The Python Software Foundation is the organization behind Python.
The PSF is an open membership organization, and we are made up of,
governed, and led by the community. We exist to support the full
Python ecosystem and community, for all uses and users of Python.
If you contribute to the Python community in any way, whether as a
member of the PSF, a PSF sponsor, a developer, an educator, a
member of a local Python group, an organizer or attendee of a
PyCon or other Python event, you are a part of the PSF and you
make the work we do possible.
Our mission is to promote, protect, and advance the Python programming
language, and to support and facilitate the growth of a diverse and
international community of Python programmers.
THIS YEARâS ANNUAL IMPACT REPORT WAS DESIGNED AND REVIEWED FOR
ACCESSIBILITY. IF YOU HAVE FEEDBACK ABOUT HOW WE CAN IMPROVE, PLEASE
SEND AN EMAIL TO
psf@python.org.
The PSF empowers the people who make up the Python community, and
we promote connection, diversity, and growth within the Python
community.
We host PyCon US, the annual event for celebrating, learning
about, and coming together around Python
We provide grants to groups across the globe hosting events for
and by Pythonistas supporting each other and welcoming newcomers
We fiscally sponsor 20 Python-related community groups,
conferences, and projects to allow them to continue their
contributions to the community with organizational
infrastructure behind them
We fulfill
our mission
through these core activities:
The PSF provides the structure and stability that the Python
language, its contributors and users need to thrive.
We distribute Python, free of charge and available to all
We establish PSF licenses, hold intellectual property rights to
most Python releases, and protect Python-related trademarks
We help coordinate and put resources behind improvements to the
Python codebase and new Python releases
The PSF facilitates advances in the Python language,
Python-related technology & education resources.
We host PyPI, the Python Package repository, and we are
constantly working on how to best serve PyPI users
Our Developers-in-Residence amplify volunteer contributorsâ
impact by processing CPython pull requests, tackling structural
improvements, and improving security
We encourage Python-related research in the public interest, and
disburse Science and Education Grants to educators, researchers,
and learners
Looking forward, the PSF aims to help the Python ecosystem grow
and thrive by reaching and welcoming an ever larger and more
diverse group of Pythonistas to enjoy using Python and being part
of our community.
We brought on Seth, Mike, Marisa, and Marie in 2023, and in January of 2024 we also added two more people
for the CPython team, Petr and Serhiy
â welcome aboard! This increased capacity at our small but
mighty organization has enabled us to do more of the things we
know are needed for Pythonâs continued success.
What weâve already done MORE of in 2023
âď¸
MORE SECURITY
You may have read that we have been working hard to provide better
security and service to CPython and PyPI users. Thanks to Seth
Larsonâs hard work, we became a
CNA
this year, which makes it easier for any party to report a
vulnerability, use secure versions of Python, and apply remediations
and patches. And thanks to Mike Fiedlerâs tireless dedication, we
rolled out
2FA for all users
on PyPI.
âď¸
MORE COLLABORATION
Weâve now got the capacity in house to write grants and have started
seeing where we can collaborate. Weâre grateful for partnerships
with the Alpha-Omega project, AWS, Bloomberg, and Georgetown
University for funding for three of the new technical roles I
mentioned at the start of this letter, as well as Metaâs ongoing
funding for the CPython Developer in Residenceâitâs been
transformative to be able to go from a vision from the community of
what a role could look like to bringing people on board to seeing
steady, tangible progress against the communitiesâ long term
priorities. Loren Crary is leading the charge to find more entities
that both care deeply about Python and are interested in funding our
work. Weâre looking at both government and academic partnerships and
are actively building the relationships that will take our work to
the next level.
âď¸
MORE SERVICE TO THE COMMUNITY
Marie Nordin has helped us revive the
PSF Newsletter.
Under Laura Gravesâ and the Grants Work Groupâs stewardship, we gave
out $374K in grants this year and began a journey to revitalize the
Grants Program with a goal of better serving all the parts of our
community, especially where thereâs the most opportunity for our
support to create an impact. In 2024, Marie and Laura will be
working together with the Grants Working Group to see that the
Grants Program continues to grow and thrive. We also gave out a
record amount of travel grants ($280K) at PyCon US 2023 (with $50K
provided by PyLadies) and PyCascades.
This was a big year for new
fiscal sponsorees
as Python Meetups and other local events started to really bounce
back from the early days of the pandemic when in-person activity
had really dwindled. Our Accounting TeamâPhyllis Dobbs, Laura
Graves, and Joe Careyâonboarded Bandit, BAPyA (Bay Area Python
Groups), ChiPy, Denver Python User Group, North Bay Python,
PyOhio, and Twisted in 2023. We welcome all of our new fiscal
sponsorees and are excited to work with each organizing team.
âď¸ MORE PYCON US
We celebrated the 20th anniversary of PyCon US, welcoming 2,159
attendees in Salt Lake City, and 491 joining the online event.
From the first tutorial session to the last day of sprints, we
learned, connected, collaborated, and had a lot of fun. Under our
Program Director Olivia Saulsâ leadership, a huge team of
volunteers, speakers, presenters, staff, and sponsors came
together to make it all possible, and the attendees brought their
curiosity, knowledge, friendliness, and that special PyCon US
energy that makes it a highlight of each year.
âď¸ MORE ADVOCACY
The PSF worked with the wider
open source community
to address the parts of the EUâs proposed Cyber Resilience Act
that seemed potentially detrimental for our community. Through
discussion and education, the final version of the law had much
better clarity on who should be responsible for open source
software security. Weâve also been following the conversation
around cyber-security in the US. âThe US government invited us to
participate in a call for information about
how we approach and solve security issues.
With two new CPython developers-in-residence, Petr Viktorin and
Serhiy Storchaka, joining Senior Developer-in-Residence Ĺukasz
Langaâs team, expect great strides in core development and community
facilitation.
âď¸ EVEN MORE SECURITY
Ee Durbin continues working with our Security staff, overseeing Seth
Larson and Mike Fiedler as we build long-lasting, community-driven
security on both the CPython side and PyPI side. Expect lots of
updates and requests for input as we push forward to meet the
evolving needs of Python contributors, users, and package
maintainers.
âď¸ MORE LISTENING
After prompting from community members, we began a process of
reviewing and reorganizing our Grants Program. We want to make sure
that our application process is as smooth and transparent as
possible and ensure that we are serving the communityâs needs while
recognizing and supporting the diversity of Python users around the
world. If you have questions, ideas, or want to help, please let us
know. We welcome you to join the
PSF Grants Program Office Hours on Discord.
âď¸ MORE CELEBRATION
We want to spend more time celebrating community members and
contributors that make Python so special. We need to hear from you
about community members that we should be recognizing and lifting
up! Please nominate your fellow Pythonistas for
CSA or DSA Awards. Weâre also interested in supporting more community endeavors,
like Podcats and your Hatchery
plansâplease get in touch with your ideas!
âď¸ MORE WELCOMING
One more lovely thing that happened this yearâwe received a GitHub Award under the Wonderfully Welcoming
category in November!
It was really gratifying to see our community recognized for
something we collectively spend a lot of time on. We intend to
continue expanding the universe of people who consider themselves
part of our friendly community in 2024 and I hope youâll join us in
doing an excellent job of welcoming the next batch of Pythonistas
into the fold!
Notes from our PSF Board of Directors and PyCon US Chair
Attending PyCon US has been a life-changing experience for me.
BY MARIATTA WIJAYA, PYCON US CHAIR
Back in 2015, I received financial aid through PyLadies for
attending the conference, and it kickstarted my journey in the
Python community.
Seeing many women speaking at PyCon US was what inspired me to
start speaking at conferences too, which in turn started a new
personal tradition of doing ice cream selfies after giving a talk
at a conference as a way to reward myself.
It was also at PyCon US 2015 that I listened to the keynote speech
from Guido van Rossum regarding diversity issues in the core
Python team, and how at that point there were no women as Python
core developers at all, and that the Python Language Summit was
attended by 50 men. Up to that point I didnât even know that there
was such a thing called âPython core developerâ. It made me
realize that I didnât know much about the Python community at all.
The speech inspired me to be more involved in the Python community
and to eventually become a Python core developer myself.
I did not expect to one day be the one chairing the PyCon US
conference myself. Without the financial aid and support from
PyLadies and the Python community, I would not be where I am
today.
This year we invested a lot of time and energy into initiatives
that connect the community.
BY DAWN WAGES, BOARD OF DIRECTORS, CHAIR
My chief goals on the board as the chair are to:
Strive for healthy debate and consensus
Be a liaison between the board and staff
Look for opportunities for strategy and efficiency on the board
It is not always easy to accomplish these goals with our varying
interests, expertise and ideas; but we have had many rewarding
ends to conversations with our eyes fixed on supporting the Python
Software Foundation and its members. The passion is shared among
this wonderful board and itâs been an honor to serve in this role.
Weâre thrilled that our global interest in Latin American, Asian,
and African Python events has meant closer relationships with
regional leaders with specific requests to address the
underrepresented global audience. We are ready to roll up our
sleeves and continue to support the Python community globally.
This year we invested a lot of time and energy into initiatives
that connect the community. Join us for
Grant Office Hours
2023 was the year of collaborationâfrom CPython internals, through
process improvements for Python development, all the way to
fostering external contributions and expanding the Developer in
Residence program.
The biggest news is the acceptance of
PEP 703 by the
Steering Council, and the resulting work towards bringing it to
light. If youâre not familiar with the cryptic combination of a
three-letter acronym and numbers, PEP 703 is the design document
that describes how Python can make the Global Interpreter Lock (GIL)
optional. Itâs a change of unprecedented magnitude in Python, and
with that comes the need for unprecedented caution. Sam Gross, the
author of the PEP, described not only a feasible way to build a
usable Python without the GIL, but
provided a proof-of-concept implementation. Ĺukasz supported the change from Day 1, helped with
bringing it under discussion
with other core developers, formalized it in the form of a PEP, and
sponsored it under his role as a CPython developer.
At the same time, the core team is working on equally impressive
changes like a Just-in-Time compiler, which requires additional
testing. Ĺukasz worked on maintaining the buildbot fleet, improving
the performance of the
front-end, making the big memory Windows 11 buildbot more usable at time of
Pull Requests, fixing macOS build failures, and triaging issues when
they popped up. In particular, the big memory buildbot caught a
number of unique bugs!
Ĺukasz joined Steve Dower as a member of the release team who
prepares Windows installers. Weâre still on our way to do the same
for macOS but in the meantime Ĺukasz started helping Anthony Sottile
release freshly built Python versions on Ubuntu as part of Anthonyâs
deadsnakes project. All in all, Ĺukasz was involved in essentially
every release made in 2023.
At PyCon US 2023 we hosted the
largest Python Language Summit in the history of PyCon US. Ĺukasz organized the Summit, including inviting external
community members, some of whom became regular Python contributors!
Every PyCon US ends with a sprint, and this time Ĺukasz supported
newcomers who wanted to makeâŚ
their first contributions to Python. When the time came for
EuroPython 2023 in Prague, Ĺukasz led the CPython sprint, which
was so overflowing with contributors, we had to spill over to
neighboring rooms.
The Python Core Developers met for a dedicated core sprint week in
2023 at Red Hat in Brno, Czechia. Organized by Petr Viktorin, this
was a particularly fun and productive week. Ĺukasz worked with
Mariatta Wijaya on upgrading some bots to serve as GitHub apps,
which aligns them with the current requirements of the platform.
During 2023, Ĺukasz reviewed and merged close to 500 pull requests
within the Python organization on GitHub, most of them authored by
other Core Developers.
A few of those upgrades were security improvements, like requiring
second-factor authentication for all Python organization members
on GitHub and adopting Sigstore as the technology to sign Python
releases with signature and key transparency logs. Ĺukasz
collaborates with Seth Larson, the PSF Security
Developer-in-Residence, on a regular basis, as well as the Python
Security Response Team.
Whatâs next? In late 2023, Ĺukasz got involved with upgrading
speed.python.org, the
platform to run and gather benchmarks of Python. It will need to
become more powerful for the upcoming changes to Python. On top of
that, work as a Developer-in-Residence has
now transformed from a solo role into a team, which means more long-term planning is taking place to utilize
our newly found development velocity.
Open source software supply chain security took off in 2023
including in the Python ecosystem.
Motivated by attacks on the software supply chain, exploitation of
software vulnerabilities, and new regulations from governments,
users are looking for solutions to maintain safety and integrity
while participating in open source software ecosystems.
Maintainers of open source want their projects to be secure, but
in many cases there is a gap in time, resources, and tooling that
stands in the way of holistic improvements.
To address these needs in the Python ecosystem, the Python Software
Foundation hired Seth Larson as the
inaugural Security Developer-in-Residence
in June 2023. This position was possible thanks to grant funding from
Alpha-Omega.
The role has the mandate to improve the security posture of the entire
Python ecosystem, including the Python runtime, Python packages, and
infrastructure like the Python Package Index (PyPi). You can follow
along with work being done on the
PSF blog and
Sethâs personal blog
with frequent updates.
The first project was to improve Pythonâs ability to manage and
publish vulnerabilities. Our vulnerability management process before
was driven entirely by external organizations like MITRE who would
assign CVEs on behalf of reporters, sometimes without consulting
Pythonâs Security Response Team. This resulted in CVEs that sometimes
were incorrect, confusing to users, or didnât contain all the
information needed to remediate like patches and work-arounds.
âMaintainers of open source want their projects to be secure, but in
many cases there is a gap in time, resources, & tooling that stands
in the way of holistic improvements.â
Towards having more involvement in the vulnerability process, Seth
worked to
authorize the Python Software Foundation as a CVE Numbering
Authority
(CNA) capable of managing the CVEs for both Python and pip.
Vulnerability advisories were now getting published to the
security-announce@python.org
mailing list and the distributed Open Source Vulnerability (OSV)
database for automated querying of vulnerabilities affecting Python.
Next was a focus on hardening CPythonâs release process. Supply
chain attacks against open source software tend to focus on the
release process due to being ephemeral and thus difficult to detect
an intrusion compared to merging attacks into the public source
code. CPythonâs release process is quite complex,
requiring multiple humans and services for each release, and there is potential to exploit many of these components.
There were multiple improvements made to the release process,
including auditing
Sigstore signatures of CPython artifacts
for consistency, making builds of CPython reproducible byte-for-byte
to detect injected code, and moving the build from release managersâ
machines to an isolated and repeatable environment like GitHub
Actions. All of this work happened with the involvement of Python
release managers to ensure the process changes fit with their
existing working model.
2024 is likely to bring new challenges and having full-time staffing
to engage early will mean Python can continue being a leader
regarding supply chain security. We look forward to continued
interest and support of a secure Python ecosystem for everyone.
PSF PyPI Safety & Security Engineer
BY MIKE FIEDLER
PyPI is a massive project that has become a key digital
infrastructure serving millions of users.
Mike Fiedler joined the PSF in August 2023 as our new PyPI Safety &
Security Engineer. Mike was already a dedicated member of the Python
packaging community: he has been a Python user for 15 years,
maintains and contributes to open source, and became a PyPI
maintainer in 2022. This critical role would not be possible without
grant funding from
AWS.
We support the Python community by hosting resources & downloads
on python.org, documentation on docs.python.org, packages on
pypi.org, and much more.
In addition to these public facing resources, we also support the
development workflows of CPython core developers, hosting of
mailing lists on mail.python.org, and maintain and improve
us.pycon.org for PyCon US. We also support the community by
maintaining domain registration, DNS, mail, and more for our
fiscal sponsorees as well as projects like PyPy and Jython.
In 2023 PyPI saw a 45% growth in download counts and bandwidth
alike, serving 603,378,275 downloads for the 516,402 projects
hosted there requiring 747.4 Petabytes of data transfer, or 189.6
Gbps of bandwidth 24x7x365.
Thank You to Fastly
The astounding traffic demands on the PSF infrastructure have
continued to see year-over-year growth. Thanks to Fastly the teams
that maintain the services we support, particularly PyPI, have
nevertheless been able to focus on improvements and features,
rather than scaling to that increased load. We are grateful to
Fastly for
making the online services that the PSF provides possible, so that
we can invest time and resources into advancing our infrastructure
to better meet community wants and needs.
We had 2,159 in-person attendees and 491 online attendees! 1,705
first time attendees joined us!
PyCon US welcomed the Python community back to the Salt Palace
Convention Center for the second year of PyCon US in Salt Lake
City, Utah, and for the 20th Anniversary Celebration of PyCon US.
The mountainscape and spring weather of Salt Lake City provided a
beautiful backdrop for an energizing and inspirational 9-day PyCon
US 2023 conference, filled with Tutorials, Talks, Sponsor
Presentations, Sprints, Summits, and Keynotes, promoting the theme
âBy the community, For the communityâ. This year, PyCon US
reintroduced 4 days of the post-conference Development Sprints for
the first time since gathering in-person again.
Live-streaming of the main conference days returned for the second
year via the PyCon US 2023 virtual platform, Hubilo, with the new
feature of providing access to all registered attendees, whether
registered for online or in-person attendance. PyCon US was also
able to provide live captioning for all tracks of the main
conference days, including âlive-remoteâ captioning for our
Spanish Charlas Track, to increase and promote diversity and
accessibility for our community.
The PSF maintains a fiscal sponsorship program to support Python
events and projects by providing a non-profit umbrella, handling
back office needs, and facilitating donations so the projects can
concentrate on furthering their goals. The program continued to
grow in 2023, bringing on 7 new fiscal sponsorees, arriving at 20
amazing groups total.
Our fiscal sponsorees include:
Bandit
Bay Area Python Association
Boston Python
ChiPy
Denver Python Users Group
Jazzband
North Bay Python
Pallets
PhillyPUG
PuPPy
PyCascades
PyBeach
PyHawaii
PyLadies
PyMNtos
PyOhio
PyPA
PyRVA
Python San Diego User Group
Twisted
âPSFâs support for PyCon Namibia has helped a fledging local
software community grow into a confident, sustainable movement.â
In 2024, PyCon US will be held in Pittsburgh, Pennsylvania, at the
David L. Lawrence Convention Center. Our attendees will join us online
and in person for a program filled with tutorials, talks, sprints,
summits, and keynotes presented by our community, celebrating our
theme âBy the community, For the community.â For more details, visit
the
conference website.
In 2023, the grants program focused on virtual and in-person events.
The PSF distributed $697K in grants in 2023, to 174 groups in 52
countries around the world.
If your company relies on Python, talk to your boss about
sponsorshipâwe have lots of options!
If your organization would like to contribute to making PyCon US
an amazing event, contact us about our
sponsorship programâemail
sponsors@python.org.
Volunteer
Rather support the Python community with your time? We have lots
of
volunteer opportunities!
We can always use folks at
PyCon USâeither in person or online
Many of our friendly
workgroups
are seeking new members
Or you can help new folks with their questions in
Python Help.
The PSF is recognized by the IRS as a 501(c)(3) non-profit
charitable organization in the United States. Want to collaborate on
a grant or donate something that needs to go to charity? Get in
touch with us,
sponsors@python.org.
