The Python Software Foundation Security Developer-in-Residence, Seth Larson, published a new white paper with Alpha-Omega titled "Slippery ZIPs and Sticky tar-pits: Security & Archives" about work to remediate 10 vulnerabilities affecting common archive format implementations such as ZIP and tar for critical Python projects.
This is why most organizations take a blind eye when popular people in their community behave badly; if they even so much as give them a three-month ban from the forum, people will keep bringing it up years later.
The argument you are making here is incredibly disingenuous.
The facts matter. Tim Peters did not behave badly. The reasoning given for his suspension misrepresented the apparent evidence, vaguely alluded to unproven private activity, and alleged harm in clearly benign actions.
I claim that I, too, did not behave badly. In particular, in "recommending" my ban, the Code of Conduct Work Group (which is unelected, and has considerable crossover with paid PSF staff; and to my understanding gets paid in some circumstances for code of conduct enforcement work even as the actual core developers are almost all volunteers) made bizarre mischaracterizations of my complaints — going so far as to falsely ascribe to me terminology that I do not use on principle.
You, specifically, should know about these sorts of things because you comment in these discussions all the time. For example, you participated in https://discuss.python.org/t/shedding-light-on-a-three-month... and your posts there demonstrate intimate familiarity with the situation, with quotes like "I suppose I have to point out that “This whole debacle…” wasn’t referring to just Tim personally and not just this one bylaw change but rather referring to, well, gestures to the last two months." (I remember reading that post, not logged in of course, back when you made it.)
You have seen the list of charges in https://discuss.python.org/t/three-month-suspension-for-a-co... so I think you reasonably should understand my position: to the extent that the referents of any of these actions were ever identified, the description is either nonsense or does not point at anything any reasonable person could consider actionable. If you disagree, please be concrete. The entire reason for the "endless litigation" you have repeatedly complained about is the lack of anyone on your side making any clear, understandable argument that anything Tim Peters did at any point was actually wrong. The closest I've seen to such an argument comes from ... Tim Peters (https://tim-one.github.io/psf/meaculpa), and frankly I think it's far too self-effacing.
> If we accepted and spent the money despite this term, there was a very real risk that the money could be clawed back later. That represents an existential risk for the foundation since we would have already spent the money!
> I was one of the board members who voted to reject this funding - a unanimous but tough decision. I’m proud to serve on a board that can make difficult decisions like this.
Kudos to Simon and the rest of the board. Accepting that money would be more than a strategic mistake, it'd be an existential danger to the PSF itself.
I mean, it's also just the plain common sense move: accepting that money would just be putting a noose around their neck and handing the other end to the Trump administration. (And there is a 100.0% chance they'll just claw it back eventually anyway.)
It's a shame that months of NSF grant-writing work was completely wasted though.
> putting a noose around their neck and handing the other end to the Trump administration
Pretty much every "negotiation" with the Trump administration seems to work that way: An iterated prisoner's-dilemma, where any cooperation from you just means they'll betray you even harder next time...
Take a look at MIT's response to the administration regarding the University Compact (https://en.wikipedia.org/wiki/Compact_for_Academic_Excellenc...). You can see that MIT has an excellent understanding on how to reply. AFAICT the administration did not reply furiously (if I missed their reply, I woudl appreciate a link to it).
I can also predict the next step here: UT Austin is likely to agree to the compact and will be given a huge monetary award (although I don't think it's a foregone conclusion- they didn't reply within the deadline which suggests that they are working behind the scenes on an agreement).
I have—fortunately—very little personal experience with being extorted by corrupt officials, but I'd wager another facet is to try to ensure all communication is public and recorded.
This forces them to cloak their real demands in something deniable, and that means you can play naive and act like the subtext was never seen.
From Democratic analyst David Shor back in March ( https://archive.is/kbwom ) : "The reality is if all registered voters had turned out, then Donald Trump would’ve won the popular vote by 5 points [instead of 1.7 points]." So, not that it brings me any joy to say it but it would seem more like 55%?
If anyone has any polling data to the contrary, I'd love to see it.
“Registered voters” is not the same group as “people”.
Winning by 5% (even assuming no third party votes) is 52.5% (with 47.5% for the opponent) not 55%, if there are any third-party votes, that gets even lower.
A piece written in March 2025 discussing a hypothetical for the November 2024 election is not describing the state of the world in October 2025.
Unless the 40% number in your previous post was from October 2025, that's plainly moving the goalposts. And registered voters are the only people who matter since anyone else can't cast a ballot.
Beyond that, the August 2025 (since October's aren't available yet) poll numbers don't seem that much better. That the Democratic Party approval is neck and neck with the Republicans despite the Republicans' blatant corruption and incompetence speaks volumes about how unpopular the Democratic Party is. They need to reform drastically before the midterms next year.
I am going add more on top of that: we should automatically assume bad faith of anyone still willing, in 2025, to give the Trump administration the benefit of the doubt.
This was true up until they started training them using Reinforcement Learning from Verifier Feedback (started with O1). By sticking a calculator in the training loop, they seem to have gotten out of the arithmetic error regime. That said, the ChatGPT default is 4o which is still susceptible to these issues.
Because it's cheaper for Zapier.