Notice: While JavaScript is not essential for this website, your interaction with the content will be limited. Please turn JavaScript on for the full experience.

PSF Meeting Minutes for Aug. 14, 2024

Subscribe via RSS

Title: 2024-08-14 PSF Board Meeting Minutes Encoding: utf-8 Author: psf at python.org Content-Type: text/x-rst

The Python Software Foundation
Minutes of a Regular Meeting of the Board of Directors

August 14, 2024

A regular meeting of the Python Software Foundation ("PSF") Board of Directors was held over Group Conference Call via phone and Internet Relay Chat/Slack beginning at 13:00 UTC, on August 14, 2024. Olivia Sauls took notes/minutes.

All votes are reported in the form "Y-N-A" (in favor-Y‚opposed-N‚abstentions-A; e.g. "5-1-2" means "5 in favor, 1 opposed, and 2 abstentions").

1   Attendance

The following members of the Board of Directors (11 of 12) were present at the meeting: Christopher Neugebauer, Cheuk Ting Ho, Kwonhan Bae, Deb Nicholson, Jannis Leidel, Cristián Maureira-Fredes, Kushal Das, Georgi Ker, Denny Perez, Tania Allard. Kushal Das left the meeting at 14:15 UTC. Dawn Wages joined the meeting at 14:20 UTC.

Joe Carey (Accounting Manager), Ee Durbin (Director of Infrastructure), Olivia Sauls (Program Director), Mike Fiedler (PyPI Safety and Security Engineer), Seth Larson (Python Security Developer in Residence) and Marie Nordin (Community Communications Manager) were also in attendance.

2   Minutes of Past Meetings

Minutes from prior meeting July 24, 2024:

RESOLVED, that the Python Software Foundation approve the minutes at https://mail.python.org/archives/list/psf-important@python.org/thread/TVSS6SP7FBL4VZHKXBCBFY334NBJWBJK/ as representing a true and accurate record of the July 24, 2024 meeting.

Approved, 10-0-0

3   Board and Staff Monthly Reports for August 2024

3.1   Deb Nicholson

August report not provided.

3.2   Oliva Sauls

  • PyCon US 2024 recap and blog post
  • PyCon US 2024 budget wrap up and analysis
  • PyCon US 2026/2027 hotel block negotiation
  • Beginning PyCon US 2025 theme and design
  • Online platform research

3.3   Laura Graves

  • Ongoing accounting activities
  • Payroll and HR
    • Adding posters and updating handbook for new employees
    • Reviewing off-cycle payrolls
    • Reviewing resumes for new accounting position
  • PyCon US
    • Budget review meetings with staff
    • Updating timeline for PyCon 2025
  • Meeting with Board Chair
  • Schedule finance committee meetings for the year

3.4   Joe Carey

August report not provided.

3.5   Ee Durbin

August report not provided.

3.6   Phyllis Dobbs

  • Fiscal Sponsorees
    • Work with organizers of PyLadiesCon, North Bay Python, PyBay, PyOhio, and PyCascades on 2024 and 2025 regional conferences including sponsorship agreements, contracting venue and vendors, budget updates, travel grants, event insurance, etc.
    • Assist Pallets in hiring contract Project Manager, travel grants, and bug bounty options
    • Meet with PyHawaii to discuss fundraising and awards for future event
    • Set up PSF as Github fiscal host to streamline receiving Github Sponsors funds
  • Human Resources and Payroll
    • Finalize annual bonuses and cost of living & merit increases for PSF employees
    • Align insurance renewals for workers compensation, D&O, and liability coverage
    • Detailed review and update of paid leave sections and in Employee Handbook, plus minor updates for several recent Minnesota employment laws
    • Initial review of over 225 resumes for Accountant position
    • Continue onboarding of 2 recent hires (benefits, accounting support, etc.)
    • Some PTO
  • PyCon US
    • Work with Olivia, Loren, and Laura to draft 2024 recap
    • Begin timeline for 2025 travel grants
  • Sponsorship
    • Work with Loren, Olivia, and Laura on revising sponsorship packages to better support ongoing organizational funding needs
    • Cash Management
    • Negotiate 4.45% interest rate on money market account and request new banking rep at PNC due to lack of support this year
    • Test PEX out of pocket reimbursement process with Laura
  • Board
    • Assist with 2024 Board Retreat logistics and support other Board governance matters, including annual conflict of interest attestations
    • Work with Laura on setting schedules for 2024-2025 Finance Committee
  • Manage all other ongoing accounting, finance, tax, insurance, human resources, payroll, legal, and other matters

3.7   Loren Crary

August report not provided.

3.8   Marie Nordin

  • Some PTO
  • Grants Work Group administration
  • Fellows Work Group administration
  • Grants Work Group refresh
    • Updating Charter with input from the PSF Board, PSF Staff, and GWG
  • PSF Board Election retrospective

3.9   Seth Larson

  • Grant with Alpha-Omega renewed through 2024. Published blog post announcement to PSF blog.
  • Guide for adopting Trusted Publishers by All Package Repositories was published. Blog post published to the OpenSSF blog.
  • Pip 24.2 now uses system certificates by default allowing for IT departments to centrally manage trust and corporate proxies natively for Python environments.
  • Revitalized the PEP 710 (index install records) effort by Fridolín Pokorný. This PEP will be instrumental for generation of SBOMs from Python environments.
  • Reviewing PEP 751 (Python lock files) from a security perspective.
  • Logistics all booked for PyCon Taiwan, working with Georgi and Marie on PSF sponsor talk slot.
  • Onboarded Jacob Coffee as a CVE Numbering Authority Point of Contact
  • Worked on adopting GitHub Security Advisories for tracking and automating Python Security Response Team reports. Evaluating private forks feature.
  • Published security advisories with fixes for multiple vulnerabilities (CVE-2024-3219, CVE-2024-6923)
  • Working with Sigstore folks to fix historical Sigstore bundles so they can be verified by recent versions of the Sigstore CLI.
  • Google Summer of Code entering final weeks, mentee has merged multiple improvements to CPython’s compiler options and tooling to track existing warnings. Working on documenting for CPython and then documenting the entire work for GSOC.

3.10   Mike Fiedler

  • Malware
    • Inbound Malware Reports: 119
    • Resolution Time (average): 4h17m
    • Handle Time (average): 1m44s
    • A somewhat novel multi-project malware attack (“Cipherbcrypt”) prompted an in-depth analysis. 10 other projects were removed from PyPI as a result, and a public Advisory issued (PYSEC-2024-55, thanks Seth!)
  • Project Quarantine
    • When reviewing and acting on malware reports, a PyPI Admin had one main tool at their disposal: complete removal of the Project from the PyPI database. This is often coupled with prohibiting the Project name from being reused. PyPI already has functionality irrespective of malware to prevent File name reuse.
    • The impact of these removals can be disruptive, and removals are pretty much irrevocable - it’s the same mechanism PyPI warns project owners about when they elect to remove their project from the index.
    • Reducing the time window when a malicious Project/Release/File is available for end users to become victims is desirable, and further reduces the incentive for malicious actors to use PyPI as their distribution method.
    • Developed the underlying data model changes necessary, as well as the web routes and and user interface changes to allow PyPI Admins to place projects in quarantine awaiting further analysis.
    • Some future ideas may evolve to more automatic quarantine after we build more trust in the system.
  • Routine maintenance, package upgrades, bug fixes. All PRs authored by Mike merged in July

3.11   Jacob Coffee

  • Continued work on upgrading our infrastructure to the latest long-term support version
  • Onboarding as a point of contact for the PSF CVE numbering authority

3.12   Maria Ashna

August report not provided.

3.13   Dawn Wages

August report not provided.

3.14   Denny Perez

  • PSF - Meeting with Phyllis about sponsorship and finances for this year's PyLadiesCon
  • PSF - Meeting with community members and groups (Metting about concerns)
  • PSF - Meeting Elaine coordination on how to improve the communication of PSF content.
  • Community - PyLadiesCon: Organizer team (CFP launch Coordination, Setup conference backlog)
  • Community - PyCascades: Organizer Team ( CFP pre-launch coordination, Comms socials)
  • Community - PyCon Latam: Organizer Team (Prep 45 days before conference)
  • Community - Python Chile: Organizer team (Host monthly meetup - announcement CFP PyCon Chile)

3.15   Cristián Maureira-Fredes

  • PSF: Board meetings and discussions
  • PSF: Finalizing on-boarding, setting up calendly and start contacting communities for 1:1
  • Community: Addressing 51 size limit requests on PyPI/support
  • Community: Bot maintenance, moderation, and solving questions on the Python en Español discord and other telegram channels.
  • Community: PyLadiesCon: setting up a discord server, finalizing the new website.
  • Community: EuroPythonSociety: Writing up a document describing the whole Programme Committee process for EP2024. Having a meeting with PyCon Italy in order to re-think the processes and tools for future years.

3.16   Simon Willison

August report not provided.

3.17   Jannis Leidel

  • PSF: monthly board meetings and the usual comms (Slack etc)
  • PSF: User success WG research for charter and implementation
  • Jazzband: Usual maintenance, security response

3.18   Kushal Das

August report not provided.

3.19   Georgi Ker

3.20   KwonHan Bae

  • PSF - CoC WG
  • PSF - participated in board discussions via Slack and email
  • PSF - attended board meeting
  • PSF - board retreat planning and preparation
  • COMMUNITY : PyCon APAC Organize
  • COMMUNITY : PyCon KR Organize ( Sponsor, Finance)
  • COMMUNITY : present at Python Web Meeting, talked about wagtail
  • COMMUNITY : preparing keynote of ETRI Open Source Tech DAY 2024 ( Korea Electronics and Telecommunications Research Institute )
  • COMMUNITY : Conduct pizzapy for future plan
  • COMMUNITY : draft HelloPy ( python for beginner only ) in Korea with PyCon us attendee

3.21   Tania Allard

  • PSF: attend monthly board and executive committee meetings
  • PSF: participate in Slack and email discussions, conversations, and voting
  • PSF: board retreat planning and preparation
  • PSF: participation in CoC WG duties, such as meetings, discussions, etc.
  • PSF: user research WG charter and implementation ground work
  • COMMUNITY: participation in PyLadies Global council discussions and monthly meetings
  • COMMUNITY: further feedback seeking and PM work associated with the PyLadies website redesign
  • COMMUNITY and PSF: engagement and meeting with community members and groups
  • COMMUNITY: resumed mentorship hours for community individuals from historically marginalised groups
  • COMMUNITY: regular maintenance duties across projects and community stewardship

3.22   Cheuk Ting Ho

  • PSF - serving the conduct WG and grants WG
  • PSF - review updated for grants WG charter
  • PSF - discuss financial strategy
  • Community - organizing PyLadies Con (preparing CfP and communicate with chapters)
  • Community - support community members to create a community for educators

3.23   Chris Neugebauer

  • PSF: Board meeting
  • PSF: Participated in grants WG
  • PSF: Executive Committee
  • PSF: Merged Bylaws changes
  • North Bay Python: Finalised 2024 event and started planning 2025
  • PyCon AU: Participated in program review
  • Attending Kiwi PyCon (August) and PyBay (September)

4   Work Group Reports

4.1   Code of Conduct

  • Nothing to report at this time.

4.2   Grants

  • See list of resolutions under “Votes Approved by Working Groups”

4.3   Sponsors

  • Nothing to report at this time.

4.4   Marketing

  • Nothing to report at this time.

4.5   Jobs

  • Of the 528 Job submissions created in August 2024:
    • 152 have status approved
    • 39 have status draft
    • 158 have status expired
    • 94 have status rejected
    • 79 have status removed
    • 6 have status review

4.6   Trademarks

  • Nothing to report

4.7   Fellows

  • Nothing to report

4.8   Packaging

  • Nothing to report

4.9   Infrastructure

  • Nothing to report

4.10   Scientific Python

  • Nothing to report

6   Votes Approved by Working Groups

6.1   Grants

RESOLVED, that the Python Software Foundation Grants Work Group grant $5,250 USD to the SheDevelopers: Python Mastery workshop taking place in Zimbabwe on August 16.

Approved; 9-0-0, 2024-07-25

RESOLVED, that the Python Software Foundation Grants Work Group grant $5,000 USD to the sktime Developer Days sprint travel fund, to be co-located with EuroSciPy, in Szczecin, Poland, August 26-30th, 2024.

Approved; 8-1-1, 2024-07-25

RESOLVED, that the Python Software Foundation Grants Work Group grant $3600 USD to the PyCon MY 2024 conference taking place in Petaling Jaya, Malaysia, on August 24-25.

Approved; 9-0-0, 2024-07-30

RESOLVED, that the Python Software Foundation Grants Work Group grant $9,810 USD to the PyCon Latam conference taking place in Mazatlan, Sinaloa, Mexico on September 19-22, 2024.

Approved; 8-0-0, 2024-08-01

RESOLVED, that the Python Software Foundation Grants Work Group grant $600 USD to the PyCon mini Shizuoka 2024 conference taking place in Shizouka, Japan, on August 31.

Approved; 8-1-1, 2024-08-01

RESOLVED, that the Python Software Foundation Grants Work Group grant $3640 USD to the the sixth annual PyCon Estonia conference taking place in Tallinn, Estonia, on September 5-6, 2024.

Approved; 8-0-0, 2024-08-13

RESOLVED, that the Python Software Foundation Grants Work Group grant $5000 USD to the the 9th annual PyBay Conference taking place in California, US, on September 21st, 2024.

Approved; 8-0-0, 2024-08-13

6.2   Sponsors

  • None at this time.

6.3   Scientific Python

  • None at this time.

8   New Business

  • The PSF discussed the PyCon Africa Conference grant submission and voted on the following resolutions:

    RESOLVED, that the Python Software Foundation Board of Directors grant $22,200 USD to the PyCon Africa Conference taking place in Accra, Ghana, on September 24-28, 2024.

    Approved; 10-0-0, 2024-08-14

  • The PSF discussed proposed changes to the Grants Working Group charter and voted on the following resolution:

    RESOLVED, that the Python Software Foundation Board of Directors approve updates to the Grants Working Group charter, as written at https://wiki.python.org/psf/GrantsWG/Charter.

    Approved; 10-0-0, 2024-08-14

  • The PSF discussed the Q2 and Q3 Community Service Award nominations and voted on the following resolution:

    RESOLVED that the Python Software Foundation grant Q2 2024 Community Service Awards to Raquel Dou, Lais Carvalho, and Leonard Richardson; Q3 2024 Community Service Awards to Kojo Idrissa, Joanna Jablonski, and Jessica Greene.

    Approved; 10-0-0, 2024-08-14

  • The PSF discussed the chartering of a ByLaws Board Committee and voted on the following resolution:

    RESOLVED that the Python Software Foundation charter a Board Committee to review and propose amendments to the Foundation’s Bylaws, with a term lasting no later than the next Board of Directors election.

    Approved; 9-0-0, 2024-08-14

9   Discussions

  • The board discussed the Board Office Hours proposal and scheduling
  • The board discussed topic prioritization framework for future board meetings.
  • The board discussed the grants policy of the PSF and the Grants Working Group.
  • The board discussed plans surrounding strategic planning
  • The board discussed plans for the upcoming board retreat.

Meeting adjourned at 14:47 UTC