[ptls] PyPI maintainer cleanup - Action needed: Contact extra maintainers

Jay Faulkner jay at gr-oss.io
Thu Mar 16 22:22:51 UTC 2023


Hi PTLs,

The TC recently voted[1] to require humans be removed from PyPI access for
OpenStack-managed projects. This helps ensure all releases are created via
releases team tooling and makes it less likely for a user account
compromise to impact OpenStack packages.

Many projects have already updated
https://etherpad.opendev.org/p/openstack-pypi-maintainers-cleanup#L33 with
a list of packages that contain extra maintainers. We'd like to request
that PTLs, or their designate, reach out to any extra maintainers listed
for projects you are responsible for and request they remove their access
in accordance with policy. An example email, and detailed steps to follow
have been provided at
https://etherpad.opendev.org/p/openstack-pypi-maintainers-cleanup-email-template
.

Thank you for your cooperation as we work to improve our security posture
and harden against supply chain attacks.

Thank you,
Jay Faulkner
TC Vice-Chair

1:
https://opendev.org/openstack/governance/commit/979e339f899ef62d2a6871a99c99537744c5808d
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230316/8ca8b6fc/attachment.htm>


More information about the openstack-discuss mailing list