536,"2":"https://survey.alchemer.com/s3/7554174/python-developers-survey-2023"}{"1":586}{"1":637,"2":"https://www.python.org/psf-landing/"}{"1":663}{"1":668,"2":"https://www.jetbrains.com/"}{"1":677}" data-sheets-textstyleruns="{"1":0}{"1":536,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":586}{"1":637,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":663}{"1":668,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":677}" data-sheets-userformat="{"2":1053441,"3":{"1":0},"11":4,"12":0,"15":"Open Sans","23":1}" data-sheets-value="{"1":2,"2":"This year we are conducting the seventh iteration of the official Python Developers Survey. The goal is to capture the current state of the language and the ecosystem around it. By comparing the results with last year’s, we can identify and share with everyone the hottest trends in the Python community and the key insights into it. \n\nWe encourage you to contribute to our community’s knowledge by sharing your experience and perspective. Your participation is valued! The survey should only take you about 10-15 minutes to complete.\n\nContribute to the Python Developers Survey 2023!\n\nThe survey is organized in partnership between the Python Software Foundation and JetBrains. After the survey is over, we will publish the aggregated results and randomly choose 20 winners (among those who complete the survey in its entirety), who will each receive a $100 Amazon Gift Card or a local equivalent."}" style="font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal;"><span style="font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal;"></span></span></p><p><span data-sheets-hyperlinkruns="{"1":536,"2":"https://survey.alchemer.com/s3/7554174/python-developers-survey-2023"}{"1":586}{"1":637,"2":"https://www.python.org/psf-landing/"}{"1":663}{"1":668,"2":"https://www.jetbrains.com/"}{"1":677}" data-sheets-textstyleruns="{"1":0}{"1":536,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":586}{"1":637,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":663}{"1":668,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":677}" data-sheets-userformat="{"2":1053441,"3":{"1":0},"11":4,"12":0,"15":"Open Sans","23":1}" data-sheets-value="{"1":2,"2":"This year we are conducting the seventh iteration of the official Python Developers Survey. The goal is to capture the current state of the language and the ecosystem around it. By comparing the results with last year’s, we can identify and share with everyone the hottest trends in the Python community and the key insights into it. \n\nWe encourage you to contribute to our community’s knowledge by sharing your experience and perspective. Your participation is valued! The survey should only take you about 10-15 minutes to complete.\n\nContribute to the Python Developers Survey 2023!\n\nThe survey is organized in partnership between the Python Software Foundation and JetBrains. After the survey is over, we will publish the aggregated results and randomly choose 20 winners (among those who complete the survey in its entirety), who will each receive a $100 Amazon Gift Card or a local equivalent."}" style="font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal;"><span style="font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal;"></span></span></p><p><span data-sheets-hyperlinkruns="{"1":536,"2":"https://survey.alchemer.com/s3/7554174/python-developers-survey-2023"}{"1":586}{"1":637,"2":"https://www.python.org/psf-landing/"}{"1":663}{"1":668,"2":"https://www.jetbrains.com/"}{"1":677}" data-sheets-textstyleruns="{"1":0}{"1":536,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":586}{"1":637,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":663}{"1":668,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":677}" data-sheets-userformat="{"2":1053441,"3":{"1":0},"11":4,"12":0,"15":"Open Sans","23":1}" data-sheets-value="{"1":2,"2":"This year we are conducting the seventh iteration of the official Python Developers Survey. The goal is to capture the current state of the language and the ecosystem around it. By comparing the results with last year’s, we can identify and share with everyone the hottest trends in the Python community and the key insights into it. \n\nWe encourage you to contribute to our community’s knowledge by sharing your experience and perspective. Your participation is valued! The survey should only take you about 10-15 minutes to complete.\n\nContribute to the Python Developers Survey 2023!\n\nThe survey is organized in partnership between the Python Software Foundation and JetBrains. After the survey is over, we will publish the aggregated results and randomly choose 20 winners (among those who complete the survey in its entirety), who will each receive a $100 Amazon Gift Card or a local equivalent."}" style="font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal;"><span style="font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal;"></span></span></p><p><span data-sheets-hyperlinkruns="{"1":536,"2":"https://survey.alchemer.com/s3/7554174/python-developers-survey-2023"}{"1":586}{"1":637,"2":"https://www.python.org/psf-landing/"}{"1":663}{"1":668,"2":"https://www.jetbrains.com/"}{"1":677}" data-sheets-textstyleruns="{"1":0}{"1":536,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":586}{"1":637,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":663}{"1":668,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":677}" data-sheets-userformat="{"2":1053441,"3":{"1":0},"11":4,"12":0,"15":"Open Sans","23":1}" data-sheets-value="{"1":2,"2":"This year we are conducting the seventh iteration of the official Python Developers Survey. The goal is to capture the current state of the language and the ecosystem around it. By comparing the results with last year’s, we can identify and share with everyone the hottest trends in the Python community and the key insights into it. \n\nWe encourage you to contribute to our community’s knowledge by sharing your experience and perspective. Your participation is valued! The survey should only take you about 10-15 minutes to complete.\n\nContribute to the Python Developers Survey 2023!\n\nThe survey is organized in partnership between the Python Software Foundation and JetBrains. After the survey is over, we will publish the aggregated results and randomly choose 20 winners (among those who complete the survey in its entirety), who will each receive a $100 Amazon Gift Card or a local equivalent."}" style="font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal;"><span style="font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal;"></span></span></p><p><span data-sheets-hyperlinkruns="{"1":536,"2":"https://survey.alchemer.com/s3/7554174/python-developers-survey-2023"}{"1":586}{"1":637,"2":"https://www.python.org/psf-landing/"}{"1":663}{"1":668,"2":"https://www.jetbrains.com/"}{"1":677}" data-sheets-textstyleruns="{"1":0}{"1":536,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":586}{"1":637,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":663}{"1":668,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":677}" data-sheets-userformat="{"2":1053441,"3":{"1":0},"11":4,"12":0,"15":"Open Sans","23":1}" data-sheets-value="{"1":2,"2":"This year we are conducting the seventh iteration of the official Python Developers Survey. The goal is to capture the current state of the language and the ecosystem around it. By comparing the results with last year’s, we can identify and share with everyone the hottest trends in the Python community and the key insights into it. \n\nWe encourage you to contribute to our community’s knowledge by sharing your experience and perspective. Your participation is valued! The survey should only take you about 10-15 minutes to complete.\n\nContribute to the Python Developers Survey 2023!\n\nThe survey is organized in partnership between the Python Software Foundation and JetBrains. After the survey is over, we will publish the aggregated results and randomly choose 20 winners (among those who complete the survey in its entirety), who will each receive a $100 Amazon Gift Card or a local equivalent."}" style="font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal;"><span style="font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal;"></span></span></p><p style="text-align: center;"><b><span data-sheets-hyperlinkruns="{"1":536,"2":"https://survey.alchemer.com/s3/7554174/python-developers-survey-2023"}{"1":586}{"1":637,"2":"https://www.python.org/psf-landing/"}{"1":663}{"1":668,"2":"https://www.jetbrains.com/"}{"1":677}" data-sheets-textstyleruns="{"1":0}{"1":536,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":586}{"1":637,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":663}{"1":668,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":677}" data-sheets-userformat="{"2":1053441,"3":{"1":0},"11":4,"12":0,"15":"Open Sans","23":1}" data-sheets-value="{"1":2,"2":"This year we are conducting the seventh iteration of the official Python Developers Survey. The goal is to capture the current state of the language and the ecosystem around it. By comparing the results with last year’s, we can identify and share with everyone the hottest trends in the Python community and the key insights into it. \n\nWe encourage you to contribute to our community’s knowledge by sharing your experience and perspective. Your participation is valued! The survey should only take you about 10-15 minutes to complete.\n\nContribute to the Python Developers Survey 2023!\n\nThe survey is organized in partnership between the Python Software Foundation and JetBrains. After the survey is over, we will publish the aggregated results and randomly choose 20 winners (among those who complete the survey in its entirety), who will each receive a $100 Amazon Gift Card or a local equivalent."}" style="font-family: Open Sans, Arial; font-style: normal;"><span style="color: #1155cc; font-family: Open Sans, Arial; font-style: normal; text-decoration-skip-ink: none; text-decoration: underline;"><a class="in-cell-link" href="https://survey.alchemer.com/s3/7554174/python-developers-survey-2023" target="_blank"><span style="font-size: medium;">Contribute to the Python Developers Survey 2023!<br /></span></a></span></span></b></p><p><span data-sheets-hyperlinkruns="{"1":536,"2":"https://survey.alchemer.com/s3/7554174/python-developers-survey-2023"}{"1":586}{"1":637,"2":"https://www.python.org/psf-landing/"}{"1":663}{"1":668,"2":"https://www.jetbrains.com/"}{"1":677}" data-sheets-textstyleruns="{"1":0}{"1":536,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":586}{"1":637,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":663}{"1":668,"2":{"2":{"1":2,"2":1136076},"9":1}}{"1":677}" data-sheets-userformat="{"2":1053441,"3":{"1":0},"11":4,"12":0,"15":"Open Sans","23":1}" data-sheets-value="{"1":2,"2":"This year we are conducting the seventh iteration of the official Python Developers Survey. The goal is to capture the current state of the language and the ecosystem around it. By comparing the results with last year’s, we can identify and share with everyone the hottest trends in the Python community and the key insights into it. \n\nWe encourage you to contribute to our community’s knowledge by sharing your experience and perspective. Your participation is valued! The survey should only take you about 10-15 minutes to complete.\n\nContribute to the Python Developers Survey 2023!\n\nThe survey is organized in partnership between the Python Software Foundation and JetBrains. After the survey is over, we will publish the aggregated results and randomly choose 20 winners (among those who complete the survey in its entirety), who will each receive a $100 Amazon Gift Card or a local equivalent."}" style="font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal;"><span style="-webkit-text-decoration-skip: none; color: #1155cc; font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal; text-decoration-skip-ink: none; text-decoration: underline;"><a class="in-cell-link" href="https://survey.alchemer.com/s3/7554174/python-developers-survey-2023" target="_blank"><br /></a></span><span style="font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal;">The survey is organized in partnership between the </span><span style="-webkit-text-decoration-skip: none; color: #1155cc; font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal; text-decoration-skip-ink: none; text-decoration: underline;"><a class="in-cell-link" href="https://www.python.org/psf-landing/" target="_blank">Python Software Foundation</a></span><span style="font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal;"> and </span><span style="-webkit-text-decoration-skip: none; color: #1155cc; font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal; text-decoration-skip-ink: none; text-decoration: underline;"><a class="in-cell-link" href="https://www.jetbrains.com/" target="_blank">JetBrains</a></span><span style="font-family: Open Sans,Arial; font-size: 10pt; font-style: normal; font-weight: normal;">. After the survey is over, we will publish the aggregated results and randomly choose 20 winners (among those who complete the survey in its entirety), who will each receive a $100 Amazon Gift Card or a local equivalent.</span></span></p><div id="hzImg" style="background-color: white; border-radius: 4px; border: 4px solid rgb(255, 255, 255); box-shadow: rgba(0, 0, 0, 0.4) 0px 1px 3px; cursor: pointer; display: none; height: auto; left: 5px; line-height: 0px; margin: 4px; opacity: 1; overflow: hidden; padding: 0px; pointer-events: none; position: absolute; top: 259px; visibility: visible; width: auto; z-index: 2147483647;"></div>Marie Nordinhttp://www.blogger.com/profile/15138793242213676112noreply@blogger.comtag:blogger.com,1999:blog-8520.post-42592088323208029352023-10-27T12:13:00.000-04:002023-10-27T12:13:42.481-04:00Announcing our new Community Communications Manager!<p>We <a href="https://fosstodon.org/@ThePSF/110498521981281969">announced our search</a> for our first Community Communications Manager back in June, and after a thorough search, we are beyond excited to announce that <a href="https://www.linkedin.com/in/mariecnordin">Marie Nordin</a> is the newest addition to our team! Reporting to Loren Crary, Director of Resource Development, Marie joins the PSF as a longtime contributor in Open Source, an experienced community organizer, and an enthusiastic communicator. <br /><br />Marie will be responsible for establishing a PSF communications calendar, including annual messaging, newsletters, and blog posts. She will also partner with our Executive Director, Deb Nicholson, and other staffers to enhance our support for the Python community with a variety of initiatives. As the first Community Communications Manager at the PSF, Marie’s work will be made up of both routine and experimental projects, as well as helping to fill some of the gaps in our tiny but mighty team.</p><p></p><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhXW-159xbJPSdd842X_pzFSPAgB9gm1vhPipNJAnq4vCdc4LaE2WeoUM2j-Dmf9GAj47QwDwN52UqXXyASgPSWj9Itti5RdBmW2OhENCw-I4iInbl4uq903FluqlVBgmRPHVH7syI39rZtkFdBWH3FmpaXuDqVl3RzeJZDqA7aY0ZqZ-nWI9g" style="margin-left: 1em; margin-right: 1em;"><img alt="A very nice photo of Marie Nordin" data-original-height="2789" data-original-width="2193" height="320" src="https://blogger.googleusercontent.com/img/a/AVvXsEhXW-159xbJPSdd842X_pzFSPAgB9gm1vhPipNJAnq4vCdc4LaE2WeoUM2j-Dmf9GAj47QwDwN52UqXXyASgPSWj9Itti5RdBmW2OhENCw-I4iInbl4uq903FluqlVBgmRPHVH7syI39rZtkFdBWH3FmpaXuDqVl3RzeJZDqA7aY0ZqZ-nWI9g=w252-h320" width="252" /></a></div><p></p><p>Marie shares, “<i>I’m thrilled to join the PSF team to help amplify the stories and voices of the Python community. I look forward to learning, supporting, and connecting with you all!</i>” <br /><br />Marie has a background in community architecture, project/program management, Code of Conduct, and graphic design. A Visual Media graduate from the <a href="https://www.rit.edu/">Rochester Institute of Technology</a>, she first learned of Free and Open Source Software and culture at <a href="https://www.rit.edu/research/open">Open@RIT</a>. Marie went on to become an <a href="https://www.outreachy.org/">Outreachy</a> intern in 2013 for the <a href="https://fedoraproject.org/">Fedora Project</a> working on <a href="https://badges.fedoraproject.org/">Fedora Badges</a> design. After six years of contributing to Fedora in various parts of the project, Marie joined <a href="https://www.redhat.com/en/blog/channel/red-hat-open-source-program-office">Red Hat’s Open Source Program Office</a> as the <a href="https://docs.fedoraproject.org/en-US/council/fca/#previous">Fedora Community Action and Impact Coordinator</a> and later on as a Code of Conduct Specialist. <br /><br />We hope everyone in the Python community will join us in welcoming Marie with ideas and collaboration as she settles in. We are very happy to be able to add a staff member dedicated full-time to such important aspects of our work, and we feel very fortunate to have found someone with Marie's wealth of experience and skills to take on this new role. We're excited to see what Marie can achieve together with the PSF and the Python community! <br /><br /></p>Loren Craryhttp://www.blogger.com/profile/06125752284896762014noreply@blogger.comtag:blogger.com,1999:blog-8520.post-48995145883537639582023-10-20T11:16:00.000-04:002023-10-20T11:16:42.322-04:00September & October Board Votes<p>We’re writing today because we know the process of the PSF Board’s review of DjangoCon Africa’s recent grant application caused concern, disappointment, and confusion for some of our community. We want to take time to explain that process clearly, and how we plan to improve moving forward. <br /></p>First of all, we’re pleased to say that on October 11th the PSF Board voted to approve DjangoCon Africa’s $9,000 grant request. We’re wishing lots of luck to the organizers and everyone involved–<a href="https://2023.djangocon.africa/">check it out here</a>! DjangoCon Africa is a community-run event that will take place for the first time this year November 6-11 in Zanzibar, Tanzania. <br /><br />If you are reading this, you probably already know that the PSF runs a grants program that disperses funds to Python events and groups, (<a href="https://www.python.org/psf/grants/">info on how to apply for your own event here</a>). Last year we gave out $215,000 to 138 groups in 42 countries. For the majority of grants, the decision of whether or not to fund a grant request is made by consensus by the Grants Working Group, which is made up of volunteers from the community (huge thanks always due to them for what they do.) Some grants require the Board to review and vote on them instead: grant requests over $10,000; grants with a per person per day cost greater than $15; and grants that the Grants Working Group can’t reach a consensus decision on. <br /><br />Because after discussion the working group couldn’t reach a consensus on the DjangoCon Africa request, it came to the Board for a vote instead. The Board first discussed the request in our September meeting, however the resolution to grant the request didn’t pass because the majority of directors abstained (6 abstentions, 4 yes votes, 0 no votes). The board members who abstained had a variety of reasons, including our Board Chair who was required to abstain because she is an organizer of DjangoCon Africa; others had open questions about the details of the grant request (e.g. related to budget) that we didn’t have time to resolve or had concerns about how to best support our community members with respect to safety, security and equity in the context of international events taking place in jurisdictions with laws that are harmful to certain community members (in this case, the criminalization of homosexuality in Tanzania) but not wanting to apply a new rule unfairly to this event. The reason for each board member's vote is always as nuanced as the board member casting it each time a vote comes to decision. In this case, it was agreed that there was not sufficient time in the board meeting to review the merits of the application, which bears no fault of the DjangoCon Africa organizing team. <br /><br />The request came back in front of the Board for our October meeting, at which point we’d been able to get more information, time to review, and read letters on the event's impact. This vote passed (1 abstention, 10 yes votes, 0 no votes), which we believe reflects the values of an informed Board working together. We’re thrilled to be able to support the Django and Python communities in Africa in general and in Tanzania in particular, and especially for what is shaping up to be a great new annual event. Every decision made, with or without feedback from the community, affects dozens to hundreds to thousands of Pythonistas and the Board is always cognizant that our desire to provide timely, enthusiastic support must be balanced with the responsibility to steward funds carefully and fairly. <br /><br />Because of the harm expressed in the community due to the Board’s process, we will be conducting a retrospective on this process specifically and the Board's approach to grants in general. To be completely clear, the points that will be discussed in our retrospective have everything to do with process improvements and event inclusivity and nothing to do with the merits of the event in question. We’re likely to address process issues in the short term and strategy over a longer period of time. The discussed topics are likely to include, but are not limited to:<br /><ul><li>The PSF's approach to grant making in general</li><li>How to best serve the global community, especially marginalized members for whom safety can be a concern when traveling </li><li>Parliamentary procedures</li></ul>We value community perspective. If you would like to share any thoughts or feelings on this topic, please feel free to share your thoughts – anonymously if you prefer – <a href="https://forms.gle/v7rJYsnQJAY5ewvt5">via this form</a>. <br /><br />Once complete, our retrospective can be found in our <a href="https://www.python.org/psf/records/board/minutes/">meeting minutes archive</a> along with the minutes for all of the board's previous meetings. <br /><br />Thank you for helping us make the Python community the best it can be, <br />The PSF Board of DirectorsDeb Nicholsonhttp://www.blogger.com/profile/06173618710147431813noreply@blogger.comtag:blogger.com,1999:blog-8520.post-81526799745409908312023-10-17T14:00:00.005-04:002023-10-17T15:06:56.084-04:00Security Developer-in-Residence 2023 Q3 Report<p>It’s been three months since I was first hired as the inaugural Security Developer-in-Residence. I’m quite proud of what I’ve accomplished so far and think it shows the value of investing into the security of Open Source through hiring folks to work full-time in roles like “Developer-in-Residence” programs. I’m thankful to the <a href="https://alpha-omega.dev/">Alpha-Omega project at OpenSSF</a> for funding this work. Let’s review all of the accomplishments in the first quarter of this role and what to look forward to in the next quarter.<br /><br />If you’d like to follow along with my work more closely you can subscribe to my <a href="https://sethmlarson.dev/blog#archive">personal blog</a> where I publish <a href="https://sethmlarson.dev/security-developer-in-residence-weekly-report-13">weekly updates</a> about the work I’m doing. If you have questions or thoughts about what I’m working on you can contact me via email: <a href="mailto:seth@python.org">seth@python.org</a>.<br /></p><h2 style="text-align: left;">The Python Software Foundation authorized as a CVE Numbering Authority (CNA)</h2><p>Back in late August the Python Software Foundation received notice that we’d successfully completed onboarding and had been <a href="https://pyfound.blogspot.com/2023/08/psf-authorized-as-cna.html">authorized by CVE as a CVE Numbering Authority</a> or “CNA”. The <a href="https://www.cve.org/PartnerInformation/ListofPartners/partner/PSF">Python Software Foundation CNA scope</a> covers Python and pip, two projects which are fundamental to the rest of the Python ecosystem.<br /><br />Being a CNA means that the PSF can offer staffing to improve the sustainability and responsiveness of coordination and vulnerability disclosure work for covered projects. The PSF CNA also provides <a href="https://osv.dev/vulnerability/PSF-2023-8">rich metadata for CVE records and advisories</a>, including remediation information, so upgrading or patching for vulnerabilities is as straightforward as possible for downstream users of Python.<br /><br /></p><h2 style="text-align: left;">CPython vulnerability advisories available in Open Source Vulnerability database</h2><p style="text-align: left;">The Python Software Foundation now hosts a <a href="https://github.com/psf/advisory-database">vulnerability database on GitHub</a> using the <a href="https://ossf.github.io/osv-schema/">Open Source Vulnerability format</a> (OSV). This database contains vulnerability information for CPython in addition to vulnerabilities getting published to the security-announce@python.org mailing list. The historical vulnerability information was sourced from Victor Stinner’s “<a href="https://python-security.readthedocs.io/">python-security</a>” project in order to provide a complete history of vulnerabilities in CPython.<br /><br />By using the OSV format the vulnerabilities can be ingested and processed by the Open Source Vulnerability database which can be searched or <a href="https://google.github.io/osv.dev/api/">queried using an API</a> for machine-consumable vulnerability information. <br /><br />Having vulnerability information in a machine-consumable format enables tools that scan software deployments for vulnerabilities to easily provide accurate and automatically updated reports for CPython. The Open Source Vulnerability database also is more discoverable compared to the CVE database, having a readily available public API to query for vulnerabilities, products, and versions.<br /><br /></p><h2 style="text-align: left;">Python Security Response Team</h2><p style="text-align: left;">I have been helping coordinate reports to the <a href="https://www.python.org/dev/security/">Python Security Response Team</a> (PSRT) since joining the role. This work includes reviewing all reports, gathering information from reporters, discussing timelines, and working with core developers to create and release fixes and advisories in a coordinated manner. I also worked with CVE to get CVE IDs assigned on behalf of reports before the PSF was designated as a CNA.<br /><br />I revitalized the <a href="https://mail.python.org/mailman3/lists/security-announce.python.org/">security-announce@python.org mailing list</a> to use for future advisory announcements so interested parties can be notified as soon as new vulnerabilities are published (subscribe to the linked list if you’d like to receive these). I coordinated the two recent vulnerabilities affecting CPython (<a href="https://osv.dev/vulnerability/PSF-2023-8">CVE-2023-40217</a> and <a href="https://osv.dev/vulnerability/PSF-2023-9">CVE-2023-41105</a>) end-to-end from report to published advisory.<br /><br />Doing this coordination work frees up volunteers on the PSRT to focus on determining whether a report is a vulnerability and working on fixes. I’m also working to further reduce the manual coordination work required by PSRT by moving the reporting and triage process to GitHub using GitHub Security Advisories.</p><h2 style="text-align: left;">OpenSSF Day Europe 2023</h2><p style="text-align: left;">I co-presented a talk titled “<a href="https://sched.co/1P6TW">We Make Python Safer than Ever</a>” at OpenSSF Day Europe 2023 with PSF Board Member and OpenSSF Community Manager Cheuk Ting-Ho. The <a href="https://static.sched.com/hosted_files/openssfdayeu2023/a3/Final%20-%20OpenSSF%20Day%20Europe%202023.pdf">slides are available for download</a> and the <a href="https://www.youtube.com/watch?v=jhzv5RU56V4">talk recording is available to watch on YouTube</a>.<br /><br />The talk introduced the Security Developer-in-Residence role, went over the challenges that are unique to securing Open Source and Python ecosystems, described completed and future projects to make the Python ecosystem more secure, and gave a list of items that viewers themselves could do right away to make their own usage of Python more secure.<br /><br /></p><h2 style="text-align: left;">Sigstore signatures for Python release artifacts</h2><p style="text-align: left;">Python releases include signatures from the Release Managers using the signing tool “<a href="https://www.sigstore.dev/">Sigstore</a>”. These signatures mean you can be sure that a given release artifact wasn’t tampered with and was created and vetted by the Release Manager for a given Python release.<br /><br />I did an audit of existing signatures and <a href="https://github.com/sigstore/sigstore-python/issues/600#issuecomment-1634961707">found some discrepancies</a> between the documented identities and providers and what was published for each release. I worked with Release Managers to fix the discrepancies and <a href="https://github.com/python/release-tools/pull/51">added extra safeguards</a> to release tooling to ensure signatures are verifiable as documented. I also was able to back-fill the <a href="https://github.com/python/pythondotorg/issues/2300">new Sigstore signature format</a> from existing verification materials to make verifying signatures even easier!<span style="font-family: courier;"></span></p><blockquote><span style="font-family: courier;">$ python -m sigstore verify identity \<br /> --bundle Python-3.12.0.tgz.sigstore \<br /> --cert-identity thomas@python.org \<br /> --cert-oidc-issuer https://accounts.google.com \<br /> Python-3.12.0.tgz</span></blockquote>Having consistent artifact signatures is important because any discrepancies while consuming these signatures should raise red flags for downstream users and redistributors. This also helps build confidence in the new signing method over existing methods like GPG.<br /><br /><p></p><h2 style="text-align: left;">Adoption of system trust stores via Truststore</h2><p style="text-align: left;">There are three packaging tools (pip, PDM, and Conda) that are important to the Python ecosystem that are at various stages of adopting “Truststore”, a library that I authored prior to joining the PSF to enable Python projects to use system trust stores for verifying HTTPS certificates instead of relying on certifi for certificates.<br /><br />PDM has started using Truststore by default starting in <a href="https://github.com/pdm-project/pdm/releases/tag/2.9.0">v2.9.0</a>, Conda plans to release <a href="https://github.com/conda/conda/milestone/63">optional support for Truststore in v23.9.0</a>, and pip already has <a href="https://pip.pypa.io/en/stable/topics/https-certificates/#using-system-certificate-stores">optional support for Truststore</a> since v22.2 but has recently bundled Truststore into pip to remove the need to “bootstrap” into Truststore by pre-installing the library.<br /><br />Using the system trust store is important because any removals to a trust store (<a href="https://osv.dev/vulnerability/PYSEC-2023-135">like for e-Tugra root certificates</a>) must be propagated to all end systems in order to avoid “monster-in-the-middle” attacks. Further challenging this propagation is that some tools like pip bundle certifi as a means of bootstrapping, which means that you need to upgrade both certifi and pip in order to completely propagate updates to certifi’s certificate bundle.<br /><br />This propagation is better suited to a centralized system like an OS package manager or an automatic centralized authority or IT department keeping the trust bundles up-to-date, which can only happen through using system trust stores.<br /><br />Recently the Python implementation PyPy added support for Python 3.10, thus enabling PyPy to also use Truststore. I <a href="https://github.com/sethmlarson/truststore/pull/113">subsequently added support and backwards compatibility tests for PyPy to Truststore</a> to ensure all compliant implementations of Python can take advantage of the benefits.</p><h2 style="text-align: left;">Future Projects and Challenges<br /> <br /></h2><h3 style="text-align: left;">Software Bills-of-Materials for CPython</h3><p style="text-align: left;">Software Bill-of-Materials (SBOMs) are a hot topic in the world of software security due to new government requirements and improved software and vulnerability management tooling. Many tools generate or consume SBOMs as a universal format for describing software and its components and then matching those components to known vulnerabilities.<br /><br />I've started working on an authoritative SBOM for the CPython project, you can follow along in <a href="https://github.com/sethmlarson/cpython-sbom">this GitHub repository</a> if you are interested. This project is early and this will not be the final product or place where this information is published, this is only a place to experiment and get feedback on the approach and outputs before putting the final infrastructure in place.<br /><br />I started with the most straightforward release artifact, the source tarball, and I am planning to tackle the binary installers later since they'll require more research into the release processes. There is a work-in-progress SBOM file for Python-3.12.0.tgz available in the <a href="https://github.com/sethmlarson/cpython-sbom/blob/main/sboms">sboms/ directory on the repository</a>.<br /><br />Using vulnerability scanning tools I was able to see not only vulnerabilities in CPython, but <b>crucially in the bundled subcomponents like expat and pip</b>. Without an SBOM the subcomponents to a project like CPython likely wouldn’t get detected properly and thus would be not covered by vulnerability management tooling.<br /><br />The challenges here will be integrating the creation and maintenance of the SBOMs into the CPython development and release processes while minimally disrupting other core developers workflows and avoiding the need to develop and maintain custom tooling for CPython’s specific use-case.<br /><br /></p><h3 style="text-align: left;">Tracking bundled dependencies in Python packages</h3><p style="text-align: left;">Python is the premier “glue” language, meaning that Python is often used alongside many other programming languages like C, C++, Rust, Go, and more thanks to Python C API. This benefit also means that Python packages can include projects and source code from sources both within and external to the Python ecosystem.<br /><br />Those projects and source code from outside the Python ecosystem present a problem for vulnerability scanners <b>which typically rely on explicit metadata about projects and dependencies in order to find vulnerabilities in software manifests</b>. Without a clear way to encode this information into packaging metadata it’s impossible to signal these dependencies even if a maintainer of a project wants to do so.<br /><br />C and C++ projects in particular pose additional issues due to their existence outside of a programming language packaging ecosystem like Python with PyPI or JavaScript and NPM. This makes tracking usage and vulnerabilities in these projects difficult and relies on other identification schemes like CPEs or redistributions in other packaging ecosystems like RPM/DEB. Without this information scanners today miss vulnerable components bundled in Python packages, meaning developers won’t know how or when their Python deployments are vulnerable.<br /><br />Solving this issue completely will be a multi-step process, starting with being able to encode information about bundled projects into Python distributions which will require a new packaging PEP. After the standard has been decided, next is getting bundled project metadata automatically captured to avoid needing an entire ecosystem to manually annotate every project. Concurrently to this I’ll collaborate with SBOM generation tooling to add support for consuming the new standard and adding that information to SBOMs generated from Python environments.<br /><br /></p><h3 style="text-align: left;">CPython and pip release process improvements</h3><p style="text-align: left;">CPython and pip are two of the most important projects in the Python ecosystem and each have non-trivial release processes. In an effort to increase the integrity of these projects’ releases I’ve <a href="https://sethmlarson.dev/security-developer-in-residence-weekly-report-9">researched and documented their release process</a> and with <a href="https://slsa.dev/spec/v1.0/threats-overview">SLSA’s list of historical supply chain attacks against software projects</a> have been making suggestions and implementing improvements.<br /><br />These improvements include reproducibility of built artifacts, extra guarantees on the integrity of inputs, automating the build processes to reduce attack surface area to only services like GitHub Actions and Azure Pipelines instead of individuals’ computers, and making it so that in the event of an attack that it would need to be publicly detectable and traceable.<br /><br />By improving the integrity of these processes I am hoping to prevent disaster scenarios such as malware being injected into Python or pip at the “last mile” before being published to python.org. <b>Injection of malware during build time has happened to multiple other Open Source projects with disastrous results for users</b>. This work means users can be even more confident in their usage of Python and upgrade early and often to take advantage of Python’s latest features.</p>Seth Michael Larsonhttp://www.blogger.com/profile/16555309043643874359noreply@blogger.comtag:blogger.com,1999:blog-8520.post-81956895634517348032023-09-27T11:44:00.000-04:002023-09-27T11:44:10.863-04:00Python Developers Survey Numbers for 2022!<p>We are excited to announce the results of the sixth official annual Python Developers Survey. This work is done each year as a collaborative effort between the Python Software Foundation and JetBrains. Late last year, more than 23,000 Python developers and enthusiasts from almost 200 countries/regions participated in the survey to reveal the current state of the language and the ecosystem around it. (Spoiler alert: Many people are using Python, and 51% are using it for both work AND personal projects.)<br /><br /><a href="https://lp.jetbrains.com/python-developers-survey-2022/">https://lp.jetbrains.com/python-developers-survey-2022/</a><br /><br />We know the whole Python community finds this work useful. From Luciana Abud, product manager for Visual Studio Code, “Our teams at Microsoft are truly grateful to the Python Software Foundation and JetBrains for orchestrating the Python Developers Survey! The insights we gain allows us to take a data-driven approach to help with prioritizing feature development, addressing pain points, enhancing usability and anticipating future needs. This survey is invaluable in shaping our approach and continuously improving the Python development experience within the VS Code ecosystem!” </p><p>We’d love to hear how you use these numbers, so please share your thoughts on social media, mentioning<a href="https://twitter.com/jetbrains"> @jetbrains</a> and <a href="https://fosstodon.org/@ThePSF">@ThePSF</a> with the #pythondevsurvey hashtag. We are also open to any suggestions and feedback related to this survey which could help us run an even better one next time.</p>Deb Nicholsonhttp://www.blogger.com/profile/06173618710147431813noreply@blogger.comtag:blogger.com,1999:blog-8520.post-29624954436058275222023-09-14T14:52:00.000-04:002023-09-14T14:52:45.358-04:00Announcing Python Software Foundation Fellow Members for Q2 2023! 🎉<p><span style="caret-color: rgb(0, 0, 0); color: #666666; font-family: inherit; font-size: 13.2px;">The PSF is pleased to announce its second batch of PSF Fellows for 2023! Let us welcome the new PSF Fellows for Q2! The following people continue to do amazing things for the Python community:</span></p><div style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; margin: 15px 0px; text-align: center; text-size-adjust: auto;"><b style="text-align: left;"><span style="font-size: medium;">Esteban Maya Cadavid </span></b></div><div style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; margin: 15px 0px; text-align: center; text-size-adjust: auto;"><a href="https://twitter.com/esteban_x64" style="color: #2b5b84; text-decoration-line: none;" target="_blank">Twitter</a><span style="color: #0b5394;">, </span><span style="color: black;"><a href="https://www.linkedin.com/in/esteban-x64" style="color: #2b5b84; text-decoration-line: none;" target="_blank">LinkedIn</a>, </span><a href="https://github.com/estebanx64" style="color: #2b5b84; text-decoration-line: none;" target="_blank">Github</a>, <a href="https://instagram.com/estebanx64?igshid=OGQ5ZDc2ODk2ZA==" style="color: #2b5b84; text-decoration-line: none;" target="_blank">Instagram</a></div><div style="margin: 15px 0px; text-align: center; text-size-adjust: auto;"><b style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; text-align: left;"><span style="font-size: medium;">Martijn Pieters </span></b></div><div style="margin: 15px 0px; text-align: center; text-size-adjust: auto;"><span style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px;"><a href="https://stackoverflow.com/users/100297/martijn-pieters" style="color: #2b5b84; text-decoration-line: none;" target="_blank">Stack Overflow</a><span style="color: #0b5394;">, </span><a href="https://github.com/mjpieters" style="color: #2b5b84; text-decoration-line: none;" target="_blank">GitHub</a><span style="color: black;">,</span> </span><a href="https://www.zopatista.com/" style="color: #2b5b84; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; text-decoration-line: none;" target="_blank">Website</a></div><div style="margin: 15px 0px; text-align: center; text-size-adjust: auto;"><b style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; text-align: left;"><span style="font-size: medium;">Philip Jones</span></b></div><div style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; margin: 15px 0px; text-align: center; text-size-adjust: auto;"><span><a href="https://fosstodon.org/@pgjones" style="color: #2b5b84; text-decoration-line: none;" target="_blank">Mastodon</a><span style="color: #0b5394;">, </span><a href="http://github.com/pgjones" style="color: #2b5b84; text-decoration-line: none;" target="_blank">GitHub</a><span style="color: black;">,</span> </span><a href="https://pgjones.dev" style="color: #2b5b84; text-decoration-line: none;" target="_blank">Website</a></div><div style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; margin: 15px 0px; text-align: center; text-size-adjust: auto;"><b style="text-align: left;"><span style="font-size: medium;">Yifei Wang</span></b></div><div style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; margin: 15px 0px; text-align: center; text-size-adjust: auto;"><a href="https://github.com/Sarah-Yifei-Wang" style="color: #2b5b84; font-size: 13.2px; text-decoration-line: none;" target="_blank">GitHub</a><span style="font-size: 13.2px;"> </span></div><p style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; margin: 15px 0px; text-align: justify; text-size-adjust: auto;"><span style="text-align: left;">Thank you for your continued contributions. We have added you to our Fellow roster</span><span class="Apple-converted-space" style="text-align: left;"> </span><a href="https://www.python.org/psf/fellows-roster/" style="-webkit-print-color-adjust: exact; color: #4183c4; font-family: inherit; text-align: left; text-decoration-line: none;">online</a><span style="text-align: left;">.</span></p><p style="-webkit-print-color-adjust: exact; caret-color: rgb(0, 0, 0); color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; margin: 15px 0px; text-align: justify; text-size-adjust: auto;"><span style="font-family: inherit;">The above members help support the Python ecosystem by being phenomenal leaders, sustaining the growth of the Python scientific community, maintaining virtual Python communities, maintaining Python libraries, creating educational material, organizing Python events and conferences, starting Python communities in local regions, and overall being great mentors in our community. Each of them continues to help make Python more accessible around the world. To learn more about the new Fellow members, check out their links above.</span></p><p style="-webkit-print-color-adjust: exact; caret-color: rgb(0, 0, 0); color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; margin: 15px 0px; text-size-adjust: auto;"><span style="font-family: inherit;">Let's continue recognizing Pythonistas all over the world for their impact on our community. The criteria for Fellow members is available online: <a href="https://www.python.org/psf/fellows/" style="color: #2b5b84; text-decoration-line: none;">https://www.python.org/psf/fellows/</a>. If you would like to nominate someone to be a PSF Fellow, please send a description of their Python accomplishments and their email address to psf-fellow at python.org. Quarter 3 nominations are currently in review. We are accepting nominations for Quarter 4 through November 20, 2023.</span></p><p style="-webkit-print-color-adjust: exact; caret-color: rgb(0, 0, 0); color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; margin: 15px 0px; text-size-adjust: auto;"><span style="font-family: inherit;">Are you a PSF Fellow and want to help the Work Group review nominations? Contact us at psf-fellow at python.org.</span></p>Olivia Saulshttp://www.blogger.com/profile/02332425566237042576noreply@blogger.comtag:blogger.com,1999:blog-8520.post-4784851175865679572023-08-29T15:26:00.000-04:002023-08-29T15:26:14.697-04:00The Python Software Foundation has been authorized by the CVE Program as a CVE Numbering Authority (CNA)<p style="text-align: left;">When a vulnerability is disclosed in software you're depending on, the last thing you want is for the remediation process to be confusing or ad-hoc. Towards the goal of a more secure and safe Python ecosystem, the Python Software Foundation has been <a href="https://www.cve.org/Media/News/item/news/2023/08/29/Python-Software-Foundation-Added-as-CNA">authorized by the CVE Program</a> as a CVE Numbering Authority (CNA).<br /></p><p style="text-align: left;">Being authorized as a CNA is one milestone in the Python Software Foundation's strategy to improve the vulnerability response processes of critical projects in the Python ecosystem. The <a href="https://www.cve.org/PartnerInformation/ListofPartners/partner/PSF">Python Software Foundation CNA scope</a> covers <a href="https://github.com/python/cpython">Python</a> and <a href="https://github.com/pypa/pip">pip</a>, two
projects which are fundamental to the rest of Python ecosystem.</p><p style="text-align: left;">By becoming a CNA, the PSF will be providing the following benefits to in-scope projects:<br /></p><ul style="text-align: left;"><li style="text-align: left;">Paid staffing for CNA operations rather than requiring volunteer time. <br /></li><li style="text-align: left;">Quicker allocations of CVE IDs after a vulnerability is reported.<br /></li><li style="text-align: left;">Involvement of each projects' security response teams during the reporting of vulnerabilities.</li><li style="text-align: left;">Richer published advisories and CVE Records including descriptions, metadata, and remediation information.</li><li style="text-align: left;">Consistent disclosures and publishing locations. <br /></li></ul><p style="text-align: left;">CNA operations will be staffed primarily by the <a href="https://pyfound.blogspot.com/2023/06/announcing-our-new-security-developer.html">recently hired Security Developer-in-Residence</a> Seth Michael Larson, Ee Durbin, and Chloe Gerhardson.</p><p style="text-align: left;">The PSF wants to help other Open Source organizations and will be sharing lessons learned and developing guidance on becoming a CNA and day-to-day operations.</p><p style="text-align: left;">To be alerted of newly published vulnerabilities in Python or pip, subscribe to the <a href="https://mail.python.org/mailman3/lists/security-announce.python.org/" target="_blank">security-announce@python.org mailing list</a> for security advisories. There is also a <a href="https://github.com/psf/advisory-database">new advisory database</a> published to GitHub using the machine-readable <a href="https://ossf.github.io/osv-schema/">Open Source Vulnerability</a> (OSV) format.</p><p style="text-align: left;"><br />If you'd like to report a security vulnerability to Python or pip, the vulnerability disclosure policy is <a href="https://www.python.org/dev/security">available on python.org</a>.</p><span><a name='more'></a></span><p style="text-align: left;">The mission of the Common Vulnerabilities and Exposures (CVE®) Program is to<br />identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There<br />is one CVE Record for each vulnerability in the catalog. The vulnerabilities are<br />discovered then assigned and published by organizations from around the world<br />that have partnered with the CVE Program. Partners publish CVE Records to<br />communicate consistent descriptions of vulnerabilities. Information technology<br />and cybersecurity professionals use CVE Records to ensure they are discussing<br />the same issue, and to coordinate their efforts to prioritize and address the<br />vulnerabilities.</p><p style="text-align: left;">The Python Software Foundation (PSF) is the non-profit organization
behind Python and PyPI. Our mission is to promote, protect, and advance
the Python programming language, and to support and facilitate the
growth of a diverse and international community of Python programmers.
The PSF supports the Python community using corporate sponsorships,
grants, and donations. Are you interested in sponsoring or donating to
the PSF so it can continue supporting Python and its community? Check
out our <a href="https://www.python.org/psf/sponsorship/">sponsorship program</a>, <a href="https://psfmember.org/civicrm/contribute/transact/?reset=1&id=2">donate directly here</a>, or contact our team!</p>Seth Michael Larsonhttp://www.blogger.com/profile/16555309043643874359noreply@blogger.comtag:blogger.com,1999:blog-8520.post-69747149887597809682023-08-04T12:32:00.000-04:002023-08-04T12:32:28.554-04:00Announcing Our New PyPI Safety & Security Engineer!<p>We <a href="https://blog.pypi.org/posts/2023-05-09-announcing-pypi-safety-and-security-engr-role/">announced our intention</a> back in May to fill this role with <a href="https://aws.amazon.com/blogs/opensource/securing-pypi-for-the-future/">generous funding by Amazon Web Services (AWS)</a>, and after a thorough search, we are delighted to announce <a href="https://mike.fiedler.me/">Mike Fiedler</a> is joining the team! He joins the PSF for the next year as our first ever PyPI Safety & Security Engineer. Mike is already a dedicated member of the Python packaging community – he has been a Python user for some 15 years, maintains and contributes to open source, and became a PyPI Maintainer in 2022.</p><p>This critical role would not be possible without funding from <a href="https://aws.amazon.com/opensource/">AWS</a>: "<i>We are happy to be able to invest in the sustainable and secure development of Python and PyPI, and we look forward to Mike's contributions</i>." - Tom Callaway, AWS. <br /><br />Mike begins his work with the <a href="http://pypi.org">Python Packaging Index</a> (PyPI) this week. He says, “<i>Very excited to join the team in improving the safety and security of PyPI for end users, package publishers, maintainers, and PyPI moderators and administrators - that’s a huge audience!</i>” We hope that everyone in the community will join us in welcoming Mike and supporting his critical work for Python packaging!</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQtH2F2N_fn2rburkNWVpr26ctTVpSbwdIo0c6gfgVpmoWa6E3sxBa9p8Jcnx1_9r4LsOT2hJkJrdN0ttP-EmMAA6o1AHptBHlcWnytl8fAvjBlIltUslJDHKE1lAKrUqX8aT1aE4CndI4Hp5-nMOvQyLXl6T80Boj30yN7wy1VeZmVsuxL3Q/s3289/49506768212_ac4f703527_o.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img alt="A photo of Mike Fiedler smiling to the camera." border="0" data-original-height="3289" data-original-width="2500" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQtH2F2N_fn2rburkNWVpr26ctTVpSbwdIo0c6gfgVpmoWa6E3sxBa9p8Jcnx1_9r4LsOT2hJkJrdN0ttP-EmMAA6o1AHptBHlcWnytl8fAvjBlIltUslJDHKE1lAKrUqX8aT1aE4CndI4Hp5-nMOvQyLXl6T80Boj30yN7wy1VeZmVsuxL3Q/w243-h320/49506768212_ac4f703527_o.jpg" width="243" /></a></div><p></p><p>We are thrilled that for the first time we are able to bring on an engineer who will be dedicated full-time to PyPI. PyPI is a massive project that has become key digital infrastructure serving millions of users. Up until now, PyPI has been almost entirely volunteer-run, depending on a tiny team with only one fraction of one person’s paid time. We’re expecting all PyPI users to have a tangibly improved experience from Mike’s work over the next year. Some of the outcomes we are targeting include increased support for package maintainers including multi-maintainer projects, improvements to reporting infrastructure for malicious projects, as well as a reduced response time for malware reports and account recovery requests. Mike will work closely with our also-recently-announced <a href="https://pyfound.blogspot.com/2023/06/announcing-our-new-security-developer.html">Security Developer in Residence, Seth Larson</a>. <br /></p><p><br />This role is funded by a substantial investment from AWS, inaugural Security Sponsor for PyPI. AWS has been one of the top sponsors of the Python Software Foundation for the last five years, and our long-term partnership with AWS has also included important in-kind donations of cloud computing infrastructure and services to support PyPI. </p><p>The Python Software Foundation (PSF) is the non-profit organization behind Python and PyPI. Our mission is to promote, protect, and advance the Python programming language, and to support and facilitate the growth of a diverse and international community of Python programmers. The PSF supports the Python community using corporate sponsorships, grants, and donations. Are you interested in sponsoring or donating to the PSF so it can continue supporting Python and its community? Check out our <a href="https://www.python.org/psf/sponsorship/">sponsorship program</a>, <a href="https://psfmember.org/civicrm/contribute/transact/?reset=1&id=2">donate directly here</a>, or contact our team!<br /><br /></p>Loren Craryhttp://www.blogger.com/profile/06125752284896762014noreply@blogger.comtag:blogger.com,1999:blog-8520.post-28727265807345500572023-08-02T10:51:00.000-04:002023-08-02T10:51:09.365-04:00Announcing Python Software Foundation Fellow Members for Q1 2023! 🎉<p><span style="caret-color: rgb(0, 0, 0); color: #666666; font-family: inherit; font-size: 13.2px;">The PSF is pleased to announce its first batch of PSF Fellows for 2023! Let us welcome the new PSF Fellows for Q1! The following people continue to do amazing things for the Python community:</span></p><p style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px;"><span style="caret-color: rgb(0, 0, 0); font-family: inherit;"><br /></span></p><div style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; margin: 15px 0px; text-align: center; text-size-adjust: auto;"><b style="text-align: left;"><span style="font-size: medium;">Abhishek Mishra </span></b></div><div style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; margin: 15px 0px; text-align: center; text-size-adjust: auto;"><a href="https://twitter.com/stalwartcoder" style="color: #2b5b84; text-decoration-line: none;" target="_blank">Twitter</a><span style="color: #0b5394;">, </span><span style="color: black;"><a href="https://www.linkedin.com/in/stalwartcoder/" style="color: #2b5b84; text-decoration-line: none;" target="_blank">LinkedIn</a>, </span><a href="https://abhishekmishra.dev" style="color: #2b5b84; text-decoration-line: none;" target="_blank">Website</a></div><div style="margin: 15px 0px; text-align: center; text-size-adjust: auto;"><b style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; text-align: left;"><span style="font-size: medium;">Barney Gale </span></b></div><div style="margin: 15px 0px; text-align: center; text-size-adjust: auto;"><span face=""Trebuchet MS", Trebuchet, Verdana, sans-serif" style="color: #666666; font-size: 13.2px;"><a href="https://github.com/barneygale/" style="color: #2b5b84; text-decoration-line: none;" target="_blank">GitHub</a><span style="color: black;">,</span> </span><a href="https://www.linkedin.com/in/bgale1/" style="color: #2b5b84; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; text-decoration-line: none;" target="_blank">LinkedIn</a></div><div style="margin: 15px 0px; text-align: center; text-size-adjust: auto;"><b style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; text-align: left;"><span style="font-size: medium;">Eric Traut</span></b></div><div style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; margin: 15px 0px; text-align: center; text-size-adjust: auto;"><span><a href="https://github.com/erictraut" style="color: #2b5b84; text-decoration-line: none;" target="_blank">GitHub</a><span style="color: black;">,</span> </span><a href="https://www.linkedin.com/in/eric-traut-79a815137/" style="color: #2b5b84; text-decoration-line: none;" target="_blank">LinkedIn</a></div><div style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; margin: 15px 0px; text-align: center; text-size-adjust: auto;"><b style="text-align: left;"><span style="font-size: medium;">Gina Häußge</span></b></div><div style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; margin: 15px 0px; text-align: center; text-size-adjust: auto;"><a href="https://chaos.social/@foosel" style="color: #2b5b84; font-size: 13.2px; text-decoration-line: none;" target="_blank">Mastodon</a><span style="color: #0b5394; font-size: 13.2px;">, </span><a href="https://github.com/foosel" style="color: #2b5b84; font-size: 13.2px; text-decoration-line: none;" target="_blank">GitHub</a><span style="font-size: 13.2px;">,</span><span style="color: black; font-size: 13.2px;"> </span><a href="https://foosel.net" style="color: #2b5b84; font-size: 13.2px; text-decoration-line: none;" target="_blank">Website</a><span style="font-size: 13.2px;"> </span></div><div style="margin: 15px 0px; text-align: center; text-size-adjust: auto;"><b style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; text-align: left;"><span style="font-size: medium;">Grishma Jena</span></b></div><div style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; margin: 15px 0px; text-align: center; text-size-adjust: auto;"><a href="https://twitter.com/DebateLover " style="color: #2b5b84; font-size: 13.2px; text-decoration-line: none;" target="_blank">Twitter</a><span style="color: #0b5394; font-size: 13.2px;">, </span><span style="font-size: 13.2px;"><a href="https://www.linkedin.com/in/grishmajena/" style="color: #2b5b84; text-decoration-line: none;" target="_blank">LinkedIn</a><span style="color: black;">,</span> </span><a href="https://gjena.github.io/" style="color: #2b5b84; font-size: 13.2px; text-decoration-line: none;" target="_blank">Website</a><span style="font-size: 13.2px;">,</span><span style="color: black; font-size: 13.2px;"> </span><a href="https://instagram.com/data_designtist" style="color: #2b5b84; font-size: 13.2px; text-decoration-line: none;" target="_blank">Instagram</a></div><div style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; margin: 15px 0px; text-align: center; text-size-adjust: auto;"><b style="font-size: 13.2px;"><span style="font-size: medium;">Samuel Colvin</span></b></div><div style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; margin: 15px 0px; text-align: center; text-size-adjust: auto;"><span><a href="https://twitter.com/samuel_colvin " style="color: #2b5b84; text-decoration-line: none;" target="_blank">Twitter</a><span style="color: #0b5394;">, </span><a href="https://github.com/samuelcolvin" style="color: #2b5b84; text-decoration-line: none;" target="_blank">GitHub</a></span></div><div style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; margin: 15px 0px; text-align: center; text-size-adjust: auto;"><b style="font-size: 13.2px; text-align: left;"><span style="font-size: medium;">Saptak Sengupta</span></b></div><div style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; margin: 15px 0px; text-align: center; text-size-adjust: auto;"><a href="https://toots.dgplug.org/@saptaks" style="color: #2b5b84; text-decoration-line: none;" target="_blank">Mastodon</a><span style="color: #0b5394;">, </span><a href="https://github.com/saptaks" style="color: #2b5b84; text-decoration-line: none;" target="_blank">GitHub</a>,<span style="color: black;"> </span><a href="https://saptaks.website" style="color: #2b5b84; text-decoration-line: none;" target="_blank">Website</a> </div><div style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; margin: 15px 0px; text-align: center; text-size-adjust: auto;"><div style="font-size: medium; margin: 15px 0px; text-size-adjust: auto;"><b style="font-size: 13.2px; text-align: left;"><span style="font-size: medium;">Soon Seng Goh</span></b></div><div style="margin: 15px 0px; text-size-adjust: auto;"><br /></div></div><p style="color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; margin: 15px 0px; text-align: justify; text-size-adjust: auto;"><span style="text-align: left;">Thank you for your continued contributions. We have added you to our Fellow roster</span><span class="Apple-converted-space" style="text-align: left;"> </span><a href="https://www.python.org/psf/fellows-roster/" style="-webkit-print-color-adjust: exact; color: #4183c4; font-family: inherit; text-align: left; text-decoration-line: none;">online</a><span style="text-align: left;">.</span></p><p style="-webkit-print-color-adjust: exact; caret-color: rgb(0, 0, 0); color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; margin: 15px 0px; text-align: justify; text-size-adjust: auto;"><span style="font-family: inherit;">The above members help support the Python ecosystem by being phenomenal leaders, sustaining the growth of the Python scientific community, maintaining virtual Python communities, maintaining Python libraries, creating educational material, organizing Python events and conferences, starting Python communities in local regions, and overall being great mentors in our community. Each of them continues to help make Python more accessible around the world. To learn more about the new Fellow members, check out their links above.</span></p><p style="-webkit-print-color-adjust: exact; caret-color: rgb(0, 0, 0); color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; margin: 15px 0px; text-size-adjust: auto;"><span style="font-family: inherit;">Let's continue recognizing Pythonistas all over the world for their impact on our community. The criteria for Fellow members is available online: <a href="https://www.python.org/psf/fellows/" style="color: #2b5b84; text-decoration-line: none;">https://www.python.org/psf/fellows/</a>. If you would like to nominate someone to be a PSF Fellow, please send a description of their Python accomplishments and their email address to psf-fellow at python.org. Quarter 2 nominations are currently in review. We are accepting nominations for quarter 3 through August 20, 2023.</span></p><p style="-webkit-print-color-adjust: exact; caret-color: rgb(0, 0, 0); color: #666666; font-family: "Trebuchet MS", Trebuchet, Verdana, sans-serif; font-size: 13.2px; margin: 15px 0px; text-size-adjust: auto;"><span style="font-family: inherit;">Are you a PSF Fellow and want to help the Work Group review nominations? Contact us at psf-fellow at python.org.</span></p>Olivia Saulshttp://www.blogger.com/profile/02332425566237042576noreply@blogger.comtag:blogger.com,1999:blog-8520.post-82714279831848702502023-06-30T20:13:00.000-04:002023-06-30T20:13:47.548-04:00Announcing the 2023 PSF Board Election Results!<p> </p><p>It was a really lively and engaged election process for the PSF Board
this year! First of all, we want to thank everyone who ran and was
willing to serve on the PSF Board. Even if you were not elected, we
appreciate all the time and effort you put into thinking about how to
make the PSF better and how to represent the parts of the community that
you participate in. We hope that you will continue to think about these
issues and share your ideas. <br /><br />Congratulations to our five new Board members-elect! </p><ul style="text-align: left;"><li>Cheuk Ting Ho</li><li>Denny Perez</li><li>Georgi Ker</li><li>Christopher Neugebauer</li><li>KwonHan Bae * </li></ul><p>We’ll
be in touch with all the elected candidates next week to schedule
onboarding. * The fifth person is being invited to serve for a year to
fill the off-cycle vacancy left by Joannah Nanjekye, who stepped down
from the Board. <br /></p><p>I’d like to take this opportunity to thank
our outgoing board members for their outstanding service; Dustin Ingram,
Joannah Nanjekye, Jeff Triplett, Thomas Wouters and Nina Zakharenko.
They served on the PSF Board through a particularly eventful time;
helping us to navigate the global pandemic, rework PyCon US into a
virtual event and hire a new Executive Director. Thank you for
supporting the PSF and the Python community through so much change! <br /><br />Our
heartfelt thanks go out to each of you who took the time to review the
candidates and submit your votes. Your participation helps the PSF
represent our community. We received 621 total votes, which easily
reached quorum–1/3 of affirmed voting members (877). We’re especially
grateful for your patience with navigating the changes to the voting
process, which ultimately allowed for a valid election and a more
sustainable elections system. <br /><br />I also want to thank everyone who helped promote this year’s board election, especially<a href="https://pythoncommunitynews.com/"> Python Community News</a>
who took the initiative to cover this year’s election and produced
informational videos from each candidate. I also want to highlight the
PSF staff members who made some changes to our membership management on
the back-end this year, enabling us to affirm voting intention for the
first time ever and setting up OpaVote. Thanks to Ee Durbin and Joe
Carey!<br /><br />Finally, it might feel a little early to mention this, but
we will have four seats open again next year. If you're interested in
running or learning more, we encourage you to reach out to a current
board member or two this year and ask them about serving. </p>Deb Nicholsonhttp://www.blogger.com/profile/06173618710147431813noreply@blogger.comtag:blogger.com,1999:blog-8520.post-53253376452451509612023-06-22T09:50:00.000-04:002023-06-22T09:50:11.087-04:00Announcing Our New Security Developer in Residence!<p>We <a href="https://pyfound.blogspot.com/2023/01/the-psf-is-hiring-security-developer-in.html">announced our intention</a> to fill this role back in January, and after a thorough search, we have chosen <a href="https://github.com/sethmlarson">Seth Michael Larson</a>! He joins the PSF for the next year as our first ever Security Developer-in-Residence. Seth is already well-known to the Python community – he was named a PSF Fellow last year and has already written a lot about Python and security on <a href="https://sethmlarson.dev/blog">his blog</a>. <br /></p>This critical role would not be possible without funding from the OpenSSF <a href="https://alpha-omega.dev/">Alpha-Omega Project</a>. “At Alpha-Omega, we are excited to support the Python Software Foundation as they improve the security of PyPI, and more generally the Python ecosystem as a whole.” Alpha Omega Representative - Bob Callaway, Google<p><br /><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMMjW7t6SUT_JHOfnctOA2PQf9X7rZqTSaPr298fwf-XynMa2DWodyEPPO85ECX87IhXt5B_vdtBJIjxJepuCxNhCRZ-PztzjN-GHU7ZnuaWxp1tTzYwY9x2kKe8TfK_U5YB0tgJtm6mxZwRXKO15-hfHJ8bzAJLQgAd9A2mhLgOUsGKEFlT8/s460/SML.jpeg" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="460" data-original-width="460" height="258" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMMjW7t6SUT_JHOfnctOA2PQf9X7rZqTSaPr298fwf-XynMa2DWodyEPPO85ECX87IhXt5B_vdtBJIjxJepuCxNhCRZ-PztzjN-GHU7ZnuaWxp1tTzYwY9x2kKe8TfK_U5YB0tgJtm6mxZwRXKO15-hfHJ8bzAJLQgAd9A2mhLgOUsGKEFlT8/w258-h258/SML.jpeg" width="258" /></a>Seth begins his work with Python and the<a href="https://pypi.org/"> Python Package Index</a> (PyPI) this week. He says, “The Python community is such a positive part of my life so I'm grateful for this incredible opportunity to contribute back. I'm looking forward to partnering with all of you to build a more secure Python ecosystem for everyone!” We hope that everyone in the community will welcome Seth and help him succeed in his audit and subsequent plans for key security improvements.</p><p>This role is funded by a substantial investment from the<a href="https://openssf.org/"> Open Software Security Foundation</a> (OpenSSF)<a href="https://openssf.org/community/alpha-omega/"> Alpha-Omega Project</a>. The OpenSSF is a non-profit cross-industry collaboration that brings together leaders to improve the security of open source software by building a broader community, targeted initiatives, and best practices. The OpenSSF unifies many open source security initiatives under one foundation to accelerate work through cross-industry support.</p><p>The Python Software Foundation (PSF) is a non-profit whose mission is to promote, protect, and advance the Python programming language, and to support and facilitate the growth of a diverse and international community of Python programmers. The PSF supports the Python community using corporate sponsorships, grants, and donations. Are you interested in sponsoring or donating to the PSF so it can continue supporting Python and its community? Check out our<a href="https://www.python.org/sponsors/application/"> sponsorship program</a>,<a href="https://psfmember.org/civicrm/contribute/transact?reset=1&id=2"> donate directly here</a>, or contact our team! <br /><br /> </p>Deb Nicholsonhttp://www.blogger.com/profile/06173618710147431813noreply@blogger.comtag:blogger.com,1999:blog-8520.post-74390971742677033912023-06-20T13:47:00.003-04:002023-06-21T11:39:15.341-04:00The 2023 PSF Board Election is Open!<p>It’s time to cast your vote! Voting takes place from today Tuesday, June 20, through Friday, June 30, 2023 11:59pm UTC. If you are a voting member of the PSF, you should have gotten an email from “OpaVote Voting Link <noreply@opavote.com>” with your ballot, the subject line will read “Python Software Foundation Board of Directors Election 2023”. If you haven’t seen your ballot by Wednesday, please 1) check your spam folder for a message from “noreply@opavote.com” and if you don’t see anything 2) get in touch by emailing psf-elections@python.org so we can make sure we have the most up to date email for you. </p><p>Four seats are open, but you can approve as many candidates as you like. BUT! Choose carefully before you press the <b><span style="color: #38761d;">big green vote button</span></b>. Once your vote is cast, it cannot be changed. <br /><br />We’re overwhelmed by how many of you are willing to contribute to the Python community by serving on the PSF board! Make sure you schedule some time to <a href="https://www.python.org/nominations/elections/2023-python-software-foundation-board/nominees/">look at all their statements</a> and choose your candidates carefully. OpaVote doesn’t let you go back and change your vote once you’ve made your choices. <br /><br />Who can vote? You need to be a Contributing, Managing, Supporting, or Fellow member as of June 15, 2023 and have <a href="https://pyfound.blogspot.com/2023/06/affirming-your-psf-membership-voting.html">affirmed your voting</a> intention by June 19, 2023 to vote in this election. Read more about our membership types<a href="https://www.python.org/psf/membership/"> here</a> or if you have questions about your membership status please email psf-elections@python.org</p>Deb Nicholsonhttp://www.blogger.com/profile/06173618710147431813noreply@blogger.comtag:blogger.com,1999:blog-8520.post-54948291744307082332023-06-16T13:19:00.002-04:002023-06-16T13:19:33.919-04:00Board Candidates for 2023 are Announced!<p>What an exciting list! Please take a look at who is running for the PSF Board this year <a href="https://www.python.org/nominations/elections/2023-python-software-foundation-board/nominees/">here</a>. This year there are 4 seats open on the PSF board. You can see who is on the board currently <a href="https://www.python.org/psf/records/board/history/">here</a>. (Dustin Ingram, Jeff Triplett, Nina Zakharenko and Thomas Wouters are at the end of their current terms.) <br /></p><p>Board Election Timeline:<br /></p><ul style="text-align: left;"><li>Nominations are open, Thursday, June 1st, 2:00 pm UTC</li><li>Board Director Nomination cut-off: Thursday, June 15, 11:59 pm UTC</li><li>Voter application cut-off date: Thursday, June 15, 11:59 pm UTC</li><li>Announce candidates: Friday, June 16th</li><li>Voting start date: Tuesday, June 20, 12:01 am UTC</li><li>Voting end date: Friday, June 30, 11:59 pm UTC</li></ul><p>Not sure what UTC is for you locally? Check <a href="https://savvytime.com/converter/utc">here</a>! </p><p>Voting takes place from today Tuesday, June 20, through Friday, June 30, 2023 11:59pm UTC. Check <a href="https://www.python.org/nominations/elections/">here</a> to see how much time you have left to vote. If you are a voting member of the PSF, you will get an email from “OpaVote Voting Link <noreply@opavote.com>” with your ballot, the subject line will read “Python Software Foundation Board of Directors Election 2023”. If you haven’t seen your ballot by Wednesday, please 1) check your spam folder for a message from “noreply@opavote.com” and if you don’t see anything 2) get in touch by emailing psf-elections@python.org so we can make sure we have the most up to date email for you. </p><p>If you have questions about your membership status or the election, please email <a href="mailto:psf-elections@python.org">psf-elections@python.org</a> You are welcome to join the discussion about the PSF Board election on <a href="http://psf-board.slack.com">Slack</a> or on <a href="https://discuss.python.org/c/python-software-foundation/9">our forum</a>. </p>Deb Nicholsonhttp://www.blogger.com/profile/06173618710147431813noreply@blogger.comtag:blogger.com,1999:blog-8520.post-33348003953008969832023-06-07T13:57:00.000-04:002023-06-07T13:57:53.023-04:00Affirming your PSF Membership voting status Every PSF Voting Member (Supporting, Managing, Contributing, and Fellow) needs to affirm their membership in order to vote in this year’s election.<div><br /></div><div>This year’s Board Election begins June 20th, and voter eligibility cut-off is June 15th. You should have received an email with instructions and you need to affirm your voting rights before June 15th in order to participate in this year's Board Election. Email will be from "psf@psfmember.org <Python Software Foundation>" with subject "[Action Required] Affirm your PSF Membership voting status"<br /><br />Why you are being asked to do this: <br /><br /><div style="margin-left: 40px; text-align: left;">Section 4.2 of the PSF Bylaws requires that “Members of any membership class with voting rights must affirm each year to the corporation in writing that such member intends to be a voting member for such year.”<br /><br />The PSF has not enforced this in the past, because it was technically challenging to do so. Now that our voting membership has been completely consolidated into psfmember.org, we are able to do so.<br /><br />Our motivation is to ensure that our elections can meet quorum as required by Section 3.9 of our bylaws. As our membership has grown we have seen that and increasing number of Contributing, Managing, and Fellow members with indefinite membership do not engage with our annual election, making quorum difficult to reach.</div><p>You can see your membership record and status on <a href="https://psfmember.org/user-information">psfmember.org</a> (note you must be logged in to view that page). If you are a voting-eligible member and do not already have a login there, please <a href="https://psfmember.org/wp-login.php?action=register">sign up</a> and then email psf-donations@python.org so we can link your membership to your account. You can click the emailed link to re-certify without signing in. But please create your account and ensure it is linked to your membership so that we can ensure we have the most up-to-date contact information for you in the future.<br /><br /><b>What happens next?</b> You’ll get an email from OpaVote with a ballot on or before June 20th and then you can vote!</p><p>Learn more about membership <a href="https://www.python.org/psf/membership/">here</a> or if you have questions about membership or nominations please email psf-elections@python.org In addition to <a href="http://psf-board.slack.com/">Slack</a> you are welcome to join the discussion about the PSF Board election on <a href="https://discuss.python.org/c/python-software-foundation/9">our forum</a>.</p></div>Deb Nicholsonhttp://www.blogger.com/profile/06173618710147431813noreply@blogger.comtag:blogger.com,1999:blog-8520.post-48781218428380632332023-05-31T15:22:00.001-04:002023-05-31T15:22:18.236-04:00Thinking about running for the Python Software Foundation Board of Directors? Let’s talk! <p dir="ltr" id="docs-internal-guid-3aa0cbd5-7fff-fec0-3d7a-1819f76c6347" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">This year’s Board Election Nomination period is <a href="https://pyfound.blogspot.com/2023/05/psf-board-election-dates-for-2023.html">opening tomorrow</a>. Current board members want to share what being on the board is like and are making themselves available to answer all your questions about responsibilities, activities and time commitments via online chat. Please come join us <a href="https://www.python.org/join-psf-board-slack">on Slack</a> anytime in June to talk with us about being on the PSF board. <br /><br />Board Election Timeline:<br /></p><ul style="text-align: left;"><li>Nominations are open, Thursday, June 1st, 2:00 pm UTC</li><li>Board Director Nomination cut-off: Thursday, June 15, 11:59 pm UTC</li><li>Voter application cut-off date: Thursday, June 15, 11:59 pm UTC</li><li>Announce candidates: Friday, June 16th</li><li>Voting start date: Tuesday, June 20, 12:01 am UTC</li><li>Voting end date: Friday, June 30, 11:59 pm UTC</li></ul><p dir="ltr" id="docs-internal-guid-3aa0cbd5-7fff-fec0-3d7a-1819f76c6347" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;">Not sure what UTC is for you locally? Check <a href="https://savvytime.com/converter/utc">here</a>!<br /><br />Nominations will be accepted <a href="https://www.python.org/nominations/elections/">here</a>. (Note: you will need to sign into or create your python.org user account first). Learn more about membership <a href="https://www.python.org/psf/membership/">here</a> or if you have questions about membership or nominations please email <a href="mailto:psf-elections@python.org">psf-elections@python.org</a>In addition to <a href="http://psf-board.slack.com">Slack</a> you are welcome to join the discussion about the PSF Board election on <a href="https://discuss.python.org/c/python-software-foundation/9">our forum</a>.</p><br />Also, you can see your membership record and status on <a href="https://psfmember.org/user-information">psfmember.org</a>. If you are a voting-eligible member and do not already have a login there, please <a href="https://psfmember.org/wp-login.php?action=register">sign up</a> and then email <a href="mailto:psf-donations@python.org">psf-donations@python.org</a> so we can link your membership to your account. Deb Nicholsonhttp://www.blogger.com/profile/06173618710147431813noreply@blogger.com