PyPI Repository Makes 2FA Security Mandatory for Critical Python Projects

Microsoft Windows Autopatch is Now Generally Available for Enterprise Systems

July 13, 2022

SPP Announces MOD-032 Modeling Schedule for SPP’s 2023 Model Build

July 13, 2022

Published by Certrec on July 13, 2022

Summary:

The maintainers of the official, third-party software repository for Python have begun imposing a new, two-factor authentication (2FA) condition for projects deemed "critical."

Additional Discussion:

Additionally, the developers of critical projects who have not previously turned on 2FA on PyPi are being offered free hardware security keys from the Google Open Source Security Team.

PyPI, which is run by the Python Software Foundation, houses more than 350,000 projects, of which over 3,500 projects are said to be tagged with a "critical" designation.

According to the repository maintainers, any project accounting for the top 1 percent of downloads over the prior six months is designated as critical, with the determination recalculated on a daily basis.

But once a project has been classified as critical it's expected to retain that designation indefinitely, even if it drops out of the top 1-percent downloads list.

The move, which is seen as an attempt to improve the supply chain security of the Python ecosystem, comes in the wake of a number of security incidents targeting open-source repositories in recent months.

Link

https://thehackernews.com/2022/07/pypi-repository-makes-2af-security.html?_m=3n%2e009a%2e2782%2erx0a...

Certrec

Comments are closed.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.