That sounds perfect to me. Ideally I would like a UI where I can see what files are uploaded and their checksums and I can download them for sanity checking before signing off.
I stopped just short of enabling automated uploads for SymPy releases because I didn’t quite figure out a good way to control access for which contributors would be able to trigger the upload process from GHA. When I considered this I was worried about accidental triggers as well as malicious ones. Controlling access at PyPI rather than GHA is much simpler to audit because the number of people with PyPI access is much smaller. I would also be happier working on the release script itself if I knew that the final publish step could not possibly happen automatically (debugging a script that I definitely don’t want to fully execute makes me a bit nervous).
I agree that this should be optional but it’s definitely an option I would choose.
What about packages that are uploaded with a gpg signature?
Wouldn’t validating the signature provide more security than MFA?
Isn’t MFA is really a proxy for the security of the package artifact.
This would also require pip to download and make validation of signatures easier/automatic but it seems to provide better supply chain
validations/security.
The PyPI maintainers have long expressed a dislike for OpenPGP as a
means of establishing provenance or attestation for packages. The
accepted plan to solve it is instead integration of TUF (The Update
Framework) per PEP 458:
Authentication of users to the platform serves a separate purpose;
it can be used not only to upload new packages, but also to yank or
hide existing ones, or to delegate access to other accounts. While I
agree that some cryptographic attestation is desirable, it should be
in addition to strong authentication of accounts, not as a
substitute.
PEP 458 and OpenGPG signatures solve two related but different issues. PEP 458 signatures are created by PyPI backend and only protect PyPI storage and downloads from PyPI. PEP 458 does not establish provenance of packages either.
Is this something we could raise money for? We could appeal to donors/companies by saying: once we implement a better workflow and hire a paid support person for this, we can help project owners turn on multifactor auth requirements, we can better secure PyPI, which reduces your supply chain risk.
@smm maybe this is already in the works and I’m behind the times?
It’s essentially done, we just need to change the current notification of pending failure to an actual failure. Since we notified on Feb 25th, I think a ~6 month window suffices and we can resolve this sometime after Aug 25.
I’ll let @smm expand on the project more thoroughly, but the scope in this RFP, which is underway is intended to build a more sustainable PyPI by delivering features that the PSF can provide to companies at a cost and community organizations for-free.
Part of this will require additional paid staff to support PyPI in the future, not only for paying customers but for the community. If PyPI’s revenue from Organization Accounts and additional developed features aren’t enough, the PSF will certainly look to fundraise to better support all users of PyPI, that is a basis of sustainability for the service.
And as a more short-term relief, although once again… only a small portion of the role, the upcoming Infrastructure staff hire will be brought up to speed to provide some of the support I currently do to help ease the current bottle neck (me).
