Tuesday, March 31, 2020

PSF's Projected 2020 Financial Outcome

The Python Software Foundation (PSF) is a 501(c)(3) non-profit organization dedicated to the Python community and programming language, as well as running PyCon US. Since PyCon US 2020 was cancelled, the community has asked how the PSF’s finances will be affected. Let us take a look at the projected 2020 financial outcome.

Bottom Line

As of today, the PSF will use approximately $627,000 from our financial reserve:
ExpensesRevenue
PSF$1,300,000$550,000-$750,000
PyCon$280,000$403,000$123,000
Total-$627,000
If you are interested in how we arrived at these estimates, continue reading to learn about our projected expenses and revenue for this year. 

Expenses

PyCon US 2020

Pittsburgh and its vendors have been incredibly helpful in reducing or eliminating most of the 2020 conference minimums and cancellation fees. We estimate $280,000 in expenses for pre-conference work related to website/logo design and nonrefundable deposits. In addition, we budgeted significant funds to support travel grantees with non-reimbursable costs, as well as executing PyCon 2020 remote content. Once travel grants and instructor fees are complete, we will revise the expense total. 

PSF

Through March 2020, the PSF awarded several grants*, expended legal fees to protect PyLadies trademarks in dozens of countries, and employed staff. The PSF is projected to spend $1,300,000 in 2020.

Revenue

PyCon US 2020

PyCon US registration and sponsorship revenue is used to produce PyCon, with the largest costs going to food, audio-visual services, and travel grants. 
Our staff works to create the best and most affordable attendee experience possible with the added benefit that 100% of net proceeds fund the PSF. For 2020, we estimated PyCon’s net income at $720,000. As of today, we are estimating PyCon's net income to be $123,000, thanks to individual donations and sponsorship fees. 

PSF

PSF 2020 sponsorships are estimated at $350,000. COVID-19 is impacting financial markets and job security, so we expect individual donations and memberships to decrease in 2020 by 55% from 2019 to around $200,000. 

How can you help?

The PSF’s financial reserve is crucial, as we experienced during the economic downturn of 2008 and again in 2020. The cash reserve prepares us for economic impacts, events out of our control, and provides a stable environment with health benefits for our employees, even during this difficult time. 
Here are ways community members can help and get involved:
  • Become a free or supporting member of the PSF to get involved in our future
  • Donate some or all of your PyCon registration (thank you to those that already have)
  • Donate directly to the PSF
  • Donate some or all of your company's PyCon's sponsorship (thank you to those that already have)
  • Ask your employer to sponsor the PSF
  • Ask your employer if they match donations to 501(c)(3) non-profits, and ask for your donations to the PSF to be matched
  • Sign up for the PSF’s free newsletter to stay up to date

We wish our entire community good health.
* PSF Grants: When PyCon 2020 was cancelled, the PSF paused its Grants Program until we can find virtual options and other ways to support events, as well as fully understand the PSF’s financial situation.

Monday, March 23, 2020

New pip resolver to roll out this year

The developers of pip are in the process of developing a new resolver for pip (as we announced on the PSF blog last year). We aim to roll it out later this year. As part of that work, there will be some major changes to how pip determines what to install, based on package requirements. In this post we share:

What will change
What you can do to help
When this will be happening

To understand what pip does and why we’re working on it, please read our earlier overview post.

What will change

The most significant changes to the resolver will be:

  • It will reduce inconsistency: it will no longer install a combination of packages that is mutually inconsistent. At the moment, it is possible for pip to install a package which does not satisfy the declared requirements of another installed package. For example, right now, pip install "six<1.12" "virtualenv==20.0.2" does the wrong thing, “successfully” installing six==1.11, even though virtualenv==20.0.2 requires six>=1.12.0,<2 (defined here). The new resolver would, instead, outright reject installing anything if it got that input.
  • It will be stricter - if you ask pip to install two packages with incompatible requirements, it will refuse (rather than installing a broken combination, like it does now).

Also, this is a major change to a key part of pip - it’s quite possible there will initially be bugs. We would like to make sure that those get caught before people start using the new version in production.

(For deep technical details, see this in-progress GitHub milestone.)

What you can do to help

We recognize that everyone’s work is being disrupted by the COVID-19 pandemic, and that many data scientists and medical researchers use Python and pip in their work. We want to make the upgrade process as smooth and bug-free as possible for our users; if you can help us, you’ll be helping each other.

  1. First and most fundamentally, please help us understand how you use pip by talking with our user experience researchers. You can do this right now! You can take a survey, or have a researcher interview you over a video call. Please sign up and spread the word to anyone who uses pip (even a little bit).

  2. Right now, even before we release the new resolver as a beta, you can help by running pip check on your current environment. This will report if you have any inconsistencies in your set of installed packages. Having a clean installation will make it much less likely that you will hit issues when the new resolver is released (and may address hidden problems in your current environment!). If you run pip check and run into stuff you can’t figure out, please ask for help in our issuetracker or chat.

  3. Please make time to test the new version of pip, probably in May (see below). While we have tried to make sure that pip’s test suite covers as many cases as we can, we are very aware that there are people using pip with many different workflows and build processes, and we will not be able to cover all of those without your help.

    • If you use pip to install your software, try out the new resolver and let us know if it works for you.
    • If you have a build pipeline that depends on pip installing your dependencies for you, check that the new resolver does what you need.
    • Run your project’s CI (test suite, build process, etc.) using the new resolver, and let us know of any issues.
    • If you have encountered resolver issues with pip in the past, check whether the new resolver fixes them. Also, let us know if the new resolver has issues with any workarounds you put in to address the current resolver’s limitations. We’ll need to ensure that people can transition off such workarounds smoothly.

    As you and your colleagues plan for the next few months, please set aside time, ideally in May, to test the new resolver and tell us whether it breaks anything for your setup by filling out this survey. If you maintain an open source project or use pip at your job, you can make a ticket now and put it in your backlog.

  4. Spread the word! If you know of other people who rely on pip, who might not have seen this message, let them know. You can do this right now.

  5. And if you develop or support a tool that wraps pip or uses it to deliver part of your functionality, please make time to test your integration with our beta in May, and sure that the new resolver doesn’t cause you any issues. (It shouldn’t, as the resolver is an internal component of pip and shouldn’t be visible to people embedding pip, but we’d like to be sure of that.)

When this will be happening

We intend to release the new resolver early in the second half of 2020. We will provide alpha and beta releases before that point as the work progresses (probably starting in May), and we’ll provide a GitHub issue tracker and an email address where you can report bugs. We would appreciate as much feedback as we can get on the betas when they become available.

(We were already working as a distributed team. The COVID-19 pandemic and related disruptions are affecting us – for instance, we were aiming to meet, work together, and test and discuss our work at PyCon US. But we still anticipate releasing the new resolver in the second half of 2020.)

To find out when the new beta is available for testing, and how to report problems, subscribe to the pypi-announce mailing list. It’s very low-traffic.

(Why now? The Python Software Foundation’s Packaging Working Group obtained funding for this work because it’s sorely needed; many other features and tools are blocked waiting for this fix. We’ve spent years addressing technical debt in pip so we can properly untie this knot and refurbish the resolver. We started this chunk of donor-funded work on pip a few months ago and it’s now gotten far enough that we can make this pre-announcement.)

Thank you to the pip and PyPA maintainers, to the PSF and the Packaging WG, and to all the contributors and volunteers who work on or use Python packaging tools. And thank you to Mozilla (through its Mozilla Open Source Support Awards) and to the Chan Zuckerberg Initiative DAF, an advised fund of Silicon Valley Community Foundation, for funding enabling this work!

Tuesday, March 17, 2020

Débora Azevedo Awarded the PSF Community Service Award for Q4 2019


Débora Azevedo co-founder of PyLadies Brazil and Django Girls Natal organizer, has been awarded the Python Software Foundation Q4 2019 Community Service Award. 

Débora's outstanding contributions to the growth and support of the Python community goes well beyond PyLadies Brazil and Django Girls Natal - as she is actively involved in Python translation work.

In 2018, she translated the Python Software Foundation survey into Potuguese.

It is for these reasons, that the Python Software Foundation is pleased to present Débora with the 2019 Q4 Community Service Award:

RESOLVED, that the Python Software Foundation award the 2019 Q4 Community Service Award to Débora Azevedo in recognition of her work in supporting the wider Python community in Brazil and the PSF generally. She's a co-founder of PyLadies Brazil, leader and organizer for Django Girls Natal, and helped found amd organizes the PyLadies Brazil conference. Débora's also been interested in supporting the wider community. Last year, Débora assisted the PSF by translating a survey into Portuguese. Additionally, she is a regular presenter and attends many community events.

Debora's Introduction to Programming - The Origin Story 


Débora's first introduction to programming was in 2008, as part of an IT technical course. But, it was an upleasant experience, she recalls. Being both young and without access to a computer, her first introduction to programming made the concept unclear and hard to grasp.

Years later, Débora enrolled into a Computer Networks course - so she would not have to code. Unknown to her, the course required her to take three programming classes, all taught in Python. This was a turning poing in her coding journey - as she realised how empowering being able to code could be. One of those moments came when she had to develop a web app using Django for the school library.

From then on, Débora was hooked.

Involvement in the Developer Community - Co-founding PyLadies Brazil


Suprised at the low turnout of female attendees and sometimes, the complete absence of women at local open source community meetups hosted by Potilivre, Débora, Gabriela Calvalcante, Clara Nobre and Katyanna Moura, started the PyLadies Brazil.

They were spurred on by a feeling of belonging, having their technical skills validated, their voices heard and a general desire of building a community of women with the same interest.

Débora took on more responsibility and became a co-founder for the PyLadies Brazil.

On the topic of Women in Tech, Débora believes that one of the most important things Women in Tech can do for other women is for them to step up as role models.

"Being able to tend to other ladies, in an industry, where some women consider themselves unfit, is revolutionary" says Débora.

Mario Sergio, program manager at Open Knowledge Brazil and past president of Associação Python Brazil, who first met Débora in 2014 at the Python Brazil conference in Porto de Galinhas, Permnambuco, speaks on Débora's contributions towards increasing women participation and increasing overall diversity in the Python Brazil community.

"The Python and Django Girls tutorials that Débora organized together with others, were essential for the inclusion of women. The Python Brazil Conference has had an almost fifty percentage female speakers in the last four editions" -  Mario Sergio

On Débora, being a teacher and a mentor? 

Clara Nobre, says Débora drives and inspires ladies in her local community to embrace programming. And to pursue a career in tech. These ladies, whom Débora inspires, had before now, been largely undecided in what career they wanted to pursue.

"Débora is one of the main references in the communtiy to other women. She is also a woman with a background in another area of expertise, which is English Letters. Débora is a teacher! So she can reach so many girls who still don't know what career they intend to pursue, as well as women who are in the area of Information Technology but haven't yet developed the maturity to program" - Clara Nobre

Crowdfunding Campaigns - Sponsoring Women to Attend Python Brazil Conference


In 2016, Débora and the team launched their first crowdfunding campaign to help raise funds to take some women of the PyLadies Brazil to Python Brazil, the largest Python conference in Latin America.

They raised R$5,975 (USD1,190), which was used to sponsor women to the 2016 Python Brazil conference.

In 2017, Débora and the team, again raised R$15,842 (USD3,160), sponsoring fourteen women who had requested for financial aid to participate in the 2017 edition of the Python Brazil conference. This resulted in a peak of forty two percent participation and activities led by PyLadies at the conference.

"In 2018,  we had a total of 26 talks and tutorials, which were given by women. Some of these activities were only possible, thanks to our crowdfunding campaigns, which raised R$11,770 (USD2,347), making participation in a conference like Python Brazil possible for nine women" - Débora

Débora Azevedo - Inspiring Women in Tech in Brazil to believe in themselves


On why she contributes so much to the Python Community?

Débora says

"Together with the PyLadies, the wider Python community can collaborate, working as partners with one goal in common. Having women become active participants and leaders in the Python community is important. It shouldn't be just one group's fight. By joining forces we can go a lot further. Being part of PyLadies Brazil and Django Girls Natal is the way I found to do my little good in the IT world. Teaching, advising and helping more women to believe in themselves and feel like it is possible for them and to feel like they can do it."

The Python Software Foundation congratulates and celebrates the amazing work and contributions of Débora Azevedo, to the Brazilian Python Community and for being a voice in the push for diversity, inclusion and participation of women in the industry.

Wednesday, March 04, 2020

An Update on PyPI Funded Work

Originally announced at the end of 2018, a gift from Facebook Research is funding improvements for the security PyPI and its users.

What's been done

After launching a request for information and subsequent request for proposal in the second half of 2019, contractors were selected and work commenced on Milestone 2 of the project in December 2019 and was completed in February 2020.
The result is that PyPI now has tooling in place to implement automated checks that run in response to events such as Project or Release creation or File uploads as well as on schedules. In addition to documentation example checks were also implemented that demonstrate event based and scheduled checks.
Results from checks are made available for PyPI moderators and administrators to review, but will not have any automated responses put in place. As a check suite is developed and refined we hope that these will help to identify malicious uploads and spam that PyPI regularly contends with.

What's next

With the acceptance of PEP 458 on February 15 we're excited to announce that work on implementation of The Update Framework has started.
This work will enable clients like pip to ensure that they have downloaded valid files from PyPI and equip the PyPI administrators to better respond in event of a compromise.
The timeline for this work is currently planned over the coming months, with an initial key signing to be held at PyCon 2020 in Pittsburgh, Pennsylvania and rollout of the services needed to support TUF enabled clients in May or June.

Other PyPI News

For users who have enabled two factor authentication on PyPI, support has been added for Account Recovery codes. These codes are intended for use in the case where you've lost your Webauthn device or TOTP application, allowing you to recover access to your account.
You can generate and store recovery codes now by visiting your account settings and clicking "Generate Recovery Codes".