Developers and security experts:

Please check out this Request for Information for a Python Software Foundation contract:

https://pyfound.blogspot.com/2019/08/pypi-security-q4-2019-request-for.html

PSF is seeking developers to implement cryptographic signing and malware detection on PyPI:

https://github.com/python/request-for/blob/master/2019-Q4-PyPI/RFI.md

This RFI period will close on September 18th.

During the RFI period, the PSF is hoping to get participation from potential participants and other experts in the discussion forum at https://discuss.python.org/c/python-software-foundation/pypi-q4-rfi especially about implementation questions (such as: use The Update Framework or not?).

Then, the Request for Proposals period will be September 23-October 16.

And please feel free to forward!