We are pleased to announce the release of the new Expense Submission flow! 🎉 We’ve done a lot to increase the odds that your expenses are submitted correctly, pass the essential checks from Collectives and Fiscal Hosts, and are paid promptly. Hundreds of users have been trialing the new flow,Continue Reading
Unfortunately the string of phishing attacks using domain-confusionand legitimate-looking emails continues. This is the same attack PyPI saw a few months agoand targeting many other open source repositoriesbut with a different domain name. Judging from this, we believe this type of campaign will continuewith new domains in the future. InContinue Reading
Summary I recently responded to an attack campaign where malicious actors injected code into GitHub Actions workflows attempting to steal PyPI publishing tokens.PyPI was not compromised, and no PyPI packages were published by the attackers. Attackers targeted a wide variety of repositories, many of which had PyPI tokens stored asContinue Reading
Summary PyPI now checks for expired domains to prevent domain resurrection attacks,a type of supply-chain attack where someone buys an expired domainand uses it to take over PyPI accounts through password resets. These changes improve PyPI’s overall account security posture,making it harder for attackers to exploit expired domain namesto gainContinue Reading
PyPI now serves project status markers in its standardindex APIs. This allows downstream consumers (like Python package installers andindex mirrors) to retrieve project statuses programmatically and use them toinform users when a project is archived or quarantined. Summary PyPI has implemented project status markers as proposed and accepted in PEPContinue Reading
Providing insight into our product roadmap and, subsequently, the projects being worked on in our six-week cycles. Â We’ve been working hard and are excited to share a summary of the projects completed during Cycles Three and Four, as well as what we’re currently focusing on in Cycle Five. CycleContinue Reading
You can now subscribe to your favorite collectives’ updates using RSS feeds! RSS is an open standard that lets you get automatic notifications whenever a collective posts new updates, similar to following someone on social media, but delivered directly to your favorite news reader app or RSS client. Since RSSContinue Reading
We know many of you, both Fiscal Hosts and Collective admins, are eager to see virtual cards return to the Open Collective platform. We’ve been working hard behind the scenes to make this happen, but it’s proven to be more complex than we initially hoped. We’ve learned a lot alongContinue Reading
We’re rolling out an update to improve the clarity and reliability of our ledger, especially for accounting purposes. This will make tracking changes like edits and refunds much more straightforward in your transaction exports. This announcement explains: Why we’re making this change: To address issues with how edited transactions wereContinue Reading
Over the past few cycles, we have been working towards upgrading and integrating a New Expense Submission flow into the Dashboard. We have tested and trialed our work and are ready to gather user feedback! To activate the public beta, navigate to your profile image in the top right-hand cornerContinue Reading