Require MFA on PyPI?

That sounds perfect to me. Ideally I would like a UI where I can see what files are uploaded and their checksums and I can download them for sanity checking before signing off.

I stopped just short of enabling automated uploads for SymPy releases because I didn’t quite figure out a good way to control access for which contributors would be able to trigger the upload process from GHA. When I considered this I was worried about accidental triggers as well as malicious ones. Controlling access at PyPI rather than GHA is much simpler to audit because the number of people with PyPI access is much smaller. I would also be happier working on the release script itself if I knew that the final publish step could not possibly happen automatically (debugging a script that I definitely don’t want to fully execute makes me a bit nervous).

I agree that this should be optional but it’s definitely an option I would choose.


And… now, we seem to be discussing Draft release feature on main archive to allow testing a release before it goes live · Issue #726 · pypa/warehouse · GitHub :slight_smile:

Yep, that’s a good idea! I’m not on the PSF’s Packaging-WG (who maintain that repository), though I’m sure a PR would be welcome.

What about packages that are uploaded with a gpg signature?

Wouldn’t validating the signature provide more security than MFA?
Isn’t MFA is really a proxy for the security of the package artifact.

This would also require pip to download and make validation of signatures easier/automatic but it seems to provide better supply chain


The PyPI maintainers have long expressed a dislike for OpenPGP as a
means of establishing provenance or attestation for packages. The
accepted plan to solve it is instead integration of TUF (The Update
Framework) per PEP 458:

Authentication of users to the platform serves a separate purpose;
it can be used not only to upload new packages, but also to yank or
hide existing ones, or to delegate access to other accounts. While I
agree that some cryptographic attestation is desirable, it should be
in addition to strong authentication of accounts, not as a

PEP 458 and OpenGPG signatures solve two related but different issues. PEP 458 signatures are created by PyPI backend and only protect PyPI storage and downloads from PyPI. PEP 458 does not establish provenance of packages either.


Yeah. We need better workflow for dealing with account recovery requests (as folks are discussing in Discussion of long term methods of addressing 2FA Account Recovery Requests · Issue #796 · pypa/pypi-support · GitHub ) and we could really use some paid help as well to work through those requests (in my opinion there’s usually going to need to be SOME human in the loop to check for “hold on, this doesn’t feel right”).

Is this something we could raise money for? We could appeal to donors/companies by saying: once we implement a better workflow and hire a paid support person for this, we can help project owners turn on multifactor auth requirements, we can better secure PyPI, which reduces your supply chain risk.

@smm maybe this is already in the works and I’m behind the times?

Just did some more reading and caught up a bit:

Add ability to require 2FA for a given project – this is done as a feature flag, but not yet deployed anywhere, I think. @dustin and @EWDurbin and @woodruffw - is this deployed on Test PyPI, and if not, maybe we should do so?

Require API Tokens for upload if 2FA is enabled – not yet implemented. That plus other token-related development is now in the Fundables list.

This is waiting on the rollout of some additional changes to be launched simultaneously: Models, views, tasks, etc for critical projects promo by di · Pull Request #10856 · pypa/warehouse · GitHub

It’s essentially done, we just need to change the current notification of pending failure to an actual failure. Since we notified on Feb 25th, I think a ~6 month window suffices and we can resolve this sometime after Aug 25.


I’ll let @smm expand on the project more thoroughly, but the scope in this RFP, which is underway is intended to build a more sustainable PyPI by delivering features that the PSF can provide to companies at a cost and community organizations for-free.

Part of this will require additional paid staff to support PyPI in the future, not only for paying customers but for the community. If PyPI’s revenue from Organization Accounts and additional developed features aren’t enough, the PSF will certainly look to fundraise to better support all users of PyPI, that is a basis of sustainability for the service.

And as a more short-term relief, although once again… only a small portion of the role, the upcoming Infrastructure staff hire will be brought up to speed to provide some of the support I currently do to help ease the current bottle neck (me).