Regardless of what happens with CVE/NVD, the PSF will continue publishing advisories for CPython through our OSV database and to the security-announce@python.org mailing list. Please subscribe to those data sources to guarantee delivery of vulnerability data about CPython.

GitHub

GitHub - psf/advisory-database: This is a repository of vulnerability advisories for projects in scope for the Python Software Foundation CVE Numbering Authority (CNA)

This is a repository of vulnerability advisories for projects in scope for the Python Software Foundation CVE Numbering Authority (CNA) - psf/advis...

Did you know that I'm co-organizing a supply-chain security mini-track at the #PyConUS2025 open spaces? Open source users and maintainers are invited to attend for short talks and discussions with security-interested Pythonistas.

sethmlarson.dev

Everything Security at PyCon US 2025 🐍🛡️

There's many security-related talks, open spaces, and meetups at PyCon US 2025 in Pittsburgh, Pennsylvania. Event When? Where? Alph...

#security #oss #pyconus #pycon

Tomorrow is #FediDonutFriday, don't miss out! 🍩

So I'm trying out #VIvaldi browser (@Vivaldi Browser) on #Ubuntu and I'll report back with what I think. So far the initial setup and tinkering has been going well, I've got my password manager, feed reader all setup. Every optional piece of fluff that is "useful for someone but not me" has been dismissable or can be hidden from view. Great initial impression 👍

Vivaldi Browser

Vivaldi Browser | Powerful, Personal and Private web browser

It’s a web browser. But fun. It comes with a bunch of clever features built-in. It’s super flexible and does not track you. Get the Vivaldi bro...

How to turn a Firefox evangelist into a Firefox hater in just one easy step 😠 Mozilla, quit the games. Drop this or I drop you. EDIT: A less frightening take on this change from someone who probably knows more?

Infosec Exchange

James Bennett (@ubernostrum@infosec.exchange)

Literally every single thing in the history of the world that A) potentially interacts with user-generated content and B) has lawyers has wound up,...

@npub1yg8l...ccz0/114071999402980952" target="_blank" rel="noopener">https://fosstodon.org/NOSTR_0/114071999402980952

Positive action after an investigation, yay!

404 Media

Public Library Ebook Service to Cull AI Slop After 404 Media Investigation

Hoopla has emailed librarians saying it’s removing AI-generated books from the platform people use to borrow ebooks from public libraries.

Some really good news: Sovereign Tech Agency (@npub1yng6...nhrk) has announced their first cohort of Fellows, and among them is a friend: @npub1xvuu...jmp8 🥳 Congrats Hugo and everyone! Having chatted with Mirko last year I am really excited for this program to show how impactful paying a handful of maintainers full-time can be. Read Hugo's blog on the Fellowship:

Hugo van Kemenade

I

That time of month again for my uncancellable auto-renewing GitHub Copilot subscription email (despite having never used Copilot or asked for this... :blobcatangery:) Note that there's no "unsubscribe" button, either.

Chúc mừng năm mới! Happy New Year, everyone! 🐍🧧

The threat of Trump EOs has caused the National Science Foundation to pause grant review panels. Critically for Python and PyPI security I spent most of December authoring and submitting a proposal to the "Safety, Security, and Privacy of Open Source Ecosystems" program. What happens now is uncertain to me. Shuttering R&D only leaves open source software users more vulnerable, this is nonsensical in my mind given America's dependence on software manufacturing. https://www.npr.org/sections/shots-health-news/2025/01/27/nx-s1-5276342/nsf-freezes-grant-review-trump-executive-orders-dei-science