RSS Parrot

BETA

🦜 The Python Package Index Blog

@blog.pypi.org@rss-parrot.net

I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline! Brought to you by the RSS Parrot.

---

The official blog of the Python Package Index

Your feed and you don't want it here? Just e-mail the birb.

Site URL: blog.pypi.org/

Feed URL: blog.pypi.org/feed_rss_created.xml

Posts: 8

Followers: 2

Safety & Security Engineer: First Year in Review

Published: August 16, 2024 06:09

Hello reader! It's me, Mike, and it's been just over a year since I postedabout joining the PSFas the Safety & Security Engineer for the Python Package Index (PyPI).I wanted to take a moment to reflect on the past year,and share some of the things I've…

Prohibiting Outlook email domains

Published: June 16, 2024 00:00

In response to ongoing mass bot account registrations, Outlook domainsoutlook.com and hotmail.com have been prohibited fromnew associations with PyPI accounts.This includes new registrations as well as adding as additional addresses.If you have been…

Expanding Trusted Publisher Support

Published: April 17, 2024 06:09

Starting today, PyPI package maintainers can publish via Trusted Publishingfrom three additional providers:GitLab CI/CDGoogle CloudActiveStateThese providers join existing support for publishing from GitHub Actions withoutlong-lived passwords or API…

Malware Distribution and Domain Abuse

Published: April 10, 2024 06:09

A package named yocolor was uploaded to PyPIdesigned assist with malware distribution to targets.The package was removed from PyPI, curtailing its potential impact to users.This incident differs from the usual malware package removals,as it involved a…

Incident Report: Unauthorized User Accounts Access

Published: April 3, 2024 06:09

On Sunday, March 31st, 2024, PyPI Admins received emailsabout unexpected account activity from PyPI users.Users received notifications from PyPI that they hadenrolled in two-factor authentication (2FA).These users claimed that they had not done so…

Announcing a PyPI Support Specialist

Published: March 20, 2024 06:09

We launched the Python Package Index (PyPI) in 2003and for most of its historya robust and dedicated volunteer community kept it running.Eventually, we put a bit of PSF staff time into the maintenance of the Index,and last year with support from AWS…

Malware Reporting Evolved

Published: March 6, 2024 06:09

We are lucky to have an engaged community of security researchersthat help us keep the Python Package Index (PyPI) safe.These folks have been instrumental in helping us identify and remove malicious projects from the Index,and we are grateful for their…