[ptls] PyPI maintainer cleanup - Action needed: Contact extra maintainers

Jay Faulkner jay at gr-oss.io
Wed Mar 22 16:19:38 UTC 2023 

Hey all,

Wanted to remind you all: vPTG is a great time to address this issue! Even
if the PyPI maintainers you would need to contact are emeritus
contributors; you may have someone still on the project team who has
contact with them. I strongly recommend you utilize this time to help clean
your projects up.

Thanks,
Jay Faulkner
TC Vice-Chair

On Tue, Mar 21, 2023 at 9:03 AM Jay Faulkner <jay at gr-oss.io> wrote:

> Thanks to those who have already taken action! Fifty extra maintainers
> have already been removed, with around three hundred to go.
>
> Please reach out to me if you're having trouble finding current email
> addresses for anyone, or having trouble with the process at all.
>
> Thanks,
> Jay Faulkner
> TC Vice-Chair
>
>
> On Thu, Mar 16, 2023 at 3:22 PM Jay Faulkner <jay at gr-oss.io> wrote:
>
>> Hi PTLs,
>>
>> The TC recently voted[1] to require humans be removed from PyPI access
>> for OpenStack-managed projects. This helps ensure all releases are created
>> via releases team tooling and makes it less likely for a user account
>> compromise to impact OpenStack packages.
>>
>> Many projects have already updated
>> https://etherpad.opendev.org/p/openstack-pypi-maintainers-cleanup#L33
>> with a list of packages that contain extra maintainers. We'd like to
>> request that PTLs, or their designate, reach out to any extra maintainers
>> listed for projects you are responsible for and request they remove their
>> access in accordance with policy. An example email, and detailed steps to
>> follow have been provided at
>> https://etherpad.opendev.org/p/openstack-pypi-maintainers-cleanup-email-template
>> .
>>
>> Thank you for your cooperation as we work to improve our security posture
>> and harden against supply chain attacks.
>>
>> Thank you,
>> Jay Faulkner
>> TC Vice-Chair
>>
>> 1:
>> https://opendev.org/openstack/governance/commit/979e339f899ef62d2a6871a99c99537744c5808d
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230322/81d3d79b/attachment.htm>

More information about the openstack-discuss mailing list