miketheman (u/miketheman)

miketheman commented on PyPI in 2025: A Year in Review blog.pypi.org/posts/2025-... · Posted by u/miketheman

nodesocket · 2 months ago

Is the compute and network required to service pypi all from donations or do they have any business arm that generates income?

miketheman · a month ago

The infrastructure sponsors can be found in the PyPI footer, and here: https://pypi.org/sponsors/#:~:text=Infrastructure%20sponsors

miketheman commented on PyPI in 2025: A Year in Review blog.pypi.org/posts/2025-... · Posted by u/miketheman

nmstoker · 2 months ago

Great work!

Side issue: anyone else seeing that none of the links in the article work? They're all 404s.

miketheman · 2 months ago

Whoops, sorry about that. Should be fixed now. Happy New Year!

miketheman commented on PyPI in 2025: A Year in Review blog.pypi.org/posts/2025-... · Posted by u/miketheman

coldtea · 2 months ago

They operate a public package hosting interface, how is a search one any harder?

miketheman · 2 months ago

PyPI responses are cached at 99% or higher, with less infrastructure to run.

Search is an unbounded context and does not lend itself to caching very well, as every search can contain anything

miketheman commented on White Paper: Slippery Zips and Sticky Tar-Pits: Security and Archives alpha-omega.dev/blog/slip... · Posted by u/miketheman

miketheman · 3 months ago

Alpha Omega is proud to share the newly published white paper from Seth Larson of the Python Software Foundation, titled “Slippery Zips and Sticky Tar Pits: Security and Archives.” Seth serves as Python’s Security Developer in Residence, a role sponsored by Alpha Omega, focused on improving the safety and trustworthiness of open source software that powers systems and applications everywhere.