Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
hdjdndndba 3 hours ago

This makes sense given how much of the current AI ecosystem is built on top of Python. I hope this helps the foundation improve security for everyone who relies on these libraries.

bbor 3 hours ago | parent [-]

For anyone who isn’t aware/remembering, this is certainly made with the security of PyPi in mind, python’s main package repository.

NPM is the other major source of issues (congrats for now, `cargo`!), and TIL that NPM is A) a for-profit startup (??) and B) acquired by Microsoft (????). In that light, this gift seems even more important, as it may help ensure that relative funding differences going forward don’t make PyPi an outsized target!

(Also makes me wonder if they still have a Microsoft employee running the PSF… always thought that was odd.)

AFAIU the actual PSF development team is pretty small and focused on CPython (aka language internals), so I’m curious how $750,000/year changes that in the short term…

EDIT: there’s a link below with a ton more info. This gift augments existing gifts from Amazon, Google, Microsoft, and Citi, and they soft-commit to a cause:

  Planned projects include creating new tools for automated proactive review of all packages uploaded to PyPI, improving on the current process of reactive-only review. We intend to create a new dataset of known malware that will allow us to design these novel tools, relying on capability analysis.
simonw 2 hours ago | parent | next [-]

> (Also makes me wonder if they still have a Microsoft employee running the PSF… always thought that was odd.)

You might be confusing the Python Steering Council - responsible for leadership of Python language development - with the PSF non-profit there.

The PSF is lead by a full-time executive director who has no other affiliation, plus an elected board of unpaid volunteer directors (I'm one of them).

Microsoft employees occasionally get voted into the board, but there is a rule to make sure a single company doesn't have more than 2 representatives on the board at any one time,

The board also elects a chair/president - previously that was Dawn Wages who worked at Microsoft for part of that time (until March 2025 - Dawn was chair up to October), today it's Jannis Leidel from Anaconda.

Meanwhile the Python steering council is entirely separate from the PSF leadership, with their own election mechanism voted on by Python core contributors. They have five members, none of whom currently work for Microsoft (but there have been Microsoft employees in the past.)

jjtheblunt an hour ago | parent | prev [-]

Microsoft was serious about supporting Python as far back as 2006, because IronPython was a real effort in Redmond. (I'm wondering how they think of it now.)