Feed: Slashdot
Feed Link: https://slashdot.org/
---

Title: Behind the Scenes at the Python Software Foundation

Link: https://developers.slashdot.org/story/25/06/2...

The Python Software Foundation ("made up of, governed, and led by the
community" does more than just host Python and its documnation, the Python
Package Repository, and the development workflows of core CPython developers.
This week the PSF released its 28-page Annual Impact Report this week, noting
that 2024 was their first year with three CPython developers-in-residence -
and "Between Lukasz, Petr, and Serhiy, over 750 pull requests were authored,
and another 1,500 pull requests by other authors were reviewed and merged."
Lukasz Langa co-implemented the new colorful shell included in Python 3.13,
along with Pablo Galindo Salgado, Emily Morehouse-Valcarcel, and Lysandros
Nikolaou.... Code-wise, some of the most interesting contributions by Petr
Viktorin were around the ctypes module that allows interaction between Python
and C.... These are just a few of Serhiy Storchaka's many contributions in
2024: improving error messages for strings, bytes, and bytearrays; reworking
support for var-arguments in the C argument handling generator called
"Argument Clinic"; fixing memory leaks in regular expressions; raising the
limits for Python integers on 64-bit platforms; adding support for arbitrary
code page encodings on Windows; improving complex and fraction number
support... Thanks to the investment of [the OpenSSF's security project] Alpha-
Omega in 2024, our Security Developer-in-Residence, Seth Larson, continued
his work improving the security posture of CPython and the ecosystem of
Python packages. Python continues to be an open source security leader,
evident by the Linux kernel becoming a CVE Numbering Authority using our
guide as well as our publication of a new implementers guide for Trusted
Publishers used by Ruby, Crates.io, and Nuget. Python was also recommended as
a memory-safe programming language in early 2024 by the White House and CISA
following our response to the Office of the National Cyber Directory Request
for Information on open source security in 2023... Due to the increasing
demand for SBOMs, Seth has taken the initiative to generate SBOM documents
for the CPython runtime and all its dependencies, which are now available on
python.org/downloads. Seth has also started work on standardizing SBOM
documents for Python packages with PEP 770, aiming to solve the "Phantom
Dependency" problem and accurately represent non-Python software included in
Python packages. With the continued investment in 2024 by Amazon Web Services
Open Source and Georgetown CSET for this critical role, our PyPI Safety &
Security Engineer, Mike Fiedler, completed his first full calendar year at
the PSF... In March 2024, Mike added a "Report project as malware" button on
the website, creating more structure to inbound reports and decreasing
remediation time. This new button has been used over 2,000 times! The large
spike in June led to prohibiting Outlook email domains, and the spike in
November was driven by a persistent attack. Mike developed the ability to
place projects in quarantine pending further investigation. Thanks to a grant
from Alpha-Omega, Mike will continue his work for a second year. We plan to
do more work on minimizing time-on-PyPI for malware in 2025... In 2024, PyPI
saw an 84% growth in download counts and 48% growth in bandwidth, serving
526,072,569,160 downloads for the 610,131 projects hosted there, requiring
1.11 Exabytes of data transfer, or 281.6 Gbps of bandwidth 24x7x365. In 2024,
97k new projects, 1.2 million new releases, and 3.1 million new files were
uploaded to the index.

Read more of this story at Slashdot.

---
VRSS v2.1.180528