| 1. | | PyPI in 2025: A Year in Review (pypi.org) |
| 63 points by miketheman 12 hours ago | past | 18 comments |
|
| 2. | | PyPI and Shai-Hulud: Staying Secure Amid Emerging Threats (pypi.org) |
| 3 points by miketheman 35 days ago | past |
|
| 3. | | PyPI: Trusted Publishing Growth, Now for GitLab Self-Managed and Organizations (pypi.org) |
| 2 points by miketheman 51 days ago | past |
|
| 4. | | White Paper: Slippery Zips and Sticky Tar-Pits: Security and Archives (alpha-omega.dev) |
| 2 points by miketheman 60 days ago | past | 1 comment |
|
| 5. | | Open Infrastructure Is Not Free: PyPI, the PSF, and Sustainability (pyfound.blogspot.com) |
| 8 points by miketheman 63 days ago | past |
|
| 6. | | Datadog supports PyPI and the Python community through observability (datadoghq.com) |
| 1 point by miketheman 83 days ago | past |
|
| 7. | | PyPI Blog: Token Exfiltration Campaign via GitHub Actions Workflows (pypi.org) |
| 76 points by miketheman 3 months ago | past | 20 comments |
|
| 8. | | PyPI: Preventing Domain Resurrection Attacks (pypi.org) |
| 5 points by miketheman 4 months ago | past | 2 comments |
|
| 9. | | PyPI now serves project status markers in API responses (pypi.org) |
| 2 points by miketheman 4 months ago | past |
|
| 10. | | Preventing ZIP parser confusion attacks on Python package installers (pypi.org) |
| 48 points by miketheman 4 months ago | past | 17 comments |
|
| 11. | | PyPI Phishing Attack: Incident Report (pypi.org) |
| 8 points by miketheman 5 months ago | past | 1 comment |
|
| 12. | | PyPI Users Email Phishing Attack (pypi.org) |
| 2 points by miketheman 5 months ago | past | 2 comments |
|
| 13. | | PyPI Prohibits inbox.ru email domain registrations (pypi.org) |
| 131 points by miketheman 5 months ago | past | 105 comments |
|
| 14. | | AWS Lambda standardizes billing for INIT Phase (amazon.com) |
| 7 points by miketheman 8 months ago | past | 1 comment |
|
| 15. | | PyPI Blog: Project Quarantine (pypi.org) |
| 92 points by miketheman 12 months ago | past | 60 comments |
|
| 16. | | PyPI now supports digital attestations (pypi.org) |
| 218 points by miketheman on Nov 14, 2024 | past | 186 comments |
|
| 17. | | PyPI Safety and Security Engineer: First Year in Review (pypi.org) |
| 3 points by miketheman on Aug 16, 2024 | past |
|
| 18. | | PyPI Blog: Malware Distribution and Domain Abuse (pypi.org) |
| 1 point by miketheman on April 10, 2024 | past |
|
| 19. | | 2FA Required for PyPI (pypi.org) |
| 4 points by miketheman on Jan 1, 2024 | past |
|
| 20. | | 2FA Requirement for PyPI begins 2024-01-01 (pypi.org) |
| 2 points by miketheman on Dec 15, 2023 | past |
|
| 21. | | Support Python in 2023 (fundraiser and membership drive) (python.org) |
| 2 points by miketheman on Dec 13, 2023 | past |
|
| 22. | | TestPyPI now requires 2FA in advance of PyPI 2024 requirement (pypi.org) |
| 1 point by miketheman on Dec 6, 2023 | past |
|
| 23. | | PyPI has completed its first security audit (pypi.org) |
| 137 points by miketheman on Nov 14, 2023 | past | 22 comments |
|
| 24. | | PyPI Reports on Inbound Malware Notices (pypi.org) |
| 26 points by miketheman on Sept 18, 2023 | past |
|
| 25. | | GitHub now scans public issues for PyPI secrets (pypi.org) |
| 4 points by miketheman on Aug 17, 2023 | past |
|
| 26. | | PyPI Requires 2FA for New User Registrations (pypi.org) |
| 112 points by miketheman on Aug 8, 2023 | past | 73 comments |
|
| 27. | | PSF Hires PyPI Safety and Security Engineer (pyfound.blogspot.com) |
| 65 points by miketheman on Aug 4, 2023 | past | 34 comments |
|
| 28. | | PyPI Enforces Token Use for Uploads from Users with 2FA (pypi.org) |
| 8 points by miketheman on June 1, 2023 | past |
|
| 29. | | Reducing Stored IP Data in PyPI (pypi.org) |
| 15 points by miketheman on May 26, 2023 | past | 1 comment |
|
| 30. | | Securing PyPI Accounts via Two-Factor Authentication (pypi.org) |
| 10 points by miketheman on May 25, 2023 | past | 1 comment |
|
|
| More |
