#Tag
PyPI serves billions of requests daily- but sustaining it isn’t free. The PSF joined the OpenSSF & others in calling for organizations to invest in sustainable open infrastructure. Learn what this means for #PyPI, the PSF, & how our community can pitch in:
https://pyfound.blogspot.com/2025/10/open-infrastructure-is-not-free-pypi.html
PyPI serves billions of requests daily- but sustaining it isn’t free. The PSF joined the OpenSSF & others in calling for organizations to invest in sustainable open infrastructure. Learn what this means for #PyPI, the PSF, & how our community can pitch in:
https://pyfound.blogspot.com/2025/10/open-infrastructure-is-not-free-pypi.html
Beep, Beep - I am your friendly #Snakemake release announcement bot.
There is a new release of the Snakemake executor for #SLURM on #HPC systems. Its version now is 1.9.2!
Give us some time, and you will automatically find the plugin on #Bioconda and #Pypi.
If you want to discuss the release, you will find the maintainers here on Mastodon!
@rupdecat and @johanneskoester
If you discover any issues, please report them on https://github.com/snakemake/snakemake-executor-plugin-slurm/issues.
See https://github.com/snakemake/snakemake-executor-plugin-slurm/releases/tag/v1.9.2 for details. Here is the header of the changelog:
𝑅𝑒𝑙𝑒𝑎𝑠𝑒 𝑁𝑜𝑡𝑒𝑠 (𝑝𝑜𝑠𝑠𝑖𝑏𝑙𝑦 𝑎𝑏𝑏𝑟𝑖𝑔𝑒𝑑):
𝐁𝐮𝐠 𝐅𝐢𝐱𝐞𝐬
* logo: https://github.com/snakemake/snakemake-executor-plugin-slurm/issues/367
Not a replacement for docker. Works like pytest-socket.
Anyhow, looking forward to examples of exploits, which I imagine would be un-monkeypatching or just using other libraries.
Still I think this would be a nice way to seal apps you distribute against highjacked 3rd party libraries that weren't specifically targetting this defense.
And why is this called `hermetic-seal?` ? Well after searching for a perfect name I picked `hermetic`, which is 404 on pypi, free to take? Nope, if you register trusted publisher for that name #pypi says it is **taken**!
PyPI now checks for expired domains to prevent domain resurrection attacks, a type of supply-chain attack where someone buys an expired domain and uses it to take over #PyPI accounts through password resets. #Python#OpenSource#SupplyChain#Security
https://blog.pypi.org/posts/2025-08-18-preventing-domain-resurrections/
PyPI now checks for expired domains to prevent domain resurrection attacks, a type of supply-chain attack where someone buys an expired domain and uses it to take over #PyPI accounts through password resets. #Python#OpenSource#SupplyChain#Security
https://blog.pypi.org/posts/2025-08-18-preventing-domain-resurrections/
A space for Bonfire maintainers and contributors to communicate
