I have been off the discussion board for a few days. As the OP, I get the feeling that this is left up to those who want to use Python to figure out on their own. Over the holidays there was malicious code added to PyTorch module on PyPi. That makes me think our Security Director is right. If there isn’t better security from PyPi and GitHub those sites will be blocked by more and more companies. Open Source needs to be more secure. /sigh