Thursday, December 19, 2019

Python 3.8.1, 3.7.6, 3.6.10, and 3.9.0a2 are now available!

from locale import seasons_greetings
seasons_greetings()

On behalf of the entire Python development community, and the currently serving Python release team in particular, I'm pleased to announce the unprecedented combined release of no less than four versions of Python. Let's dig in!

Python 3.8.1
Python 3.8.1 is the first maintenance release of Python 3.8. The Python 3.8 series is the newest feature release of the Python language, and it contains many new features and optimizations. You can find Python 3.8.1 here:

See the “What’s New in Python 3.8” document for more information about features included in the 3.8 series. Detailed information about all changes made in 3.8.1 can be found in its change log.

Maintenance releases for the 3.8 series will continue at regular bi-monthly intervals, with 3.8.2 planned for February 2020.

Python 3.7.6
Python 3.7.6, the next bugfix release of Python 3.7, is also available. You can find the release files, a link to the change log, and more information here:

Python 3.9.0a2
An early developer preview of Python 3.9 is also ready:
https://www.python.org/downloads/release/python-390a2/

Python 3.9 is still in development. This releasee, 3.9.0a2 is the second of six planned alpha releases. Alpha releases are intended to make it easier to test the current state of new features and bug fixes and to test the release process. During the alpha phase, features may be added up until the start of the beta phase (2020-05-18) and, if necessary, may be modified or deleted up until the release candidate phase (2020-08-10). Please keep in mind that this is a preview release and its use is not recommended for production environments.

Python 3.6.10
And, one more thing: Python 3.6.10, the next security fix release of Python 3.6, is also available:

We hope you enjoy all those!
Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation.

Your friendly release team,
Ned Deily
Steve Dower
Łukasz Langa

Wednesday, December 11, 2019

Python 3.7.6rc1 and 3.6.10rc1 are now available for testing

Python 3.7.6rc1 and 3.6.10rc1 are now available. 3.7.6rc1 is the release preview of the next maintenance release of Python 3.7;  3.6.10rc1 is the release preview of the next security-fix release of Python 3.6. Assuming no critical problems are found prior to 2019-12-18, no code changes are planned between these release candidates and the final releases. These release candidates are intended to give you the opportunity to test the new security and bug fixes in 3.7.6 and security fixes in 3.6.10. While we strive to not introduce any incompatibilities in new maintenance and security releases, we encourage you to test your projects and report issues found to bugs.python.org as soon as possible. Please keep in mind that these are preview releases and, thus, their use is not recommended for production environments.

You can find the release files, a link to their changelogs, and more information here:

Tuesday, December 10, 2019

Python 3.8.1rc1 is now available for testing

Python 3.8.1rc1 is the release candidate of the first maintenance release of Python 3.8.

The Python 3.8 series is the newest feature release of the Python language, and it contains many new features and optimizations. You can find Python 3.8.1rc1 here:

Assuming no critical problems are found prior to 2019-12-16, the scheduled release date for 3.8.1 as well as Ned Deily's birthday, no code changes are planned between this release candidate and the final release.

That being said, please keep in mind that this is a pre-release of 3.8.1 and as such its main purpose is testing.

See the “What’s New in Python 3.8” document for more information about features included in the 3.8 series. Detailed information about all changes made in 3.8.0 can be found in its change log.

Maintenance releases for the 3.8 series will continue at regular bi-monthly intervals, with 3.8.2 planned for February 2020.
  

We hope you enjoy Python 3.8!

Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation.

Friday, November 1, 2019

Python 3.5.9 is released

There were no new changes in version 3.5.9; 3.5.9 was released only because of a CDN caching problem, which resulted in some users downloading a prerelease version of the 3.5.8 .xz source tarball. Apart from the version number, 3.5.9 is identical to the proper 3.5.8 release.

You can download Python 3.5.9 here.

Saturday, October 19, 2019

Python 2.7.17 released

Python 2.7.17 is now available for download. Note Python 2.7.17 is the penultimate release in the Python 2.7 series.

Tuesday, October 15, 2019

Python 3.7.5 is now available

Python 3.7.5 is now available, the next maintenance release of Python 3.7.  You can find the release files, a link to the changelog, and more information here:

Note that the next feature release of Python 3, Python 3.8.0, is also now available.  Python 3.8 contains many new features and optimizations. You should consider upgrading to it. We plan to continue regular bugfix releases of Python 3.7.x through mid-year 2020 and provide security fixes for it until mid-year 2023.  More details are available in PEP 537, the Python 3.7 Release Schedule (https://www.python.org/dev/peps/pep-0537/).

Thanks to all of the many volunteers who help make Python Development and these releases possible!  Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation.

Monday, October 14, 2019

Python 3.8.0 is now available

On behalf of the Python development community and the Python 3.8 release team, I’m pleased to announce the availability of Python 3.8.0.

Python 3.8.0 is the newest feature release of the Python language, and it contains many new features and optimizations. You can find Python 3.8.0 here:
https://www.python.org/downloads/release/python-380/

Most third-party distributors of Python should be making 3.8.0 packages available soon.

See the “What’s New in Python 3.8” document for more information about features included in the 3.8 series. Detailed information about all changes made in 3.8.0 can be found in its change log.

Maintenance releases for the 3.8 series will follow at regular bi-monthly intervals starting in December of 2019.

We hope you enjoy Python 3.8!

Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation:
https://www.python.org/psf/

Tuesday, October 8, 2019

Python 2.7.17 release candidate 1 available

A release candidate for the upcoming 2.7.17 bug fix release is now available for download.

Wednesday, October 2, 2019

Python 3.7.5rc1 is now available for testing

Python 3.7.5rc1 is now available for testing. 3.7.5rc1 is the release preview of the next maintenance release of Python 3.7, the latest feature release of Python. Assuming no critical problems are found prior to 2019-10-14, no code changes are planned between now and the final release. This release candidate is intended to give you the opportunity to test the new security and bug fixes in 3.7.5. We strongly encourage you to test your projects and report issues found to bugs.python.org as soon as possible. Please keep in mind that this is a preview release and, thus, its use is not recommended for production environments.

You can find the release files, a link to the changelog, and more information here:

Tuesday, October 1, 2019

Python 3.8.0rc1 is now available

Python 3.8.0 is almost ready. After a rather tumultuous few days, we are very happy to announce the availability of the release candidate:
https://www.python.org/downloads/release/python-380rc1/ 

This release, 3.8.0rc1, is the final planned release preview. Assuming no critical problems are found prior to 2019-10-14, the scheduled release date for 3.8.0, no code changes are planned between this release candidate and the final release.

Please keep in mind that this is not the gold release yet and as such its use is not recommended for production environments.

Major new features of the 3.8 series, compared to 3.7

Some of the new major new features and changes in Python 3.8 are:
  • PEP 572, Assignment expressions
  • PEP 570, Positional-only arguments
  • PEP 587, Python Initialization Configuration (improved embedding)
  • PEP 590, Vectorcall: a fast calling protocol for CPython
  • PEP 578, Runtime audit hooks
  • PEP 574, Pickle protocol 5 with out-of-band data
  • Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal types), and PEP 589 (TypedDict)
  • Parallel filesystem cache for compiled bytecode
  • Debug builds share ABI as release builds
  • f-strings support a handy = specifier for debugging
  • continue is now legal in finally: blocks
  • on Windows, the default asyncio event loop is now ProactorEventLoop
  • on macOS, the spawn start method is now used by default in multiprocessing
  • multiprocessing can now use shared memory segments to avoid pickling costs between processes
  • typed_ast is merged back to CPython
  • LOAD_GLOBAL is now 40% faster
  • pickle now uses Protocol 4 by default, improving performance
  • (Hey, fellow core developer, if a feature you find important is missing from this list, let Łukasz know.)
 

Friday, August 30, 2019

Python 3.8.0b4 is now available for testing

It's time for the last beta release of Python 3.8. Go find it at:
https://www.python.org/downloads/release/python-380b4/ 

This release is the last of four planned beta release previews. Beta release previews are intended to give the wider community the opportunity to test new features and bug fixes and to prepare their projects to support the new feature release. The next pre-release of Python 3.8 will be 3.8.0c1, the first release candidate, currently scheduled for 2019-09-30.
 

Call to action

We strongly encourage maintainers of third-party Python projects to test with 3.8 during the beta phase and report issues found to the Python bug tracker as soon as possible. Please note this is the last beta release, there is not much time left to identify and fix issues before the release of 3.8.0. If you were hesitating trying it out before, now is the time.
While the release is planned to be feature complete entering the beta phase, it is possible that features may be modified or, in rare cases, deleted up until the start of the release candidate phase (2019-09-30). Our goal is have no ABI changes after beta 3 and no code changes after 3.8.0c1, the release candidate. To achieve that, it will be extremely important to get as much exposure for 3.8 as possible during the beta phase.
Please keep in mind that this is a preview release and its use is not recommended for production environments. 

Acknowledgments

Many developers worked hard for the past four weeks to squash remaining bugs, some requiring non-obvious decisions. Many thanks to the most active, namely Raymond Hettinger, Steve Dower, Victor Stinner, Terry Jan Reedy, Serhiy Storchaka, Pablo Galindo Salgado, Tal Einat, Zackery Spytz, Ronald Oussoren, Neil Schemenauer, Inada Naoki, Christian Heimes, and Andrew Svetlov.

3.8.0 would not reach the Last Beta without you. Thank you!

Thursday, August 15, 2019

Inspect PyPI event logs to audit your account's and project's security

To help you check for security problems, PyPI is adding an advanced audit log of user actions beyond the current (existing) journal. This will, for instance, allow publishers to track all actions taken by third party services on their behalf.

This beta feature is live now on PyPI and on Test PyPI.

Background:
We're further increasing the security of the Python Package Index with another new beta feature: an audit log of sensitive actions that affect users and projects. This is thanks to a grant from the Open Technology Fund, coordinated by the Packaging Working Group of the Python Software Foundation.

Details:
Project security history display, listing
events (such as "file removed from release version 1.0.1")
with user, date/time, and IP address for each event.
We're adding a display so you can look at things that have happened in your user account or project, and check for signs someone's stolen your credentials.

In your account settings, you can view a log of sensitive actions from the last two weeks that are relevant to your user account, and if you are an Owner at least one project on PyPI, you can go to that project's Manage Project page to view a log of sensitive actions (performed by any user) relevant to that project. (And PyPI site administrators are able to view the full audit log for all users and all projects.)

Please help us test this, and report issues.

User security history display, listing
events (such as "API token added")
with additional details (such as token scope), date/time,
and IP address for each event.
In beta:
We're still refining this and may fail to log, or to properly display, events in the audit log. And the sensitive event logging and display starting on 16 August 2019, so you won't see sensitive events from before that date. (Read more technical details about implementation in the GitHub issue.)

Next:
We're continuing to refine all our beta features, while working on accessibility improvements and starting to work on localization on PyPI. Follow our progress reports in more detail on Discourse.

Wednesday, August 7, 2019

Python 3.8.0b3 is now available for testing

It's time for a new Python preview:
https://www.python.org/downloads/release/python-380b3/ 

This release is the third of four planned beta release previews. Beta release previews are intended to give the wider community the opportunity to test new features and bug fixes and to prepare their projects to support the new feature release. The next pre-release of Python 3.8 will be 3.8.0b4, the last beta release, currently scheduled for 2019-08-26.
 

Call to action

We strongly encourage maintainers of third-party Python projects to test with 3.8 during the beta phase and report issues found to the Python bug tracker as soon as possible. While the release is planned to be feature complete entering the beta phase, it is possible that features may be modified or, in rare cases, deleted up until the start of the release candidate phase (2019-09-30). Our goal is have no ABI changes after beta 3 and no code changes after 3.8.0rc1, the release candidate. To achieve that, it will be extremely important to get as much exposure for 3.8 as possible during the beta phase.
Please keep in mind that this is a preview release and its use is not recommended for production environments. 

Last beta coming

Beta 4 can only be released if all “Release blocker” and “Deferred blocker” issues on bugs.python.org for 3.8.0 are resolved. The core team will prioritize fixing those for the next four weeks.
 

Acknowledgements

Thanks to our binary builders, Ned and Steve, who were very quick today to get the macOS and Windows installers ready. The Windows story in particular got pretty magical, it’s now really fully automatic end-to-end.

Thanks to Victor for vastly improving the reliability of multiprocessing tests since Beta 2.

Thanks to Pablo for keeping the buildbots green.

Wednesday, July 31, 2019

PyPI now supports uploading via API token

We're further increasing the security of the Python Package Index with another new beta feature: scoped API tokens for package upload. This is thanks to a grant from the Open Technology Fund, coordinated by the Packaging Working Group of the Python Software Foundation.

Over the last few months, we've added two-factor authentication (2FA) login security methods. We added Time-based One-Time Password (TOTP) support in late May and physical security device support in mid-June. Now, over 1600 users have started using physical security devices or TOTP applications to better secure their accounts. And over the past week, over 7.8% of logins to PyPI.org have been protected by 2FA, up from 3% in the month of June.

Now, we have another improvement: you can use API tokens to upload packages to PyPI and Test PyPI! And we've designed the token to be a drop-in replacement for the username and password you already use (warning: this is a beta feature that we need your help to test).

Add API token screen, with textarea for token name and dropdown menu to choose token scope
PyPI interface for adding an
API token for package upload
How it works: Go to your PyPI account settings and select "Add API token". When you create an API token, you choose its scope: you can create a token that can upload to all the projects you maintain or own, or you can limit its scope to just one project.


The token management screen shows you when each of your tokens were created, and last used. And you can revoke one token without revoking others, and without having to change your password on PyPI and in configuration files.
API token management interface displays each token's name, scope, date/time created, and date/time last used, and the user can view each token's unique ID or revoke it
PyPI API token management interface

Uploading with an API token is currently optional but encouraged; in the future, PyPI will set and enforce a policy requiring users with two-factor authentication enabled to use API tokens to upload (rather than just their password sans second factor). Watch our announcement mailing list for future details.

A successful API token creation: a long string that only appears once, for the user to copy
Immediately after creating the API token,
PyPI gives the user one chance to copy it

Why: These API tokens can only be used to upload packages to PyPI, and not to log in more generally. This makes it safer to automate package upload and store the credential in the cloud, since a thief who copies the token won't also gain the ability to delete the project, delete old releases, or add or remove collaborators. And, since the token is a long character string (with 32 bytes of entropy and a service identifier) that PyPI has securely generated on the server side, we vastly reduce the potential for credential reuse on other sites and for a bad actor to guess the token.


Help us test: Please try this out! This is a beta feature and we expect that users will find minor issues over the next few weeks; we ask for your bug reports. If you find any potential security vulnerabilities, please follow our published security policy. (Please don't report security issues in Warehouse via GitHub, IRC, or mailing lists. Instead, please directly email security@python.org.) If you find an issue that is not a security vulnerability, please report it via GitHub.

We'd particularly like testing from:
  • Organizations that automate uploads using continuous integration
  • People who save PyPI credentials in a .pypirc file
  • Windows users
  • People on mobile devices
  • People on very slow connections
  • Organizations where users share an auth token within a group
  • Projects with 4+ maintainers or owners
  • People who usually block cookies and JavaScript
  • People who maintain 20+ projects
  • People who created their PyPI account 6+ years ago
What's next for PyPI: Next, we'll move on to working on an advanced audit trail of sensitive user actions, plus improvements to accessibility and localization for PyPI (some of which have already started). More details are in our progress reports on Discourse.

Thanks to the Open Technology Fund for funding this work. And please sign up for the PyPI Announcement Mailing List for future updates.

Written by Sumana Harihareswara, published initially to https://pyfound.blogspot.com/2019/07/pypi-now-supports-uploading-via-api.html

Monday, July 8, 2019

Python 3.7.4 is now available

Python 3.7.4 is now available. 3.7.4 is the next maintenance release of Python 3.7, the latest feature release of Python.  You can find the release files, a link to the changelog, and more information here:
    https://www.python.org/downloads/release/python-374/

See the What’s New In Python 3.7 document for more information about the many new features and optimizations included in the 3.7 series.  Detailed information about the changes made in 3.7.4 can be found in its change log.

Thanks to all of the many volunteers who help make Python Development and these releases possible!  Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation.

Thursday, July 4, 2019

Python 3.8.0b2 is now available for testing

After a few days of delay, but somewhat cutely timed with the US Independence Day, I present you Python 3.8.0b2:

This release is the second of four planned beta release previews. Beta release previews are intended to give the wider community the opportunity to test new features and bug fixes and to prepare their projects to support the new feature release. The next pre-release of Python 3.8 will be 3.8.0b3, currently scheduled for 2019-07-29.

Call to action

We strongly encourage maintainers of third-party Python projects to test with 3.8 during the beta phase and report issues found to the Python bug tracker as soon as possible. While the release is planned to be feature complete entering the beta phase, it is possible that features may be modified or, in rare cases, deleted up until the start of the release candidate phase (2019-09-30). Our goal is have no ABI changes after beta 3 and no code changes after 3.8.0rc1, the release candidate. To achieve that, it will be extremely important to get as much exposure for 3.8 as possible during the beta phase.
Please keep in mind that this is a preview release and its use is not recommended for production environments.

No more non-bugfixes allowed on the “3.8” branch

The time has come, team. Please help make Python 3.8 as stable as possible and keep all features not currently landed for Python 3.9. Don’t fret, it’ll come faster than you think.

Tuesday, July 2, 2019

Python 3.7.4rc2 is now available for testing

Python 3.7.4rc2 is now available. 3.7.4rc2 is the second release preview of the next maintenance release of Python 3.7, the latest feature release of Python. Assuming no further critical problems are found prior to 2019-07-08, no code changes are planned between this release candidate and the final release. The release candidate is intended to give you the opportunity to test the new security and bug fixes in 3.7.4. Because of the small number of changes between rc1, the original release preview, and rc2, we are planning on an abbreviated exposure cycle so we can get the final release to you as soon as possible.  We strongly encourage you to test your projects and report issues found to bugs.python.org as soon as possible.  Please keep in mind that this is a preview release and, thus, is not recommended for production environments.

You can find the release files, a link to the changelog, and more information here:

Python 3.6.9 security-fix release is now available

Python 3.6.9 is now available. 3.6.9 is the first security-only-fix release of Python 3.6. Python 3.6 has now entered the security fix phase of its life cycle. Only security-related issues are accepted and addressed during this phase. We plan to provide security fixes for Python 3.6 as needed through 2021, five years following its initial release. Security fix releases are produced periodically as needed and only provided in source code form; binary installers are not provided.  We urge you to consider upgrading to the latest release of Python 3.7, the current fully-supported version.

You can find the release files, a link to the changelog, and more information here:

Tuesday, June 18, 2019

Python 3.7.4rc1 and 3.6.9rc1 are now available

Python 3.7.4rc1 and 3.6.9rc1 are now available. 3.7.4rc1 is the release preview of the next maintenance release of Python 3.7, the latest feature release of Python. 3.6.9rc1 is the release preview of the first security-fix release of Python 3.6. Assuming no critical problems are found prior to 2019-06-28, no code changes are planned between these release candidates and the final releases. These release candidates are intended to give you the opportunity to test the new security and bug fixes in 3.7.4 and security fixes in 3.6.9. We strongly encourage you to test your projects and report issues found to bugs.python.org as soon as possible. Please keep in mind that these are preview releases and, thus, their use is not recommended for production environments.

You can find the release files, a link to their changelogs, and more information here:

PyPI Now Supports Two-Factor Login via WebAuthn

To further increase the security of Python package downloads, we're adding a new beta feature to the Python Package Index: WebAuthn support for U2F compatible hardware security keys as a two-factor authentication (2FA) login security method. This is thanks to a grant from the Open Technology Fund, coordinated by the Packaging Working Group of the Python Software Foundation.

Last month, we added the first 2FA method for users logging into the canonical Python Package Index at PyPI.org and the test site at test.pypi.org. Hundreds of project owners and maintainers have now started using that method (generating a code through a Time-based One-time Password (TOTP) application) to better secure their accounts.

Starting today, PyPI also supports (in beta) WebAuthn (U2F compatible) security keys for a second login factor. A security key (also known as a universal second factor, or U2F compatible key) is hardware device that communicates via USB, NFC, or Bluetooth. Popular keys include Yubikey, Google Titan and Thetis. PyPI supports any FIDO U2F compatible key and follows the WebAuthn standard. Users who have set up this second factor will be prompted to use their key (usually by inserting it into a USB port and pressing a button) when logging in. (This feature requires JavaScript.)

This is a beta feature and we expect that users will find minor issues over the next few weeks; we ask for your bug reports. If you find any potential security vulnerabilities, please follow our published security policy. (Please don't report security issues in Warehouse via GitHub, IRC, or mailing lists. Instead, please directly email one or more of our maintainers.) If you find an issue that is not a security vulnerability, please report it via GitHub.

We encourage project maintainers and owners to log in and go to your Account Settings to add a second factor. This will help improve the security of your PyPI user accounts, and thus reduce the risk of vandals, spammers, and thieves gaining account access. If you're not yet comfortable using a beta feature, you can provision a TOTP application for your second factor.

You'll need to verify your primary email address on your Test PyPI and/or PyPI accounts before setting up 2FA. You can also do that in your Account Settings.

2FA only affects login via the website, which safeguards against malicious changes to project ownership, deletion of old releases, and account takeovers. Package uploads will continue to work without users providing 2FA codes.

But that's just for now. We are working on implementing per-user API keys as an alternative form of multifactor authentication in the setuptools/twine/PyPI auth flows. These will be application-specific tokens scoped to individual users/projects, so that users will be able to use token-based logins to better secure uploads. And we'll move on to working on an advanced audit trail of sensitive user actions, plus improvements to accessibility and localization for PyPI. More details are in our progress reports.

Thanks to the Open Technology Fund for funding this work. And please sign up for the PyPI Announcement Mailing List for future updates.

Tuesday, June 4, 2019

Python 3.8.0b1 is now available for testing

The time has come for Python 3.8.0b1! Download it from:
https://www.python.org/downloads/release/python-380b1/

This release is the first of four planned beta release previews. Beta release previews are intended to give the wider community the opportunity to test new features and bug fixes and to prepare their projects to support the new feature release. The next pre-release of Python 3.8 will be 3.8.0b2, currently scheduled for 2019-07-01.

Call to action

We strongly encourage maintainers of third-party Python projects to test with 3.8 during the beta phase and report issues found to the Python bug tracker as soon as possible. While the release is planned to be feature complete entering the beta phase, it is possible that features may be modified or, in rare cases, deleted up until the start of the release candidate phase (2019-09-30). Our goal is have no ABI changes after beta 3 and no code changes after 3.8.0rc1, the release candidate. To achieve that, it will be extremely important to get as much exposure for 3.8 as possible during the beta phase.

Please keep in mind that this is a preview release and its use is not recommended for production environments.

A new challenger has appeared!

With the release of Python 3.8.0b1, development started on Python 3.9. The “master” branch in the cpython repository now tracks development of 3.9 while Python 3.8 received its own branch, called simply “3.8”.

Acknowledgments

As you might expect, creating new branches triggers a lot of changes in configuration for all sorts of tooling that we’re using. Additionally, the inevitable deadline for new features caused a flurry of activity that tested the buildbots to the max. The revert hammer got used more than once.

The Release Manager would not be able to make this release available alone. Many thanks to the fearless duo of Pablo Galindo Salgado and Victor Stinner for spending tens of hours during the past week working on getting the buildbots green for release. Seriously, that took a lot of effort. We are all so lucky to have you both.

Thanks to Andrew Svetlov for his swift fixes to asyncio and to Yury Selivanov for code reviews, even when jetlagged. Thanks to Julien Palard for untangling the documentation configs. Thank you to Zachary Ware for help with buildbot and CI configuration. Thanks to Mariatta for helping with the bots. Thank you to Steve Dower for delivering the Windows installers.

Most importantly though, huge thanks to Ned Deily who not only helped me understand the scope of this special release but also did some of the grunt work involved.

Last but not least, thanks to you for making this release more meaty than I expected. There’s plenty of super exciting changes in there. Just take a look at “What’s New”!

One more thing

Hey, fellow Core Developer, Beta 2 is in four weeks. If your important new feature got reverted last minute, or you decided not to merge due to inadequate time, I have a one time offer for you (restrictions apply). If you:
  • find a second core developer champion for your change; and
  • in tandem you finish your change complete with tests and documentation before Beta 2
then I will let it in. I’m asking for a champion because it’s too late now for changes with hasty design or code review. And as I said, restrictions apply. For instance, at this point changes to existing APIs are unlikely to be accepted. Don’t start new work with 3.8 in mind. 3.9 is going to come sooner than you think!

Thursday, May 30, 2019

Use two-factor auth to improve your PyPI account's security

To increase the security of Python package downloads, we're beginning to introduce two-factor authentication (2FA) as a login security option on the Python Package Index. This is thanks to a grant from the Open Technology Fund; coordinated by the Packaging Working Group of the Python Software Foundation.

Starting today, the canonical Python Package Index at PyPI.org and the test site at test.pypi.org offer 2FA for all users. We encourage project maintainers and owners to log in and go to their Account Settings to add a second factor. This will help improve the security of their PyPI user accounts, and thus reduce the risk of vandals, spammers, and thieves gaining account access.

PyPI's maintainers tested this new feature throughout May and fixed several resulting bug reports; regardless, you might find a new issue. If you find any potential security vulnerabilities, please follow our published security policy. (Please don't report security issues in Warehouse via GitHub, IRC, or mailing lists. Instead, please directly email one or more of our maintainers.) If you find an issue that is not a security vulnerability, please report it via GitHub.

PyPI currently supports a single 2FA method: generating a code through a Time-based One-time Password (TOTP) application. After you set up 2FA on your PyPI account, then you must provide a TOTP (along with your username and password) to log in. Therefore, to use 2FA on PyPI, you'll need to provision an application (usually a mobile phone app) in order to generate authentication codes; see our FAQ for suggestions and pointers.

You'll need to verify your primary email address on your Test PyPI and/or PyPI accounts before setting up 2FA. You can also do that in your Account Settings.

Currently, only TOTP is supported as a 2FA method. Also, 2FA only affects login via the website which safeguards against malicious changes to project ownership, deletion of old releases, and account take overs. Package uploads will continue to work without 2FA codes being provided.

But we're not done! We're currently working on WebAuthn-based multi-factor authentication, which will let you use, for instance, Yubikeys for your second factor. Then we'll add API keys for package upload, then an advanced audit trail of sensitive user actions. More details are in our progress reports.

Thanks to the Open Technology Fund for funding this work. And please sign up for the PyPI Announcement Mailing List for future updates.

Wednesday, May 8, 2019

Farewell, Python 3.4




It's with a note of sadness that I announce the final retirement of Python 3.4.  The final release was back in March, but I didn't get around to actually closing and deleting the 3.4 branch until this morning.

Python 3.4 introduced many features we all enjoy in modern Python--the asyncio, ensurepip, and enum packages, just to name three.  It's a release I hope we all remember fondly.


My eternal thanks to all the members of the release team that worked on Python 3.4:
Georg Brandl
Julien Palard

Martin von Löwis

Ned Deily
Steve Dower
Terry Reedy

and all the engineers of the Python infrastructure team.

Special thanks to Benjamin Peterson and Ned Deily, who frequently scurried around behind the scenes cleaning up the messes I cluelessly left in my wake.


Having closed 3.4, I am now retired as Python 3.4 Release Manager.  I regret to inform all of you that you're still stuck with me as Python 3.5 Release Manager until sometime next year.

Tuesday, March 26, 2019

Python 3.8.0a3 is now available for testing

Go get it here:
https://www.python.org/downloads/release/python-380a3/

The most visible change so far is probably the implementation of PEP 572: Assignment Expressions.  For a detailed list of changes, see:
https://docs.python.org/3.8/whatsnew/changelog.html

Python 3.8.0a3 is the third of four planned alpha releases of Python 3.8, the next feature release of Python.  During the alpha phase, Python 3.8 remains under heavy development: additional features will be added and existing features may be modified or deleted.  Please keep in mind that this is a preview release and its use is not recommended for production environments.  The last alpha release, Python 3.8.0a4, is planned for 2019-04-29.

Thanks to all of the many volunteers who help make Python development and these releases possible!  Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation.

Monday, March 25, 2019

Python 3.7.3 is now available

Python 3.7.3 is now available. 3.7.3 is the next maintenance release of Python 3.7, the latest feature release of Python.  You can find the release files, a link to the changelog, and more information here:
    https://www.python.org/downloads/release/python-373/

See the What’s New In Python 3.7 document for more information about the many new features and optimizations included in the 3.7 series.  Detailed information about the changes made in 3.7.3 can be found in its change log.

Thanks to all of the many volunteers who help make Python Development and these releases possible!  Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation.

Monday, March 18, 2019

Python 3.4.10 is now available

Python 3.4.10 is now available.  You can download it here.

Python 3.4.10 is the final release in the Python 3.4 series.  As of this release, the 3.4 branch has been retired, no further changes to 3.4 will be accepted, and no new releases will be made.  This is standard Python policy; Python releases get five years of support and are then retired.

If you're still using Python 3.4, you should consider upgrading to the current version--3.7.2 as of this writing.  Newer versions of Python have many new features, performance improvements, and bug fixes, which should all serve to enhance your Python programming experience.

We in the Python core development community thank you for your interest in 3.4, and we wish you all the best!

Python 3.5.7 is now available

Python 3.5.7 is now available.  You can download Python 3.5.7 here.

Tuesday, March 12, 2019

Python 3.7.3rc1 is now available for testing

Python 3.7.3rc1 is now available for testing. 3.7.3rc1 is the release preview of the next maintenance release of Python 3.7, the latest feature release of Python. Assuming no critical problems are found prior to 2019-03-25, no code changes are planned between now and the final release. This release candidate is intended to give you the opportunity to test the new security and bug fixes in 3.7.3. We strongly encourage you to test your projects and report issues found to bugs.python.org as soon as possible. Please keep in mind that this is a preview release and, thus, its use is not recommended for production environments.

You can find the release files, a link to the changelog, and more information here:

Sunday, March 3, 2019

Python 2.7.16 released

A bug fix release in the 2.7 series, 2.7.16, is now available for download.

Monday, February 25, 2019

Python 3.8.0a2 is now available for testing

Go get it here:
https://www.python.org/downloads/release/python-380a2/

The most visible change so far is probably the implementation of PEP 572: Assignment Expressions. For a detailed list of changes, see:
https://docs.python.org/3.8/whatsnew/changelog.html

Python 3.8.0a2 is the second of four planned alpha releases of Python 3.8, the next feature release of Python.  During the alpha phase, Python 3.8 remains under heavy development: additional features will be added and existing features may be modified or deleted.  Please keep in mind that this is a preview release and its use is not recommended for production environments.  The next preview release, Python 3.8.0a3, is planned for 2019-03-25.

Thanks to all of the many volunteers who help make Python development and these releases possible!  Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation.

Saturday, February 16, 2019

Python 2.7.16 release candidate 1 available

A release candidate for the upcoming 2.7.16 bug fix release is now available for download.

Monday, February 4, 2019

Python 3.8.0a1 is now available for testing

Go get it here:
https://www.python.org/downloads/release/python-380a1/

The most visible change so far is probably the implementation of PEP 572: Assignment Expressions. For a detailed list of changes, see:
https://docs.python.org/3.8/whatsnew/changelog.html

Python 3.8.0a1 is the first of four planned alpha releases of Python 3.8, the next feature release of Python.  During the alpha phase, Python 3.8 remains under heavy development: additional features will be added and existing features may be modified or deleted.  Please keep in mind that this is a preview release and its use is not recommended for production environments.  The next preview release, Python 3.8.0a2, is planned for 2019-02-24.

Thanks to all of the many volunteers who help make Python development and these releases possible!  Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation.