Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Or you could be this idiot, who broke a bunch of CI yesterday: https://github.com/untitaker/python-atomicwrites/commit/d183...
One thing that wasn't discussed in this post was SOS [1]. While PYPI's definition may not match the SOS criteria for criticality, SOS does state "... even if your project doesn’t meet all the criteria, we still encourage you to apply and provide your own criticality justification."
Doing work to improve the OpenSSF scorecard [2] could result in the author (or others, for that matter) getting paid. It may not map one-to-one with 2FA but it might make it easier to swallow some of the requirements from PYPI. It makes sense for companies like Google to pay maintainers/curators to focus more on security.
[1] https://sos.dev/
[2] https://github.com/ossf/scorecard
Related posts
- Massive widespread malware attack on GitHub
- python-atomicwrites author deleted the package and republished it to avoid being considered critical, accidentally deleting all previous versions (now restored)
- python-atomicwrites author deleted the package and republished it to avoid being considered critical, accidentally deleting all previous versions
- PyPI moves to require 2FA for "Critical" projects + Free Security Key Giveaway
- Aiochan: CSP-Style Concurrency for Python