Applications to Join the PSF Meetup Pro Network Are Back Open

Following the introduction of the PSF Community Partner Program, the Python Software Foundation (PSF) is pleased to announce that we have reopened the application for Python Meetup groups to join the PSF’s Meetup Pro Network! We’re very excited to bring back this offering to the Python community after applications were temporarily suspended under the broader PSF Grants Program pause last August. Make sure to check out the PSF’s Meetup Pro Network documentation page for more information on how to apply. 

Reopening applications for the PSF’s Meetup Pro Network is a small but meaningful step forward for our community support-focused programs. The rest of the PSF Grants Program remains on hold while we work through important considerations, such as what we can responsibly budget and how the program will be structured for long-term sustainability. We look forward to sharing more updates when possible. 

The PSF welcomes your comments, feedback, and suggestions regarding the reopening of the PSF Meetup Pro Network on the corresponding Discuss thread. We also invite you to join our upcoming PSF Board or Grants Program Office Hour sessions to talk with the PSF Board and Staff synchronously. If you wish to send your feedback privately, please email grants@python.org. 

About the PSF’s Meetup Pro Network

The PSF manages a Meetup Pro account and adds qualified Python-focused Meetup groups to the overarching PSF Meetup Pro Network. Meetup organizers no longer pay for Meetup subscriptions once they become part of the PSF’s network. We currently have 109 groups in the PSF Meetup Pro Network, which costs the PSF $15/month per group.

The PSF can run reports on Meetup activity, such as the number of interested attendees and events. Management of membership and events is left to the group’s organizers. Any registration fees or deposits for RSVPing or paying for registration to an event are also managed solely by the Meetup organizer. 

Once a Meetup organizer accepts the invite to join, a notation will be shown under the group name: “Part of Python Software Foundation Meetup Pro Network.” Check out the Meetup Pro overview page for more information.

Criteria and how to apply

We've made the application process and criteria as simple as possible, so Python Meetup groups around the world can easily get the support they need. Along those lines, we’ve kept the requirements short and sweet—to qualify for the PSF’s Meetup Pro Network, a Meetup group must:

• Offer content that is majority Python related
• Include or link to a Code of Conduct in the About section of the Meetup page
• Hold at least 2 events per year (virtual or in-person)

To apply, fill out the short application form on psfmember.org, that asks for basic contact information, as well as gathers information related to the criteria listed above. Make sure you have an account on psfmember.org and that you’re signed in! A PSF Staff member will reach out with any questions or provide the steps needed to add eligible groups to the PSF Meetup Pro Network. 

About the Python Software Foundation

The Python Software Foundation is a US non-profit whose mission is to promote, protect, and advance the Python programming language, and to support and facilitate the growth of a diverse and international community of Python programmers. The PSF supports the Python community using corporate sponsorships, grants, and donations. Are you interested in sponsoring or donating to the PSF so we can continue supporting Python and its community? Check out our sponsorship program, donate directly, or contact our team at sponsors@python.org!

Join the Python Security Response Team!

Thanks to the work of the Security Developer-in-Residence Seth Larson, the Python Security Response Team (PSRT) now has an approved public governance document (PEP 811). Following the new governance structure the PSRT now publishes a public list of members, has documented responsibilities for members and admins, and a defined process for onboarding and offboarding members to balance the needs of security and sustainability. The document also clarifies the relationship between the Python Steering Council and the PSRT.

And this new onboarding process is already working! The PSF Infrastructure Engineer, Jacob Coffee, has just joined the PSRT as the first new non-"Release Manager" member since Seth joined the PSRT in 2023. We expect new members to join further bolstering the sustainability of security work for the Python programming language.

Thanks to Alpha-Omega for their support of Python ecosystem security by sponsoring Seth’s work as the Security Developer-in-Residence at the Python Software Foundation.

What is the Python Security Response Team?

Security doesn't happen by accident: it's thanks to the work of volunteers and paid Python Software Foundation staff on the Python Security Response Team to triage and coordinate vulnerability reports and remediations keeping all Python users safe. Just last year the PSRT published 16 vulnerability advisories for CPython and pip, the most in a single year to date!

And the PSRT usually can’t do this work alone, PSRT coordinators are encouraged to involve maintainers and experts on the projects and submodules. By involving the experts directly in the remediation process ensures fixes adhere to existing API conventions and threat-models, are maintainable long-term, and have minimal impact on existing use-cases.

Sometimes the PSRT even coordinates with other open source projects to avoid catching the Python ecosystem off-guard by publishing a vulnerability advisory that affects multiple other projects. The most recent example of this is PyPI’s ZIP archive differential attack mitigation.

This work deserves recognition and celebration just like contributions to source code and documentation. Seth and Jacob are developing further improvements to workflows involving “GitHub Security Advisories” to record the reporter, coordinator, and remediation developers and reviewers to CVE and OSV records to properly thank everyone involved in the otherwise private contribution to open source projects.

How can I join the Python Security Response Team?

Maybe you’ve read all this and are interested in directly helping the Python programming language be more secure! The process is similar to the Core Team nomination process, you need an existing PSRT member to nominate you and for your nomination to receive at least ⅔ positive votes from existing PSRT members.

You do not need to be a core developer, team member, or triager to be a member of the Python Security Response Team. Anyone with security expertise that is known and highly-trusted within the Python community and has time to volunteer or donate through their employer would make a good candidate for the PSRT. Please note that all PSRT team members have documented responsibilities and are expected to contribute meaningfully to the remediation of vulnerabilities.

Being a member of the PSRT is not required to be notified of vulnerabilities and shouldn’t be to receive “early notification” of vulnerabilities affecting CPython and pip. The Python Software Foundation is a CVE Numbering Authority and publishes CVE and OSV records with up-to-date information about vulnerabilities affecting CPython and pip.