Skip to content

The PyPI Blog

2FA Enforcement for TestPyPI

by: Mike Fiedler · 2023-12-06

PyPI requires 2FA for all management actions on TestPyPI.

Incident Report: User Account Takeover

by: Mike Fiedler · 2023-12-04

A PyPI user had their account taken over

Security Audit Remediation: cabotage

by: Ee Durbin · 2023-11-14

A deeper dive into the remediation of the security audit findings for the cabotage project.

Security Audit Remediation: Warehouse

by: Mike Fiedler · 2023-11-14

A deeper dive into the remediation of the security audit findings for the Warehouse project.

PyPI has completed its first security audit

by: Dustin Ingram · 2023-11-14

We are proud to announce PyPI's first external security audit.

Inbound Malware Volume Report

by: Mike Fiedler · 2023-09-18

Analysis of inbound malware reporting volume and response times from PyPI administrators.

GitHub now scans public issues for PyPI secrets

by: Mike Fiedler · 2023-08-17

GitHub will now scan public repositories' issues for PyPI API tokens, and will notify repository owners when they are found.

2FA Enforcement for New User Registrations

by: Mike Fiedler · 2023-08-08

PyPI requires new users to enable 2FA before performing management actions.

PyPI hires a Safety & Security Engineer

by: Mike Fiedler · 2023-08-05

Mike Fiedler joins PSF as inaugural PyPI Safety & Security Engineer

Deprecation of bdist_egg uploads to PyPI

by: Ee Durbin · 2023-06-26

PyPI will stop accepting .egg uploads August 1, 2023.

Announcing the launch of PyPI Malware Reporting and Response project

by: Shamika Mohanan · 2023-06-22

Enforcement of 2FA for upload.pypi.org begins today

by: Ee Durbin · 2023-06-01

PyPI now requires all uploads from accounts with 2FA enabled to use an API token or Trusted Publisher configuration.

Reducing Stored IP Data in PyPI

by: Mike Fiedler · 2023-05-26

PyPI has stopped using IP data when possible, and is continuing to reduce the amount of IP data stored overall.

Securing PyPI accounts via Two-Factor Authentication

by: Donald Stufft · 2023-05-25

PyPI will require all users who maintain projects or organizations to enable one or more forms of two-factor authentication (2FA) by the end of 2023.

PyPI was subpoenaed

by: Ee Durbin · 2023-05-24

The PSF received three subpoenas from the US Department of Justice for PyPI user data in March and April of 2023.

Removing PGP from PyPI

by: Donald Stufft · 2023-05-23

PyPI has removed support for uploading PGP signatures with new releases.

Announcing the PyPI Safety & Security Engineer role

by: Ee Durbin · 2023-05-09

PyPI is hiring, thanks to funding from Amazon Web Services!

Introducing PyPI Organizations

by: Ee Durbin · 2023-04-23

Announcing the launch of a significant new collaboration feature for PyPI

Introducing 'Trusted Publishers'

by: Dustin Ingram · 2023-04-20

Announcing a new, more secure way to publish to PyPI

Welcome to the PyPI Blog

by: Ee Durbin · 2023-03-21

Announcing the launch of blog.pypi.org

1 2
Total 20 posts.