diff --git a/docs/blog/.authors.yml b/docs/blog/.authors.yml
new file mode 100644
index 000000000000..1b267650c390
--- /dev/null
+++ b/docs/blog/.authors.yml
@@ -0,0 +1,21 @@
+authors:
+ di:
+ name: Dustin Ingram
+ description: PyPI Admin
+ avatar: https://github.com/di.png
+ dstufft:
+ name: Donald Stufft
+ description: PyPI Admin
+ avatar: https://github.com/dstufft.png
+ ewdurbin:
+ name: Ee Durbin
+ description: PyPI Admin, Director of Infrastructure (PSF)
+ avatar: https://github.com/ewdurbin.png
+ miketheman:
+ name: Mike Fiedler
+ description: PyPI Admin, Safety & Security Engineer (PSF)
+ avatar: https://github.com/miketheman.png
+ s-mm:
+ name: Shamika Monahan
+ description: Packaging Project Manager (PSF) (alum)
+ avatar: https://github.com/s-mm.png
diff --git a/docs/blog/index.md b/docs/blog/index.md
index ae36605e14a7..cb3648f4fc2d 100644
--- a/docs/blog/index.md
+++ b/docs/blog/index.md
@@ -1,7 +1 @@
----
-exclude_from_blog: true
----
-
# The PyPI Blog
-
-{{ blog_content }}
diff --git a/docs/blog/overrides/partials/content.html b/docs/blog/overrides/partials/content.html
deleted file mode 100644
index b3e7e7aaee7d..000000000000
--- a/docs/blog/overrides/partials/content.html
+++ /dev/null
@@ -1,61 +0,0 @@
-
-
-
-{% if "material/tags" in config.plugins %}
- {% include "partials/tags.html" %}
-{% endif %}
-
-
-{% include "partials/actions.html" %}
-
-
-{% if "\x3ch1" not in page.content %}
-
{{ page.title | d(config.site_name, true)}}
-{% endif %}
-
-{% if "author" in page.meta %}
- by: {{ page.meta["author"] + " · " if "date" in page.meta else "" }}
-{% endif %}
-{% if "date" in page.meta %}
- {{ page.meta["date"].split()[0] }}
-{% endif %}
-
-
-{{ page.content }}
-
-
-{% if page.meta and (
- page.meta.git_revision_date_localized or
- page.meta.revision_date
-) %}
- {% include "partials/source-file.html" %}
-{% endif %}
-
-
-{% include "partials/feedback.html" %}
-
-
-{% include "partials/comments.html" %}
diff --git a/docs/blog/overrides/partials/header.html b/docs/blog/overrides/partials/header.html
deleted file mode 100644
index fd68820584a3..000000000000
--- a/docs/blog/overrides/partials/header.html
+++ /dev/null
@@ -1,168 +0,0 @@
-
-
-
-{% set class = "md-header" %}
-{% if "navigation.tabs.sticky" in features %}
- {% set class = class ~ " md-header--shadow md-header--lifted" %}
-{% elif "navigation.tabs" not in features %}
- {% set class = class ~ " md-header--shadow" %}
-{% endif %}
-
-
-
-
-
-
- {% if "navigation.tabs.sticky" in features %}
- {% if "navigation.tabs" in features %}
- {% include "partials/tabs.html" %}
- {% endif %}
- {% endif %}
-
diff --git a/docs/blog/overrides/partials/nav-item.html b/docs/blog/overrides/partials/nav-item.html
deleted file mode 100644
index 8c3a4501978c..000000000000
--- a/docs/blog/overrides/partials/nav-item.html
+++ /dev/null
@@ -1,179 +0,0 @@
-
-
-
-{% macro render(nav_item, path, level) %}
-
-
- {% set class = "md-nav__item" %}
- {% if nav_item.active %}
- {% set class = class ~ " md-nav__item--active" %}
- {% endif %}
-
-
- {% if nav_item.children %}
-
-
- {% if "navigation.sections" in features and level == 1 + (
- "navigation.tabs" in features
- ) %}
- {% set class = class ~ " md-nav__item--section" %}
- {% endif %}
-
-
-
- {% set expanded = "navigation.expand" in features %}
- {% set active = nav_item.active or expanded %}
-
-
- {% set checked = "checked" if nav_item.active %}
- {% if expanded and not checked %}
- {% set indeterminate = "md-toggle--indeterminate" %}
- {% endif %}
-
-
-
-
-
- {% set indexes = [] %}
- {% if "navigation.indexes" in features %}
- {% for nav_item in nav_item.children %}
- {% if nav_item.is_index and not index is defined %}
- {% set _ = indexes.append(nav_item) %}
- {% endif %}
- {% endfor %}
- {% endif %}
-
-
- {% if not indexes %}
-
-
-
- {% else %}
- {% set index = indexes | first %}
- {% set class = "md-nav__link--active" if index == page %}
-
-
-{{ caller() }}
-{%- endmacro %}
diff --git a/docs/blog/posts/2023-03-21-welcome-to-the-pypi-blog.md b/docs/blog/posts/2023-03-21-welcome-to-the-pypi-blog.md
index 1c06cd730e14..27b153b3ac5f 100644
--- a/docs/blog/posts/2023-03-21-welcome-to-the-pypi-blog.md
+++ b/docs/blog/posts/2023-03-21-welcome-to-the-pypi-blog.md
@@ -1,9 +1,9 @@
---
title: Welcome to the PyPI Blog
description: Announcing the launch of blog.pypi.org
-author: Ee Durbin
-publish_date: 2023-03-21
-date: "2023-03-21 00:00"
+authors:
+ - ewdurbin
+date: 2023-03-21
tags:
- meta
- welcome
@@ -17,6 +17,8 @@ One of the most common refrains I hear from Python community members,
irrespective of if they have been around for days or years,
is _"I didn't realize that PyPI..."_. Followed by something along the lines of:
+
+
- Could **do** that
- Is operated with **so** few resources[^1]
- Only had **3** administrators[^2]
diff --git a/docs/blog/posts/2023-04-20-introducing-trusted-publishers.md b/docs/blog/posts/2023-04-20-introducing-trusted-publishers.md
index 4b23340044b5..c16a82a316df 100644
--- a/docs/blog/posts/2023-04-20-introducing-trusted-publishers.md
+++ b/docs/blog/posts/2023-04-20-introducing-trusted-publishers.md
@@ -1,9 +1,9 @@
---
title: Introducing 'Trusted Publishers'
description: Announcing a new, more secure way to publish to PyPI
-author: Dustin Ingram
-publish_date: 2023-04-20
-date: "2023-04-20 00:00"
+authors:
+ - di
+date: 2023-04-20
tags:
- publishing
- security
@@ -14,6 +14,8 @@ Starting today, PyPI package maintainers can adopt a new, more secure
publishing method that does not require long-lived passwords or API tokens to
be shared with external systems.
+
+
### About trusted publishing
"Trusted publishing" is our term for using the [OpenID Connect (OIDC)] standard
diff --git a/docs/blog/posts/2023-04-23-introducing-pypi-organizations.md b/docs/blog/posts/2023-04-23-introducing-pypi-organizations.md
index 76da065a4050..c4385958c764 100644
--- a/docs/blog/posts/2023-04-23-introducing-pypi-organizations.md
+++ b/docs/blog/posts/2023-04-23-introducing-pypi-organizations.md
@@ -1,9 +1,9 @@
---
title: Introducing PyPI Organizations
description: Announcing the launch of a significant new collaboration feature for PyPI
-author: Ee Durbin
-publish_date: 2023-04-23
-date: "2023-4-23 00:00"
+authors:
+ - ewdurbin
+date: 2023-04-23
tags:
- organizations
- sustainability
@@ -14,6 +14,8 @@ support and long-term sustainability of the Python Packaging Index (PyPI),
while simultaneously giving our users one of our most requested features:
organization accounts.
+
+
### Introducing Organizations
Organizations on PyPI are self-managed teams, with their own exclusive branded
diff --git a/docs/blog/posts/2023-05-09-announcing-pypi-safety-and-security-engr-role.md b/docs/blog/posts/2023-05-09-announcing-pypi-safety-and-security-engr-role.md
index c0cecc46022d..4c492798fc8b 100644
--- a/docs/blog/posts/2023-05-09-announcing-pypi-safety-and-security-engr-role.md
+++ b/docs/blog/posts/2023-05-09-announcing-pypi-safety-and-security-engr-role.md
@@ -1,9 +1,9 @@
---
title: Announcing the PyPI Safety & Security Engineer role
description: PyPI is hiring, thanks to funding from Amazon Web Services!
-author: Ee Durbin
-publish_date: 2023-05-09
-date: "2023-05-09 00:00"
+authors:
+ - ewdurbin
+date: 2023-05-09
tags:
- security
- hiring
@@ -16,6 +16,8 @@ investing $144,000 over one year
to fund key enhancements to PyPI infrastructure and operations,
including the creation of a new “PyPI Safety & Security Engineer” role.
+
+
This role builds on our existing long term partnership with AWS
as one of the top sponsors of the Python Software Foundation for the last five years,
which has included in-kind donations of cloud computing infrastructure
diff --git a/docs/blog/posts/2023-05-23-removing-pgp.md b/docs/blog/posts/2023-05-23-removing-pgp.md
index 88a450985397..0fc4848b184d 100644
--- a/docs/blog/posts/2023-05-23-removing-pgp.md
+++ b/docs/blog/posts/2023-05-23-removing-pgp.md
@@ -1,9 +1,9 @@
---
title: Removing PGP from PyPI
description: PyPI has removed support for uploading PGP signatures with new releases.
-author: Donald Stufft
-publish_date: 2023-05-23
-date: "2023-05-23 00:00"
+authors:
+ - dstufft
+date: 2023-05-23
tags:
- security
---
@@ -15,6 +15,8 @@ someone who is currently downloading PGP signatures, existing signatures
The related API fields such as `has_sig` have all been hardcoded to always be
`False`.
+
+
Historically, PyPI has supported uploading PGP signatures alongside the release
artifacts in an attempt to provide some level of package signing. However, the
approach used had long standing,
diff --git a/docs/blog/posts/2023-05-24-pypi-was-subpoenaed.md b/docs/blog/posts/2023-05-24-pypi-was-subpoenaed.md
index 3c29a0663a42..56ea20351bcc 100644
--- a/docs/blog/posts/2023-05-24-pypi-was-subpoenaed.md
+++ b/docs/blog/posts/2023-05-24-pypi-was-subpoenaed.md
@@ -2,9 +2,9 @@
title: PyPI was subpoenaed
description: The PSF received three subpoenas from the US Department of Justice
for PyPI user data in March and April of 2023.
-author: Ee Durbin
-publish_date: 2023-05-24
-date: "2023-05-24 13:12"
+authors:
+ - ewdurbin
+date: 2023-05-24
tags:
- transparency
- compliance
@@ -16,6 +16,8 @@ All three subpoenas were issued by the United States Department of Justice.
The PSF was not provided with context on the legal circumstances surrounding these subpoenas.
In total, user data related to five (5) PyPI usernames were requested.
+
+
The data request was:
1. "Names (including subscriber names, user names, and screen names);"
diff --git a/docs/blog/posts/2023-05-25-securing-pypi-with-2fa.md b/docs/blog/posts/2023-05-25-securing-pypi-with-2fa.md
index f7ed2c1edad0..a991acd75d4a 100644
--- a/docs/blog/posts/2023-05-25-securing-pypi-with-2fa.md
+++ b/docs/blog/posts/2023-05-25-securing-pypi-with-2fa.md
@@ -1,9 +1,9 @@
---
title: Securing PyPI accounts via Two-Factor Authentication
description: PyPI will require all users who maintain projects or organizations to enable one or more forms of two-factor authentication (2FA) by the end of 2023.
-author: Donald Stufft
-publish_date: 2023-05-25
-date: "2023-05-25 00:00"
+authors:
+ - dstufft
+date: 2023-05-25
tags:
- security
- 2fa
@@ -15,6 +15,8 @@ to upload, delete, or otherwise modify a project. That when you look at that
project and see that it is owned by someone that you trust, that you can be
assured that nobody else is making changes to that package on PyPI.
+
+
This promise is predicated on the security of each and every individual account
on PyPI used to create and maintain a Python project. In the past we've taken
steps to safeguard these accounts by
diff --git a/docs/blog/posts/2023-05-26-reducing-stored-ip-data.md b/docs/blog/posts/2023-05-26-reducing-stored-ip-data.md
index eb2efb3000ff..7b854307fcb8 100644
--- a/docs/blog/posts/2023-05-26-reducing-stored-ip-data.md
+++ b/docs/blog/posts/2023-05-26-reducing-stored-ip-data.md
@@ -1,9 +1,9 @@
---
title: Reducing Stored IP Data in PyPI
description: PyPI has stopped using IP data when possible, and is continuing to reduce the amount of IP data stored overall.
-author: Mike Fiedler
-publish_date: 2023-05-26
-date: "2023-05-26 15:00"
+authors:
+ - miketheman
+date: 2023-05-26 15:00:00+00:00
tags:
- security
- transparency
@@ -16,6 +16,8 @@ Hi there! I'm Mike, the newest member of the PyPI admin team. Nice to meet you!
We've been working on reducing the amount of IP address data we store,
and we're making progress.
+
+
## What's this about?
If you've read some of the other blogs here, you may have noticed that
diff --git a/docs/blog/posts/2023-06-01-2fa-enforcement-for-upload.md b/docs/blog/posts/2023-06-01-2fa-enforcement-for-upload.md
index bacac86398f1..61d51d0d1d96 100644
--- a/docs/blog/posts/2023-06-01-2fa-enforcement-for-upload.md
+++ b/docs/blog/posts/2023-06-01-2fa-enforcement-for-upload.md
@@ -2,9 +2,9 @@
title: Enforcement of 2FA for upload.pypi.org begins today
description: PyPI now requires all uploads from accounts with 2FA enabled
to use an API token or Trusted Publisher configuration.
-author: Ee Durbin
-publish_date: 2023-06-01
-date: "2023-06-01 00:00"
+authors:
+ - ewdurbin
+date: 2023-06-01
tags:
- security
- 2fa
@@ -15,6 +15,8 @@ will be required to use an [API Token](https://pypi.org/help/#apitoken)
or [Trusted Publisher](https://docs.pypi.org/trusted-publishers/) configuration
in place of their password.
+
+
This change has [been planned](https://github.com/pypi/warehouse/issues/7265)
since 2FA was rolled out in 2019.
In [February of 2022](https://github.com/pypi/warehouse/pull/10836)
diff --git a/docs/blog/posts/2023-06-22-malware-detection-project.md b/docs/blog/posts/2023-06-22-malware-detection-project.md
index bc099f06aa1f..d65b3db0249a 100644
--- a/docs/blog/posts/2023-06-22-malware-detection-project.md
+++ b/docs/blog/posts/2023-06-22-malware-detection-project.md
@@ -1,8 +1,8 @@
---
title: Announcing the launch of PyPI Malware Reporting and Response project
-author: Shamika Mohanan
-publish_date: 2023-06-22
-date: "2023-06-22 16:00"
+authors:
+ - s-mm
+date: 2023-06-22 16:00:00+00:00
tags:
- security
---
@@ -12,6 +12,8 @@ from the [Center for Security and Emerging Technology](https://cset.georgetown.e
(CSET) to develop and improve the infrastructure for
malware reporting and response on PyPI. This project will be executed over the coming year.
+
+
Currently, malware reports are submitted to PyPI admins by email before
being manually triaged and responded to. There is an opportunity for
improvement in streamlining the report submission process and the tools
diff --git a/docs/blog/posts/2023-06-26-deprecate-egg-uploads.md b/docs/blog/posts/2023-06-26-deprecate-egg-uploads.md
index e21df199d01b..d4b99fea1b3d 100644
--- a/docs/blog/posts/2023-06-26-deprecate-egg-uploads.md
+++ b/docs/blog/posts/2023-06-26-deprecate-egg-uploads.md
@@ -1,9 +1,9 @@
---
title: Deprecation of bdist_egg uploads to PyPI
description: PyPI will stop accepting .egg uploads August 1, 2023.
-author: Ee Durbin
-publish_date: 2023-06-26
-date: "2023-06-26 00:00"
+authors:
+ - ewdurbin
+date: 2023-06-26
tags:
- deprecation
---
@@ -15,6 +15,8 @@ We'll begin the process of implementing this today.
Please note that this does **NOT** remove any existing uploaded eggs from PyPI.
+
+
The deprecation timeline is as follows:
- Today, June 26, 2023: All maintainers of projects which have uploaded one or
diff --git a/docs/blog/posts/2023-08-04-pypi-hires-safety-engineer.md b/docs/blog/posts/2023-08-04-pypi-hires-safety-engineer.md
index b712b318aea5..c31437f1007f 100644
--- a/docs/blog/posts/2023-08-04-pypi-hires-safety-engineer.md
+++ b/docs/blog/posts/2023-08-04-pypi-hires-safety-engineer.md
@@ -1,9 +1,9 @@
---
title: PyPI hires a Safety & Security Engineer
description: Mike Fiedler joins PSF as inaugural PyPI Safety & Security Engineer
-author: Mike Fiedler
-publish_date: 2023-08-04
-date: "2023-08-05 00:00"
+authors:
+ - miketheman
+date: 2023-08-05
tags:
- hiring
---
@@ -12,6 +12,8 @@ tags:
I've been a Python Package Index ([PyPI](https://pypi.org/)) contributor since early 2021, and became a maintainer in 2022.
Now I'm joining the [PSF](https://www.python.org/psf-landing/) to work on PyPI full-time as the first PyPI Safety & Security Engineer.
+
+
What is that, you ask?
We had [posted about this opening in May](2023-05-09-announcing-pypi-safety-and-security-engr-role.md),
and I'm happy to be joining the team to help improve the safety and security of PyPI.
diff --git a/docs/blog/posts/2023-08-08-2fa-enforcement-for-new-users.md b/docs/blog/posts/2023-08-08-2fa-enforcement-for-new-users.md
index 58a2dc790b0a..4fa3ec7cd7ff 100644
--- a/docs/blog/posts/2023-08-08-2fa-enforcement-for-new-users.md
+++ b/docs/blog/posts/2023-08-08-2fa-enforcement-for-new-users.md
@@ -1,9 +1,9 @@
---
title: 2FA Enforcement for New User Registrations
description: PyPI requires new users to enable 2FA before performing management actions.
-author: Mike Fiedler
-publish_date: 2023-08-08
-date: "2023-08-08 00:00"
+authors:
+ - miketheman
+date: 2023-08-08
tags:
- 2fa
- security
@@ -18,6 +18,8 @@ a verified, _primary_ email address for the same set of management actions.
As a reminder, PyPI has supported adding 2FA since 2019.
+
+
This change is continuing along the path of enforcing 2FA for all users.
In May of this year we [announced](./2023-05-25-securing-pypi-with-2fa.md)
that by the end of 2023 PyPI will require all users to enable Two-Factor Authentication (2FA).
diff --git a/docs/blog/posts/2023-08-17-github-token-scanning-for-public-repos.md b/docs/blog/posts/2023-08-17-github-token-scanning-for-public-repos.md
index a8ca215e5c55..95f710e6505e 100644
--- a/docs/blog/posts/2023-08-17-github-token-scanning-for-public-repos.md
+++ b/docs/blog/posts/2023-08-17-github-token-scanning-for-public-repos.md
@@ -1,9 +1,9 @@
---
title: GitHub now scans public issues for PyPI secrets
description: GitHub will now scan public repositories' issues for PyPI API tokens, and will notify repository owners when they are found.
-author: Mike Fiedler
-publish_date: 2023-08-17
-date: "2023-08-17 00:00"
+authors:
+ - miketheman
+date: 2023-08-17
tags:
- integrations
- security
@@ -15,6 +15,8 @@ Due to the complexity in nature, the completed integration launched in 2021,
with the volunteer-led effort by Joachim Jablon ([@ewjoachim](https://github.com/ewjoachim))
and the GitHub team.
+
+
PyPI didn't have a blog back then, but GitHub did!
Here's [a link their post](https://github.blog/changelog/2021-03-22-the-python-package-index-is-now-a-github-secret-scanning-integrator/).
diff --git a/docs/blog/posts/2023-09-18-inbound-malware-reporting.md b/docs/blog/posts/2023-09-18-inbound-malware-reporting.md
index 3969913d2599..894c1926b7a6 100644
--- a/docs/blog/posts/2023-09-18-inbound-malware-reporting.md
+++ b/docs/blog/posts/2023-09-18-inbound-malware-reporting.md
@@ -1,9 +1,9 @@
---
title: Inbound Malware Volume Report
description: Analysis of inbound malware reporting volume and response times from PyPI administrators.
-author: Mike Fiedler
-publish_date: 2023-09-18
-date: "2023-09-18 00:00"
+authors:
+ - miketheman
+date: 2023-09-18
tags:
- security
- transparency
@@ -16,6 +16,8 @@ directs reporters to send an email to with details.
`security@` was previously an email alias for `admin@`,
a Google Group that contains all current PyPI Administrators (4 people).
+
+
I'll refer to the `security@` address as the **Security Inbox** herein,
despite it not being a traditional inbox, and what changes we've made to it.
diff --git a/docs/blog/posts/2023-11-14-1-pypi-completes-first-security-audit.md b/docs/blog/posts/2023-11-14-1-pypi-completes-first-security-audit.md
index 3daab4e9ce10..8e4ef97538b6 100644
--- a/docs/blog/posts/2023-11-14-1-pypi-completes-first-security-audit.md
+++ b/docs/blog/posts/2023-11-14-1-pypi-completes-first-security-audit.md
@@ -1,9 +1,9 @@
---
title: "PyPI has completed its first security audit"
description: We are proud to announce PyPI's first external security audit.
-author: Dustin Ingram
-publish_date: 2023-11-14 00:00
-date: "2023-11-14 00:00"
+authors:
+ - di
+date: 2023-11-14 00:00:00+00:00
tags:
- security
- transparency
@@ -14,6 +14,8 @@ _This is part one in a three-part series. See [part two here](2023-11-14-2-secur
We are proud to announce that PyPI has completed its first ever external security audit.
This work was funded in partnership with the [Open Technology Fund](https://www.opentech.fund/) (OTF), [a previous supporter](https://www.opentech.fund/results/supported-projects/pypi-improvements/) of security-related improvements to PyPI.
+
+
The Open Technology Fund selected [Trail of Bits](https://www.trailofbits.com/), an industry-leading cybersecurity firm with significant open-source and Python experience, to perform the audit.
Trail of Bits spent a total of 10 engineer-weeks of effort identifying issues, presenting those findings to the PyPI team, and assisting us as we remediated the findings.
diff --git a/docs/blog/posts/2023-11-14-2-security-audit-remediation-warehouse.md b/docs/blog/posts/2023-11-14-2-security-audit-remediation-warehouse.md
index 801015f4bdc1..c2f04125533f 100644
--- a/docs/blog/posts/2023-11-14-2-security-audit-remediation-warehouse.md
+++ b/docs/blog/posts/2023-11-14-2-security-audit-remediation-warehouse.md
@@ -1,9 +1,9 @@
---
title: "Security Audit Remediation: Warehouse"
description: A deeper dive into the remediation of the security audit findings for the Warehouse project.
-author: Mike Fiedler
-publish_date: 2023-11-14 00:01
-date: "2023-11-14 00:01"
+authors:
+ - miketheman
+date: 2023-11-14 00:00:01+00:00
tags:
- security
- transparency
@@ -17,6 +17,8 @@ for the Warehouse - the main codebase for [PyPI.org](https://pypi.org).
The audit report can be found [here](2023-11-14-1-pypi-completes-first-security-audit.md).
I highly recommend reading that for the fullest context first.
+
+
## Findings
The audit report identified 18 findings for Warehouse,
diff --git a/docs/blog/posts/2023-11-14-3-security-audit-remediation-cabotage.md b/docs/blog/posts/2023-11-14-3-security-audit-remediation-cabotage.md
index 4c81203a37bb..66f2432631b5 100644
--- a/docs/blog/posts/2023-11-14-3-security-audit-remediation-cabotage.md
+++ b/docs/blog/posts/2023-11-14-3-security-audit-remediation-cabotage.md
@@ -1,9 +1,9 @@
---
title: "Security Audit Remediation: cabotage"
description: A deeper dive into the remediation of the security audit findings for the cabotage project.
-author: Ee Durbin
-publish_date: 2023-11-14 00:02
-date: "2023-11-14 00:02"
+authors:
+ - ewdurbin
+date: 2023-11-14 00:00:02+00:00
tags:
- security
- transparency
@@ -21,6 +21,8 @@ deploys [PyPI](https://pypi.org) and its supporting services such as
[camo](https://github.com/pypi/camo),
and [inspector](https://github.com/pypi/inspector).
+
+
Relative to the [warehouse codebase](https://github.com/pypi/warehouse) that
*is* [PyPI](https://pypi.org), cabotage is not as widely known.
The goals of cabotage are to provide a seamless and secure way of deploying
diff --git a/docs/blog/posts/2023-12-04-account-takeover.md b/docs/blog/posts/2023-12-04-account-takeover.md
index c15ca4d34301..0584ac37e275 100644
--- a/docs/blog/posts/2023-12-04-account-takeover.md
+++ b/docs/blog/posts/2023-12-04-account-takeover.md
@@ -1,9 +1,9 @@
---
title: "Incident Report: User Account Takeover"
description: A PyPI user had their account taken over
-author: Mike Fiedler
-publish_date: 2023-12-04 00:00
-date: "2023-12-04 00:00"
+authors:
+ - miketheman
+date: 2023-12-04
tags:
- 2fa
- security
@@ -21,6 +21,8 @@ rather the user's account was not sufficiently protected against account takeove
The attacker added themselves as a collaborator to these projects,
and removed the original owner. None of the projects had any modifications made to them other than ownership changes.
+
+
After the attacker completed ownership changes, they deleted the user's account.
PyPI Admins were informed by the user via email,
diff --git a/docs/blog/posts/2023-12-06-2fa-enforcement-on-testpypi.md b/docs/blog/posts/2023-12-06-2fa-enforcement-on-testpypi.md
index 9d783d9a9c18..44f6c7bfa491 100644
--- a/docs/blog/posts/2023-12-06-2fa-enforcement-on-testpypi.md
+++ b/docs/blog/posts/2023-12-06-2fa-enforcement-on-testpypi.md
@@ -1,9 +1,9 @@
---
title: 2FA Enforcement for TestPyPI
description: PyPI requires 2FA for all management actions on TestPyPI.
-author: Mike Fiedler
-publish_date: 2023-12-06
-date: "2023-12-06 00:00"
+authors:
+ - miketheman
+date: 2023-12-06
tags:
- 2fa
- security
@@ -18,6 +18,8 @@ This change is in preparation for the
[scheduled enforcement of 2FA on PyPI](2023-05-25-securing-pypi-with-2fa.md)
at the end of 2023.
+
+
Previously the PyPI team has announced
[2FA requirement for uploads](2023-06-01-2fa-enforcement-for-upload.md),
[2FA requirement for new user registrations on PyPI](2023-08-08-2fa-enforcement-for-new-users.md),
diff --git a/docs/blog/stylesheets/extra.css b/docs/blog/stylesheets/extra.css
index 0a97a1eb629a..1e059db2a0e2 100644
--- a/docs/blog/stylesheets/extra.css
+++ b/docs/blog/stylesheets/extra.css
@@ -1,8 +1,10 @@
-:root {
- --md-primary-fg-color: #0073b7;
+:root, [data-md-color-scheme="pypi"], [data-md-color-scheme="slate"] {
+ --md-primary-fg-color: #0073b7;
+ --md-primary-fg-color--light: #009ffd;
+ --md-primary-fg-color--dark: #009ffd;
}
-[data-md-color-scheme="slate"] {
+[data-md-color-scheme="slate"][data-md-color-primary="indigo"] {
--md-typeset-a-color: #009ffd;
}
diff --git a/docs/blog/tags.md b/docs/blog/tags.md
index b8809a02127e..e7399c3eb9a2 100644
--- a/docs/blog/tags.md
+++ b/docs/blog/tags.md
@@ -1 +1 @@
-{{ tag_content }}
+
diff --git a/docs/mkdocs-blog.yml b/docs/mkdocs-blog.yml
index 5ffad3344885..45c73db977ae 100644
--- a/docs/mkdocs-blog.yml
+++ b/docs/mkdocs-blog.yml
@@ -1,4 +1,4 @@
-site_name: The Python Package Index
+site_name: The Python Package Index Blog
site_description: The official blog of the Python Package Index
docs_dir: blog
exclude_docs:
@@ -11,7 +11,7 @@ theme:
homepage: https://pypi.org
custom_dir: blog/overrides
palette:
- - scheme: default
+ - scheme: pypi
media: "(prefers-color-scheme: light)"
toggle:
icon: material/weather-night
@@ -21,6 +21,10 @@ theme:
toggle:
icon: material/weather-sunny
name: Switch to Light mode
+ features:
+ - navigation.expand
+ - navigation.top
+ - navigation.footer
markdown_extensions:
- footnotes
- pymdownx.superfences:
@@ -34,17 +38,15 @@ extra_css:
- stylesheets/extra.css
plugins:
- social
- - blogging:
- dirs:
- - posts
- template: blog/overrides/pypi-blog.html
- features:
- tags:
- index_page: tags.md
- insert: top
- locale: en # The locale for time localizations, default: system's locale
- time_format: '%Y-%m-%d' # The format used to display the time
- meta_time_format: '%Y-%m-%d %H:%M' # The format used to parse the time from meta
+ # See https://squidfunk.github.io/mkdocs-material/plugins/blog/
+ - blog:
+ blog_dir: .
+ blog_toc: true
+ post_excerpt: required
+ # Preserve backwards compatibility with older URLs.
+ # If we ever want to change the format and thus break old URLs,
+ # consider https://github.com/mkdocs/mkdocs-redirects
+ post_url_format: "posts/{file}"
- rss:
abstract_chars_count: -1
categories:
@@ -59,14 +61,24 @@ plugins:
image: https://blog.pypi.org/assets/logo.png
length: 20
match_path: "posts/.*"
+ - search
+ - tags:
+ tags_file: tags.md
extra:
homepage: https://pypi.org
social:
- icon: fontawesome/brands/github
link: https://github.com/pypi
+ - icon: fontawesome/brands/mastodon
+ link: https://fosstodon.org/@pypi
- icon: fontawesome/brands/twitter
link: https://twitter.com/pypi
- icon: material/rss
link: https://blog.pypi.org/feed_rss_created.xml
+ # See https://squidfunk.github.io/mkdocs-material/setup/setting-up-site-analytics/
+ analytics:
+ provider: google
+ property: G-4L9L0H79CY
+
site_url: https://blog.pypi.org/
repo_url: https://github.com/pypi/warehouse
diff --git a/requirements/docs-blog.in b/requirements/docs-blog.in
index 43e203663c6c..85edc7476a95 100644
--- a/requirements/docs-blog.in
+++ b/requirements/docs-blog.in
@@ -1,6 +1,5 @@
mkdocs
mkdocs-material
-mkdocs-blogging-plugin
mkdocs-rss-plugin
pillow
cairosvg
diff --git a/requirements/docs-blog.txt b/requirements/docs-blog.txt
index 01fa54b0909e..aed2a02f4876 100644
--- a/requirements/docs-blog.txt
+++ b/requirements/docs-blog.txt
@@ -7,9 +7,7 @@
babel==2.13.1 \
--hash=sha256:33e0952d7dd6374af8dbf6768cc4ddf3ccfefc244f9986d4074704f2fbd18900 \
--hash=sha256:7077a4984b02b6727ac10f1f7294484f737443d7e2e66c5e4380e41a3ae0b4ed
- # via
- # mkdocs-blogging-plugin
- # mkdocs-material
+ # via mkdocs-material
cairocffi==1.6.1 \
--hash=sha256:78e6bbe47357640c453d0be929fa49cd05cce2e1286f3d2a1ca9cbda7efdb8b7 \
--hash=sha256:aa78ee52b9069d7475eeac457389b6275aa92111895d78fbaa2202a52dac112e
@@ -195,9 +193,7 @@ gitdb==4.0.11 \
gitpython==3.1.40 \
--hash=sha256:22b126e9ffb671fdd0c129796343a02bf67bf2994b35449ffc9321aa755e18a4 \
--hash=sha256:cf14627d5a8049ffbf49915732e5eddbe8134c3bdb9d476e6182b676fc573f8a
- # via
- # mkdocs-blogging-plugin
- # mkdocs-rss-plugin
+ # via mkdocs-rss-plugin
idna==3.6 \
--hash=sha256:9ecdbbd083b06798ae1e86adcbfe8ab1479cf864e4ee30fe4e46a003d12491ca \
--hash=sha256:c05567e9c24a6b9faaa835c4821bad0590fbb9d5779e7caa6e1cc4978e7eb24f
@@ -207,7 +203,6 @@ jinja2==3.1.2 \
--hash=sha256:6088930bfe239f0e6710546ab9c19c9ef35e29792895fed6e6e31a023a182a61
# via
# mkdocs
- # mkdocs-blogging-plugin
# mkdocs-material
markdown==3.5.1 \
--hash=sha256:5874b47d4ee3f0b14d764324d2c94c03ea66bee56f2d929da9f2508d65e722dc \
@@ -279,13 +274,8 @@ mkdocs==1.5.3 \
--hash=sha256:eb7c99214dcb945313ba30426c2451b735992c73c2e10838f76d09e39ff4d0e2
# via
# -r requirements/docs-blog.in
- # mkdocs-blogging-plugin
# mkdocs-material
# mkdocs-rss-plugin
-mkdocs-blogging-plugin==2.2.11 \
- --hash=sha256:7e0f14e5a5d9d7fa106ee014b04a49e2fdb5ffe70a0026106dceb79930ba8ac2 \
- --hash=sha256:91b3ebc1ee3870958a0f9304d985f73a8e170a1f8d17948488415fa1a4257b2e
- # via -r requirements/docs-blog.in
mkdocs-material==9.4.14 \
--hash=sha256:a511d3ff48fa8718b033e7e37d17abd9cc1de0fdf0244a625ca2ae2387e2416d \
--hash=sha256:dbc78a4fea97b74319a6aa9a2f0be575a6028be6958f813ba367188f7b8428f6