PSF Meeting Minutes for April 8, 2026
Title: 2026-04-08 PSF Board Meeting Minutes Encoding: utf-8 Author: psf at python.org Content-Type: text/x-rst
A regular meeting of the Python Software Foundation ("PSF") Board of Directors was held over Group Conference Call via phone and Internet Relay Chat/Slack beginning at 13:00 UTC, on April 8, 2026. Deb Nicholson took notes/minutes.
All votes are reported in the form "Y-N-A" (in favor-Y‚opposed-N‚abstentions-A; e.g. "5-1-2" means "5 in favor, 1 opposed, and 2 abstentions").
- 1 Attendance
- 2 Minutes of Past Meetings
- 3 Board and Staff Monthly Reports for April 2026
- 3.1 Deb Nicholson
- 3.2 Oliva Sauls
- 3.3 Laura Graves
- 3.4 Loren Crary
- 3.5 Marie Nordin
- 3.6 Seth Larson
- 3.7 Mike Fiedler
- 3.8 Jaime Barrera
- 3.9 Jacob Coffee
- 3.10 Maria Ashna
- 3.11 Kelly Ragland
- 3.12 Abigail Mesrenyame Dogbe
- 3.13 Sheena O'Connell
- 3.14 Denny Perez
- 3.15 Cristián Maureira-Fredes
- 3.16 Simon Willison
- 3.17 Jannis Leidel
- 3.18 Georgi Ker
- 3.19 KwonHan Bae
- 3.20 Tania Allard
- 3.21 Cheuk Ting Ho
- 3.22 Chris Neugebauer
- 4 Work Group Reports
- 5 PSF Board Votes Approved by Email
- 6 Votes Approved by Working Groups
- 7 Consent Agenda Resolutions
- 8 New Business
- 9 Discussions
1 Attendance
The following members of the Board of Directors (10 of 12) were present at the meeting: Christopher Neugebauer, KwonHan Bae, Deb Nicholson, Georgi Ker, Denny Perez, Abigail Mesrenyame Dogbe, Sheena O'Connell, Cheuk Ting Ho, Simon Willison. Jannis Leidel joined at 13:12 UTC.
Laura Graves (Controller), Marie Nordin (Community Communications Manager), Jaime Barrera (Community Events Coordinator), Loren Crary (Deputy Executive Director), Seth Larson (Python Security Developer in Residence), Jacob Coffee (Director of Engineering) and Mike Fiedler (PyPI Safety & Security Engineer) were also in attendance.
2 Minutes of Past Meetings
Minutes from prior meeting March 11, 2026:
RESOLVED, that the Python Software Foundation approve the minutes at https://mail.python.org/archives/list/psf-important@python.org/thread/WDJJPMICV5K7Y3UAAT3TBEK7CKOLQ5WB/ as representing a true and accurate record of the March 11, 2026 meeting.
Approved, 8-0-1
3 Board and Staff Monthly Reports for April 2026
3.1 Deb Nicholson
April report not provided.
3.2 Oliva Sauls
- PyCon US 2026
- Budget work
- Hotel block negotiations, tracking and communications
- Registration tracking and management
- Preparing for volunteer launch
- Attendee email and other conference communications
- Supply orders
- PyCon website management/maintenance
- Managing Community Events Coordinator
- PyCon US signage; design, review, ordering, etc.
- Social media and promotion work
- Working with AV team on cue sheets and production schedules
- Room allocation and program creation
- Sponsorship and benefit fulfilment support
- Onsite support vendor contract agreements
- Food and beverage
- Electric and security orders and agreements
- Vendor meetings and management
3.3 Laura Graves
- Ongoing accounting activities
- Onboarding meetings with Sutro Li
- Unsubscribing phyllis@/accounting@ from junk/spam
- Re-routing emails into accounting@ to payables@ and receivables@
- Meetings with PNC regarding getting better account access and setting up our accounts properly
- PyCon
- Tutorial offer letters
- Travel Grants
- Meeting with Naomi to finalize offers
- Meeting with Jacob to disburse letters
- Responses on fin-aid list and messaging in PyCon site
- Reminder email to accept/decline awards
- Reminder email for registration/receipt upload
- Reporting
- Requesting tax residency certificates for PyPI organizations
- Responding to IRS notice and paying late fees for incorrect 2024 filing form 8955-ssa
- Paying/filing with GA dept of Labor to remove delinquency notice
- Paying overdue OH income tax account
- Submitting 1042 withholding taxes
- Filing 1099s with state agencies (Delaware, Oregon, Vermont, Massachusetts, Maine)
- FIling corrected 1099s
- Filing 1042S’s
- Human Resources
- Adjusting payroll for Justworks
- Calls with Justworks to finalize payroll
- Calls with BCBS to manage employee records
- Discussion with leadership/providers regarding BCBS health plan being out of state
- Updating Accrue 401k with new payroll info
- MA Unemployment payment/login issues
- VSP payment/login issues
- WA PFML payment/login issues
- Employee catch-up contribution verification with Accrue
- Fiscal Sponsorship
- Reviewing PyLadies Governance Documentation
- Reviewing North Bay Python contract
3.4 Loren Crary
- Correspondence with current and prospective sponsors
- Contract negotiation with current and prospective sponsors
- Assessing and pursuing grant opportunities
- Drafting and revising strategic public communications
- PyCon US planning support
- Board relations
- Strategic Planning support
- Strategic team management and support
- Policy review support
- Targeted outreach to promote PyCon US Call for Proposal and PyCon US/PSF sponsorship program
- Managing Programs Director & Community Communications Manager
3.5 Marie Nordin
- PyCon US
- Promotional support on sponsor presentations, tutorials, AI track, security track, media partnerships
- Sponsorship benefits communications (thank you posts)
- Facilitate Community Booth review/decision process, notifications
- Provide feedback on conference designs, creation of small designs for promotion
- Reviewer/editor for communications (blog posts, newsletters)
- Supporting CSA
- PSF Booth
- Coordination of volunteer team
- Features: determine activities and games for booth, coordinate details
- Infrastructure: work order, booth design order, electric drop
- Swag: choosing items, facilitating designs, ordering
- PSF Fellows
- Onboarded new member
- Run Q1 2026 vote
- Support process improvements
- Python Developers Survey
- Promotion
- Coordination with JetBrains and other partners to promote
- Closing out survey soon, meeting with JetBrains for a retrospective
- New wiki
- Working with Jacob on implementation/features needed
- Testing
- Communications
- Grants Program
- Administration of Community Partner Program applications
- Administration of Meetups applications
- Annual Impact Report coordination
- Miscellaneous communications & support of team communications
3.6 Seth Larson
- Python Security Response Team:
- New members added (Adam Turner, Emma Smith)
- Discussing nomination process with PSRT admins following feedback from Steering Council.
- Updated to PSRT bot allowing members to close issues.
- “GHSA CLI tool” for creating reports and managing GHSAs effectively.
- Conferences: PyCon US, EuroPython
- Accepted at EuroPython, speaking about PSRT.
- Speaking with Alpha-Omega
- Discussing Post-Quantum Cryptography scientific papers published recently
- Follow-up blog post from Filippo, 2029 target for “Q-Day”.
- Responding to LiteLLM/Telnyx
- Relative dependency cooldowns in pip (coming v26.1)
- Planning to create a blog post about this once available.
- Discussed open-ended releases on PyPI. Proposed a change, will move forward with an email notification for now and engage with users that may be affected.
3.7 Mike Fiedler
- Malware Response
- During March, the PyPI security inbox received 369 conversations, of which 298 were malware reports covering 247 unique packages.
- 85 reports were corroborated by multiple independent researchers.
- Auto-quarantine triggered for over 58% of all reported projects, with a P90 exposure time of 20 hours, an average of 5 hours, and a median of just 2 hours — protecting the ecosystem even while off-hours.
- Mike responded to two high-profile supply chain attacks during March.
- The [`litellm` project was compromised](https://github.com/BerriAI/litellm/issues/24512) via a stolen publishing token, resulting in two malicious releases.
- Mike invalidated the tokens, froze the affected accounts, removed the offending releases, and coordinated with the project maintainers to restore access and encourage adoption of Trusted Publishing and Organizations.
- An [advisory (PYSEC-2026-2)](https://osv.dev/vulnerability/PYSEC-2026-2) was published.
- Similarly, the [`telnyx` package was compromised](https://github.com/team-telnyx/telnyx-python/issues/235), requiring investigation and remediation, and publication of an [advisory (PYSEC-2026-3)](https://osv.dev/vulnerability/PYSEC-2026-3).
- Mike also investigated a multi-account malware campaign where attackers used leaked tokens and account takeovers to create dependency-chain triggers designed to evade detection.
- Accounts were disabled and projects were removed.
- Admin tooling improvements accelerated malware response:
- Mike shipped a [faster malware index page](https://github.com/pypi/warehouse/pull/19706), an [admin listing of all user files](https://github.com/pypi/warehouse/pull/19703) prior to removal, improved [admin features for deleted observations and recently-created projects](https://github.com/pypi/warehouse/pull/19695), and added the ability to [send admin notifications to HelpScout](https://github.com/pypi/warehouse/pull/19667).
- Mike also enabled [admin deletion of individual releases or files](https://github.com/pypi/warehouse/pull/19732) and shipped [admin ultranormalization for project lookups](https://github.com/pypi/warehouse/pull/19725).
- Security Audit
- A third-party security audit of PyPI was conducted during March.
- Mike addressed findings in real-time as they were reported, shipping remediations throughout the audit period.
- A detailed blog post covering the audit scope, findings, and fixes will follow.
- Security Infrastructure Improvements
- Several infrastructure hardening changes were shipped:
- Merged the [polyglot ZIP/tar rejector](https://github.com/pypi/warehouse/pull/19638), preventing archive confusion attacks
- Shipped [upload-time YARA scanning for pyarmor-protected code](https://github.com/pypi/warehouse/pull/19584)
- [Disallowed `pull_request_target` events](https://github.com/pypi/warehouse/pull/19601) from GitHub Trusted Publishing
- [Verified `issuer_url` early](https://github.com/pypi/warehouse/pull/19661) in the Trusted Publishing flow
- Resolved [database deadlock issues](https://github.com/pypi/warehouse/pull/19735) in the upload path through advisory lock ordering improvements
- Resolved all open security code scanning issues (17 marked false positive)
- Added [login event tracking for 2FA source](https://github.com/pypi/warehouse/pull/19697) and [new device detection](https://github.com/pypi/warehouse/pull/19698)
- Shipped [project-scoped macaroon deletion events](https://github.com/pypi/warehouse/pull/19652) for better audit trails
- Various dependency updates, code reviews, refactors ([admin SCSS to CSS](https://github.com/pypi/warehouse/pull/19757), [NullOIDCService subclass](https://github.com/pypi/warehouse/pull/19760)), and test suite improvements
- Discovered [missing files in the file cache](https://github.com/pypi/warehouse/issues/19704), wrote up analysis
- Mike also fixed a [GitLab Self-Managed Trusted Publishing breakage](https://github.com/pypi/warehouse/pull/19718).
- Several infrastructure hardening changes were shipped:
- Community Engagement
- Mike presented malware statistics at the PSF Board meeting on March 11th.
- He attended the OpenSSF Securing Software Repositories Working Group and discussed taking over co-chair duties from Dustin Ingram.
- Mike participated in Alpha-Omega public meetings and the Package Manager meeting, sharing malware report takedown data and discussing remediation approaches.
- Submitted a [PR to Pyramid for PredicateMismatch](https://github.com/Pylons/pyramid/pull/3811)
- Fixed a [crates.io rendering issue](https://github.com/rust-lang/crates.io/pull/13173) for long text on security pages
- Examined PyPI's fork of `camo`, proposed [upstream fix](https://github.com/cactus/go-camo/pull/86)
- Contributed to PSF Newsletter updates for Q1
3.8 Jaime Barrera
- Registration number and hotel pickup reporting
- PyCon US registration system management
- Stetson Sponsor Contact list
- Supporting Loren with sponsorship tracking and benefit fulfillment.
- Sponsor booth selection, job fair table tracking, email communications via python.admin
- Community booth, Start up row, Shared booth tracking via contact list and python. Admin
- F&B Dietary Reports
3.9 Jacob Coffee
April report not provided.
3.10 Maria Ashna
April report not provided.
3.11 Kelly Ragland
April report not provided.
3.12 Abigail Mesrenyame Dogbe
April report not provided.
3.13 Sheena O'Connell
- Infiltrated a local JS meetup to tell them about the PSF and local Python meetups. Landed well
- Local PyData meetup organiser attrition: trying to find a way to help (but I’m a lil stretched)
- PyConZA:
- Started planning process
- Onboarded some new organisers
- Website work
- Education and outreach WG:
- Meeting
- Comms with the Education summit to support
- PyCon Namibia: financial support
3.14 Denny Perez
April report not provided.
3.15 Cristián Maureira-Fredes
April report not provided.
3.16 Simon Willison
April report not provided.
3.17 Jannis Leidel
April report not provided.
3.18 Georgi Ker
- PSF: Monthly board Discord chats
- PSF: PyConUS PSF booth organising
- PSF: Led D&I workgroup meetings
- Community: PyLadiesCon discussion
- Community: Wrote a blogpost: [https://georgiker.com/blog/are-you-attending-pycon/](https://georgiker.com/blog/are-you-attending-pycon/)
3.19 KwonHan Bae
- PSF - participated in board discussions via Slack and email
- PSF - attended board meeting
- COMMUNITY : Python Asia Organize, joined Python Asia Conference 2026
- COMMUNITY : PyCon KR Organize
- COMMUNITY : PyCon Busan Organize
3.20 Tania Allard
April report not provided.
3.21 Cheuk Ting Ho
- Workgroup meetings: Conduct, Education, Grants
- Speaking at conferences: PyCon LT, DE and Austria
- EuroPython Rust summit planning
3.22 Chris Neugebauer
April report not provided.
4 Work Group Reports
4.1 Code of Conduct
- Nothing to report at this time.
4.2 Grants
- Nothing to report at this time.
4.3 Sponsors
- Nothing to report at this time.
4.4 Marketing
- Nothing to report at this time.
4.5 Jobs
- Of the 670 Job submissions created in April 2026:
- 198 have status approved
- 5 have status archived
- 19 have status draft
- 202 have status expired
- 94 have status rejected
- 80 have status removed
- 72 have status review
4.6 Trademarks
- Nothing to report
4.7 Fellows
- Nothing to report
4.8 Packaging
- Nothing to report
4.9 Infrastructure
- Nothing to report
4.10 Scientific Python
- Nothing to report
4.11 Diversity & Inclusion Work Group
- Nothing to report
5 PSF Board Votes Approved by Email
- None at this time.
6 Votes Approved by Working Groups
6.1 Grants
- None at this time.
6.2 Sponsors
- None at this time.
6.3 Scientific Python
- None at this time.
7 Consent Agenda Resolutions
- None at this time.
8 New Business
The PSF discussed the Q2 2026 CSA nominations and voted of the following resolutions:
RESOLVED that the Python Software Foundation award the Q2 2026 Community Service Award to Maria Jose Molina Contreras for her work as a leader of the Berlin PyLadies, a constant supporter and participant at Charlas at PyCon US, and as a core organizer of PyLadiesCon for 3 years where her tireless work and leadership made a record-breaking fundraising campaign for the event possible.
Approved; 10-0-0, 2026-04-08
RESOLVED that the Python Software Foundation award the Q2 2026 Community Service Award to Inessa Pawson for six years of work on the PyCon US Maintainers Summit, organizing the SciPy Maintainers track, leading the teen track at the NumFocus SciPy meeting, service on the NumPy steering committee, the SciKit Learn survey team, and leader on the pyOpenSci Advisory Council.
Approved; 10-0-0, 2026-04-08
RESOLVED that the Python Software Foundation award the Q2 2026 Community Service Award to Paul Everitt for his role as a founding incorporator and member of the PSF’s first Board of Directors, his stalwart advocacy for the Django community, and his continued contribution to Python itself, particularly co-authoring PEP 750, which brought t-strings into Python 3.14.
Approved; 10-0-0, 2026-04-08
RESOLVED that the Python Software Foundation award the Q2 2026 Community Service Award to Kalyan Prasad for his leadership within PyConf Hyderabad across the CFP, program, and sponsorship teams, his active support of the global Python ecosystem as a reviewer, mentor, and program committee member for various conferences and for his service on the NumFOCUS Code of Conduct team.
Approved; 10-0-0, 2026-04-08
RESOLVED that the Python Software Foundation award the Q2 2026 Community Service Award to Kafui Kwasi Alordo for his work as the lead organizer for Django Girls Ho in the Volta region of Ghana, having volunteered as a coach and co-organizing several other Django Girls workshops across Ghana, leading the first PyHo regional conference, supporting the PyCon Africa event, and most recently serving as a remote chair on the PyCascades organizing team.
Approved; 10-0-0, 2026-04-08
9 Discussions
- The board discussed the Q2 2026 CSA nominations (see the above New Business resolutions).
- The board discussed the Strategic Planning and asynchronous feedback.
- The board discussed topics for the in-person board meeting at PyCon US in Long Beach.
- The board discussed PSF FAQ update related to Python Certificate and announcement.
Meeting adjourned at 14:31 UTC
