Anthropic Invests $1.5 Million in the Python Software Foundation and Open Source Security

Python Software Foundation: We are thrilled to announce that Anthropic has entered into a two-year partnership with the Python Software Foundation (PSF) to contribute a landmark total of $1.5 million to support the foundation's work, with an emphasis on Python ecosystem security. This investment will enable the PSF to make crucial security advances to CPython and the Python Package Index (PyPI) benefiting all users, and it will also sustain the foundation's core work supporting the Python language, ecosystem, and global community.

Anthropic's funds will enable the PSF to make progress on our security roadmap, including work designed to protect millions of PyPI users from attempted supply-chain attacks. Planned projects include creating new tools for automated proactive review of all packages uploaded to PyPI, improving on the current process of reactive-only review. We intend to create a new dataset of known malware that will allow us to design these novel tools, relying on capability analysis. One of the advantages of this project is that we expect the outputs we develop to be transferable to all open source package repositories. As a result, this work has the potential to ultimately improve security across multiple open source ecosystems, starting with the Python ecosystem.

rounding error

[tigerstyle]

not mad at their effort, but this amount means almost nothing to anthropic. like giving a homeless person a dollar.

Re: rounding error

[home-electro.com]

My thoughts exactly. Like, good by why is it a news? Dozens of companies quietly keep employees on payroll contributing OS projects.

If they gave 100M one time, maybe it would have been newsworthy. 1.5m is nothing

Re:

[allo]

> Big company uses open source and doesn't pay a cent. People are upset
> Big company uses open source and pays $1.5 million. People are upset

Re:

[drinkypoo]

Nobody is upset they paid $1.5M, at least, not here so far.

Nobody should be impressed they paid $1.5M. It's not a lot of money any more and it's jack shit to them. Am I mad? No. Do I think they should not have done it? Also no. Am I amazed by their munificence? No again.

Re:

[allo]

Can the foundation use it? Yes.
Not long ago they had to decline government money because of attached "anti woke" clauses. Now they get some money no strings attached.

Re: rounding error

[sziring]

Maybe that is all Python asked for to cover headcount for those two package improvements.
We don't need one company paying for everything we need each company to pay their share.

Re: rounding error

[home-electro.com]

The point is it should not be in the news. I mean we don't see news about a random guy giving 20 bucks to a homeless. This is the same level of newsworthyness

With some requests please

[will4]

- Strings which can be set to None (or equivalent)
- Proper protection of public, private and protected class members
- Force data types instead of ignorable type hints and an option for strict type checking at build time
- Have proper classes instead of different workarounds via attribute based programming
- Have objects derive from a base object which can be set to None
- Move away from arbitrary name=value function parameter syntax
- Build into the compiler the package tool so that every single of the billions

Re:

[flargleblarg]

Strings which can be set to None (or equivalent)

Type annotations have made this possible for quite a time:
def foo(label: str|None)

Re:

[will4]

Agree. Type annotations are hints and not enforced by the Python interpreter. What's needed is for data types to be enforced by the Python interpreter when a script is translated from Python code to its internal opcode/executable format.