<div dir="ltr"><div id="gmail-magicdomid4" class="gmail-ace-line"><span class="gmail-author-a-xrviz89zz81zl7ez80z4z69zz72z6z76z5">Hi PTLs,</span></div><div id="gmail-magicdomid5" class="gmail-ace-line"><br></div><div id="gmail-magicdomid6" class="gmail-ace-line"><span class="gmail-author-a-xrviz89zz81zl7ez80z4z69zz72z6z76z5">The
 TC recently voted[1] to require humans be removed from PyPI access for 
OpenStack-managed projects. This helps ensure all releases are created 
via releases team tooling and makes it less likely for a user account 
compromise to impact OpenStack packages.</span></div><div id="gmail-magicdomid7" class="gmail-ace-line"><br></div><div id="gmail-magicdomid8" class="gmail-ace-line"><span class="gmail-author-a-xrviz89zz81zl7ez80z4z69zz72z6z76z5">Many projects have already updated </span><span class="gmail-author-a-xrviz89zz81zl7ez80z4z69zz72z6z76z5 gmail-url"><a href="https://etherpad.opendev.org/p/openstack-pypi-maintainers-cleanup#L33" rel="noreferrer noopener">https://etherpad.opendev.org/p/openstack-pypi-maintainers-cleanup#L33</a></span><span class="gmail-author-a-xrviz89zz81zl7ez80z4z69zz72z6z76z5">
 with a list of packages that contain extra maintainers. We'd like to 
request that PTLs, or their designate, reach out to any extra 
maintainers listed for projects you are responsible for and request they
 remove their access in accordance with policy. An example email, and detailed steps to follow have
been provided at </span><span class="gmail-author-a-xrviz89zz81zl7ez80z4z69zz72z6z76z5 gmail-url"><a href="https://etherpad.opendev.org/p/openstack-pypi-maintainers-cleanup-email-template" rel="noreferrer noopener">https://etherpad.opendev.org/p/openstack-pypi-maintainers-cleanup-email-template</a></span><span class="gmail-author-a-xrviz89zz81zl7ez80z4z69zz72z6z76z5">.</span></div><br><div id="gmail-magicdomid10" class="gmail-ace-line"><span class="gmail-author-a-xrviz89zz81zl7ez80z4z69zz72z6z76z5">Thank you for your cooperation as we work to improve our security posture and harden against supply chain attacks.</span></div><div id="gmail-magicdomid11" class="gmail-ace-line"><br></div><div id="gmail-magicdomid12" class="gmail-ace-line"><span class="gmail-author-a-xrviz89zz81zl7ez80z4z69zz72z6z76z5">Thank you,</span></div><div id="gmail-magicdomid13" class="gmail-ace-line"><span class="gmail-author-a-xrviz89zz81zl7ez80z4z69zz72z6z76z5">Jay Faulkner</span></div><div id="gmail-magicdomid14" class="gmail-ace-line"><span class="gmail-author-a-xrviz89zz81zl7ez80z4z69zz72z6z76z5">TC Vice-Chair</span></div><div id="gmail-magicdomid15" class="gmail-ace-line"><br></div><div id="gmail-magicdomid16" class="gmail-ace-line"><span class="gmail-author-a-xrviz89zz81zl7ez80z4z69zz72z6z76z5">1: </span><span class="gmail-author-a-xrviz89zz81zl7ez80z4z69zz72z6z76z5 gmail-url"><a href="https://opendev.org/openstack/governance/commit/979e339f899ef62d2a6871a99c99537744c5808d" rel="noreferrer noopener">https://opendev.org/openstack/governance/commit/979e339f899ef62d2a6871a99c99537744c5808d</a></span></div><div id="gmail-magicdomid17" class="gmail-ace-line"><br><br></div></div>