PSF Meeting Minutes for Dec. 10, 2025
Title: 2025-12-10 PSF Board Meeting Minutes Encoding: utf-8 Author: psf at python.org Content-Type: text/x-rst
The Python Software Foundation
Minutes of a Regular Meeting of the Board of Directors
December 10, 2025
A regular meeting of the Python Software Foundation ("PSF") Board of Directors was held over Group Conference Call via phone and Internet Relay Chat/Slack beginning at 13:00 UTC, on December 10, 2025. Olivia Sauls took notes/minutes.
All votes are reported in the form "Y-N-A" (in favor-Y‚opposed-N‚abstentions-A; e.g. "5-1-2" means "5 in favor, 1 opposed, and 2 abstentions").
- 1 Attendance
- 2 Minutes of Past Meetings
- 3 Board and Staff Monthly Reports for December 2025
- 3.1 Deb Nicholson
- 3.2 Oliva Sauls
- 3.3 Laura Graves
- 3.4 Ee Durbin
- 3.5 Loren Crary
- 3.6 Marie Nordin
- 3.7 Seth Larson
- 3.8 Mike Fiedler
- 3.9 Jaime Barrera
- 3.10 Jacob Coffee
- 3.11 Maria Ashna
- 3.12 Abigail Mesrenyame Dogbe
- 3.13 Sheena O'Connell
- 3.14 Denny Perez
- 3.15 Cristián Maureira-Fredes
- 3.16 Simon Willison
- 3.17 Jannis Leidel
- 3.18 Georgi Ker
- 3.19 KwonHan Bae
- 3.20 Tania Allard
- 3.21 Cheuk Ting Ho
- 3.22 Chris Neugebauer
- 4 Work Group Reports
- 5 PSF Board Votes Approved by Email
- 6 Votes Approved by Working Groups
- 7 Consent Agenda Resolutions
- 8 New Business
- 9 Discussions
1 Attendance
The following members of the Board of Directors (8 of 12) were present at the meeting: Christopher Neugebauer, KwonHan Bae, Jannis Leidel, Denny Perez, Abigail Mesrenyame Dogbe, Sheena O'Connell, Cheuk Ting Ho, Simon Willison.
Olivia Sauls (Program Director), Ee Durbin (Director of Infrastructure), Marie Nordin (Community Communications Manager), Loren Crary (Deputy Executive Director), Seth Larson (Python Security Developer in Residence), Kelly Ragland (Finance Manager), and Jaime Barrera (Community Events Coordinator) were also in attendance.
2 Minutes of Past Meetings
Minutes from prior meeting November 12, 2025:
RESOLVED, that the Python Software Foundation approve the minutes at https://mail.python.org/archives/list/psf-important@python.org/thread/WURXJ7SFDWVQHNOTGDH2RYPUF3TRSV4D/ as representing a true and accurate record of the November 12, 2025 meeting.
Approved, 7-0-1
3 Board and Staff Monthly Reports for December 2025
3.1 Deb Nicholson
- Support fundraising work, comms etc.
- Support PyCon US planning
- Recruit talk reviewers for PyCon US
- Policy and strategy conversations with stakeholders
- Meet with potential institutional funders
- Compile information on long range planning
- Board and Executive committee onboarding
3.2 Oliva Sauls
- PyCon US 2026 registration launch
- Travel Grant launch
- Startup Row applications launch
- Community Booths applications launch
- PyCon US hotel block opening
- Promotions, newsletter and blog post
- Website build and copy/content writing and review
- Meetings with Altitude C; PyCon US AV team
- Keynote selection and logistics planning
- Room allocations and floor plan drafts at LBCEC
3.3 Laura Graves
December report not provided.
3.4 Ee Durbin
December report not provided.
3.5 Loren Crary
- Correspondence with current and prospective sponsors
- Contract negotiation with current and prospective sponsors
- Assessing and pursuing grant opportunities
- Drafting and revising strategic public communications
- Board relations
- 2025 end of year fundraiser support
- Strategic team management and support
- Targeted outreach to promote PyCon US Call for Proposal and PyCon US/PSF sponsorship program
- Managing Programs Director & Community Communications Manager
3.6 Marie Nordin
- Fundraiser project management: ongoing comms & responses, PyCharm collaboration, setting a new goal, pop-up banner coordination.
- PyCon US: supporting comms, website copy, community booth planning. Initiating PSF Booth coordination.
- December special edition newsletter: Fundraiser, PyCon US CfP & Registration, & PSF/Arm case study.
- Grants & Community Partners Program: Completed GWG membership affirmation, development of Community Partner Program documentation & processes, Q4 call with GWG. Strategy & planning for Grants Program in 2026.
- Fellows Program: Completed Fellows WG membership affirmation. Onboarding new workgroup member. Supporting the development of updates & improvements to the program.
- Support of all communications unrelated to the above. Sponsor communications benefits.
3.7 Seth Larson
- “PSF 2025 Security Report” end of year report for Alpha-Omega, PSF Annual Report
- Sustainability:
- Grants: NSF Safe-OSE, Sovereign Tech Agency
- PSRT operations and membership (PEP 811)
- PyPI: Project Quarantine, Malware Reporting API
- PyPI: “Archived” Project Status
- Integrity:
- Solving the “Phantom Dependency” problem
- SBOMs for Python packages (PEP 770)
- Python package archive integrity (ZIP/tar)
- Leader:
- Trusted Publisher Guidance: Adopted by crates.io, NuGet, NPM
- CNA Guidance: Django becomes a CVE Numbering Authority
- CVE Record 5.2 adds support for Package URLs (PURL)
- GitLab Self-Hosted Trusted Publishers beta
- Cyber Resilience Act (CRA) 501c3 Legal Guidance sub-group
- New Threats
- PyPI reverse-proxy phishing (WebAuthn)
- Domain resurrection
- Workflow Security (Trusted Publishers, Zizmor)
- Credential Worms like “Shai-Hulud” (Trusted Publishers)
- Sustainability:
- PEP 811: Python Security Response Team (PSRT) operations and members has been “Accepted”
- Collaborated with Jacob Coffee on PSRT bot for vulnerability disclosure deadline reminders.
- Sovereign Tech Agency “ZIP/tar” fuzzing project
- Published 3 vulnerability advisories for CPython
- ORCWG CRA-Attestations 501c3 feasibility
3.8 Mike Fiedler
- Malware Response
- In November, Mike processed 178 malware reports, with significant security inbox work accumulating during mid-month PTO. Upon return, clearing the backlog consumed two full days.
- Notable incidents included handling the "Shai Hulud" supply chain attack exposure, which required investigation and remediation for affected PyPI user accounts. Mike published a [blog post detailing PyPI's response](https://blog.pypi.org/posts/2025-11-26-pypi-and-shai-hulud/).
- Mike provided feedback to repeat reporters regarding report quality, continuing efforts to improve the signal-to-noise ratio of inbound malware reports. One user account alone generated 18 reports that were all false alarms, highlighting the need for continued reporter education. Automated quarantine continues to function effectively with zero false positives.
- Trusted Publishing Enhancements
- Trusted Publishing continued to be a primary focus in November, building on October's GitLab Self-Managed beta launch. This work directly supports PyPI's goal of minimizing long-lived API tokens in favor of secure, short-lived credentials for CI/CD providers.
- Key deliverables:
- Released [Pending Organization Publishers](https://github.com/pypi/warehouse/pull/19005), a significant feature enabling organizations to pre-configure trusted publishers before projects exist. This streamlines onboarding for teams adopting Trusted Publishing.
- Published a [blog post](https://blog.pypi.org/posts/2025-11-10-trusted-publishers-coming-to-orgs/) highlighting Trusted Publishing adoption metrics and announcing GitLab Self-Managed support for enterprise users
- Added [functional tests for Trusted Publishing](https://github.com/pypi/warehouse/pull/19000), improving test coverage and catching edge cases
- Implemented [confirmation dialog for Trusted Publisher removal](https://github.com/pypi/warehouse/pull/19001) to prevent accidental deletions that could break CI/CD pipelines
- Promoted releases via social media to increase community adoption
- Trusted Account Associations
- Mike began work on Trusted Account Associations, a new feature enabling users to link external accounts (e.g. GitHub, GitLab, Google) with their PyPI accounts. This should improve account recovery options and enable future verification mechanisms.
- Mike authored the [main tracking issue](https://github.com/pypi/warehouse/issues/19026) and set up a [milestone](https://github.com/pypi/warehouse/milestone/18) for the project. Initial work began on the [Account Associations data model](https://github.com/pypi/warehouse/pull/19053), with the design generalized to support alternate verification mechanisms in the future.
- Security Infrastructure Improvements
- [Added login validation to prevent email addresses in username field](https://github.com/pypi/warehouse/pull/19012), addressing a common user error pattern
- [Collected OTP sync issue metrics](https://github.com/pypi/warehouse/pull/18981) to diagnose authentication timing problems
- Reviewed and merged security scanning improvements for linehaul, including zizmor integration
- [Fixed inspector encoding detection](https://github.com/pypi/inspector/pull/248) issues
- Community Engagement
- Attended Alpha-Omega and OpenSSF monthly meetings
- Participated in Fast Forward Registry Roundtable hosted by Fastly
- Other Items
- Converted [Warehouse documentation from Sphinx to MkDocs](https://github.com/pypi/warehouse/pull/18977) to bypass a dependency issue
- [Removed intermediary pip-compile script](https://github.com/pypi/warehouse/pull/18979), simplifying dependency management
- [Removed deprecated cryptography default_backend](https://github.com/pypi/warehouse/pull/18980) from OTP module
- [Removed docReady JavaScript helper](https://github.com/pypi/warehouse/pull/18991) in favor of native defer attribute
- Added [organizations profile feature to display project summary](https://github.com/pypi/warehouse/pull/18998)
- Investigated [dependency injection issue](https://github.com/pypi/warehouse/issues/19033) with [PR #19055](https://github.com/pypi/warehouse/pull/19055) and [added database index](https://github.com/pypi/warehouse/pull/19056)
- Routine [Dependabot updates](https://github.com/pypi/warehouse/pull/19004)
- [Code review for refactor](https://github.com/pypi/warehouse/pull/19027#pullrequestreview-3444863292)
- Mike took one week of paid time off (November 17-21) for vacation.
3.9 Jaime Barrera
December report not provided.
3.10 Jacob Coffee
December report not provided.
3.11 Maria Ashna
December report not provided.
3.12 Abigail Mesrenyame Dogbe
December report not provided.
3.13 Sheena O'Connell
- PyCon Namibia: assisting with fundraising
- PyLadiesCon: Talk recording, panel discussion
- DjangoGirls: Connecting some dots with CodeBlossom ngo so their students can take part in DjangoGirls Namibia
3.14 Denny Perez
December report not provided.
3.15 Cristián Maureira-Fredes
- PSF: Board meetings, office hours, fundraising, executive committee and other calls and discussions
- PSF - PyCon US: Reviewers sessions and keynote discussion meetings
- Community - EPS: General catch-up for future events and initiatives
- Community - PyLadiesCon: Finishing up pending topics and running the conference
3.16 Simon Willison
- PSF: Promoted CFP and sponsorship prospectus for PyCon
3.17 Jannis Leidel
December report not provided.
3.18 Georgi Ker
December report not provided.
3.19 KwonHan Bae
- PSF - participated in board discussions via Slack and email
- PSF - attended board meeting
- COMMUNITY : Python Docs Translate related some tasks
- COMMUNITY : vLLM KR Organize
- COMMUNITY : Python Asia Organize
- COMMUNITY : PyCon KR Organize
- COMMUNITY : Hold PyAI Symposium Korea
3.20 Tania Allard
December report not provided.
3.21 Cheuk Ting Ho
- PSF - Workgroup works
- PSF - Fundraising
- Community - Workshop at PyLadies Amsterdam
- Community - Spoke at AI in Orthopaedics
3.22 Chris Neugebauer
December report not provided.
4 Work Group Reports
4.1 Code of Conduct
- Nothing to report at this time.
4.2 Grants
- Nothing to report at this time.
4.3 Sponsors
- Nothing to report at this time.
4.4 Marketing
- Nothing to report at this time.
4.5 Jobs
- Of the 370 Job submissions created in December 2025:
- 97 have status approved
- 5 have status archived
- 19 have status draft
- 105 have status expired
- 85 have status rejected
- 52 have status removed
- 7 have status review
4.6 Trademarks
- Nothing to report
4.7 Fellows
- Nothing to report
4.8 Packaging
- Nothing to report
4.9 Infrastructure
- Nothing to report
4.10 Scientific Python
- Nothing to report
4.11 Diversity & Inclusion Work Group
- Nothing to report
5 PSF Board Votes Approved by Email
- None at this time.
6 Votes Approved by Working Groups
6.1 Grants
- None at this time.
6.2 Sponsors
- None at this time.
6.3 Scientific Python
- None at this time.
7 Consent Agenda Resolutions
- None at this time.
8 New Business
- None at this time.
9 Discussions
- The board discussed an update from the Python Security Developer in Residence regarding recent work and milestones including the PSF Security 2025 EOY Report and [PEP 811](https://peps.python.org/pep-0811/)
- The board discussed an update on the 2026 Fundraiser and Meetups.
- The board discussed an update regarding PyCon US 2026 and sponsorship and funding.
- The board discussed the Community Partner Program and the Grants Working Group Charter.
- The board discussed the PyCon US Travel Grants process for PyCon US 2026.
- The board discussed progress on Strategic Planning and expectations around work to be done.
Meeting adjourned at 14:01 UTC