Y Hacker News new | ask | show | jobs

user: miketheman created: 2011-12-19 karma: 595 https://miketheman.dev submissions: PyPI has completed its second audit 6 points | 0 comments Anthropic Invests $1.5M in the Python Software Foundation and OSS Security 7 points | 1 comments 0 points | 0 comments 0 points | 0 comments 0 points | 0 comments PyPI in 2025: A Year in Review 79 points | 42 comments PyPI and Shai-Hulud: Staying Secure Amid Emerging Threats 3 points | 0 comments PyPI: Trusted Publishing Growth, Now for GitLab Self-Managed and Organizations 2 points | 0 comments 0 points | 0 comments White Paper: Slippery Zips and Sticky Tar-Pits: Security and Archives 2 points | 1 comments Open Infrastructure Is Not Free: PyPI, the PSF, and Sustainability 8 points | 0 comments Datadog supports PyPI and the Python community through observability 1 points | 0 comments 0 points | 0 comments PyPI Blog: Token Exfiltration Campaign via GitHub Actions Workflows 76 points | 20 comments 0 points | 0 comments 0 points | 0 comments PyPI: Preventing Domain Resurrection Attacks 5 points | 2 comments PyPI now serves project status markers in API responses 2 points | 0 comments Preventing ZIP parser confusion attacks on Python package installers 48 points | 17 comments PyPI Phishing Attack: Incident Report 8 points | 1 comments 0 points | 0 comments PyPI Users Email Phishing Attack 2 points | 2 comments 0 points | 0 comments 0 points | 0 comments PyPI Prohibits inbox.ru email domain registrations 131 points | 105 comments 0 points | 0 comments AWS Lambda standardizes billing for INIT Phase 7 points | 1 comments PyPI Blog: Project Quarantine 92 points | 60 comments PyPI now supports digital attestations 218 points | 186 comments