PyPI starts rolling out required 2FA for important projects

The Python Package Index PyPI says it has begun rolling out a two-factor authentication 2FA requirement which enforces maintainers of critical projects to have 2FA enabled to publish, update, or modify them. PyPI plays an important role in the Python developers ecosystem. Python repository PyPi i...

PyPI Repository Makes 2FA Security Mandatory for Critical Python Projects

The maintainers of the official third-party software repository for Python have begun imposing a new two-factor authentication 2FA condition for projects deemed "critical." "We've begun rolling out a 2FA requirement: soon, maintainers of critical projects must have 2FA enabled to publish, update,...

Google Created 'Open Source Maintenance Crew' to Help Secure Critical Projects

Google on Thursday announced the creation of a new "Open Source Maintenance Crew" to focus on bolstering the security of critical open source projects. Additionally, the tech giant pointed out Open Source Insights as a tool for analyzing packages and their dependency graphs, using it to determine...

Security Scorecards - Security Health Metrics For Open Source

Security Health Metrics For Open Source Motivation A short motivational video clip to inspire us: https://youtu.be/rDMMYT3vkTk "You passed! All D's ... and an A!" Goals 1. Automate analysis and trust decisions on the security posture of open source projects. 2. Use this data to proactively improv...