Python is critical to both Google Cloud and therefore Google Cloud users, and is also used internally by the search engine giant to power many of its core products and services.
Now Google is donating $ 350,000 to support some Python Software Foundation (PSF) projects aimed at improving the supply chain security of the Python ecosystem.
PSF is the non-profit organization that supports the programming language, which, according to some popularity rankings, is now more popular than Java.
SEE: Hiring Kit: Python Developer (TechRepublic Premium)
Python is big on data scientists thanks to add-ons like NumPy, but it is less commonly used for mobile and web app development, where JavaScript and TypeScript excel.
Google’s additional support for PSF focuses on three areas, including stopping the spread of malware through Python Package Index (PyPI), PSF’s official repository of software add-ons for Python.
Support includes malware detection for PyPI, enhancements to key Python tools and services, and the contribution of a CPython (Core Python) developer-in-residence role for 2021.
The position is full-time and aims to help the CPython project prioritize maintenance and address backlog issues.
The Python Board and Python Software Foundation will work together to hire a developer to help CPython prioritize and understand how to tackle the backlog.
The developer will also research maintenance people to get a better picture of CPython, which will be used to ensure future funding and volunteer hours are effectively allocated.
As PSF explains, the additional sponsorship funds from Google will be used to “address critical improvements in supply chain security, including developing product-centric malware detection for PyPI, a prototype dynamic analysis infrastructure for distributions, and other fundamental improvements in the tool “.
Attacks on the software distribution supply chain have gained attention after enterprise software maker SolarWinds was hacked by suspected Russian attackers. The attackers took advantage of Orion’s infrastructure monitoring software updates to put a back door into organizations of interest.
Python packages have also been used to distribute malware targeting the financial sector.
Google has sponsored PSF since 2010 and becomes the first “visionary sponsor” of the open source language. Python was founded in 1989 by Guido van Rossum, who returned after retirement last year to work for Microsoft’s growing open-source teams. Previously, he was in charge of Python efforts at Dropbox.
Van Rossum stepped down as Python’s Benevolent Dictator for Life (BDFL) in 2018. Other major Python sponsors include Salesforce, Fastly, Bloomberg, and Microsoft Azure.
SEE: Digital transformation: the new rules for getting projects done
Google also donates Google Cloud infrastructure to PSF to support PSF operations such as the Python Package Index.
“Google Cloud has given us access to critical peering agreements through Cloud Storage that allow us to operate PyPI downloads cost-effectively while properly managing the limited resources we have from other infrastructure providers,” said Ee Durbin, Director of Infrastructure , Python Software Foundation.
“Publishing PyPI’s analytics as a public dataset on BigQuery has reduced the burden of supporting and managing access to information that has proven to be critical for library administrators and the team that keeps PyPI online,” adds Durbin.