3.1   Deb Nicholson

• Work on payroll migration
• Strategic planning support
• Conversations with peers about package repository sustainability
• Discussions with sister orgs about trends and opportunities
• Support PyCon US work
• Conversations with sponsors/stakeholders
• Work on annual report

3.2   Oliva Sauls

• PyCon US Budget work
• Food and Beverage
• Managing vendors and contractors
• Hotel block management
• Preparing for PyCon US schedule launch
• PyLadies Auction planning
• AV planning and room allocations
• PyCon US Startup Row planning and communications
• Travel grants work
• Speaker notifications and schedule build in Pretalx
• Communicating with CFP committees and chairs
• [us.pycon.org/2026/](http://us.pycon.org/2026/) management
• Summits planning

3.3   Laura Graves

• Ongoing accounting activities
  • Cleaning up bank reconciliations from August-February
  • Meetings with Sutro Li about fractional accounting work
  • Meetings with banks to close obsolete bank accounts
  • Meetings with banks to fix permissions and signers
  • Review of 1099s issued in January and fixing errors
  • Meeting with Jacob to discuss PWG and other fiscally sponsored projects
  • Closing old PEX card user accounts
• Grants
  • Meeting with Marie to discuss grants transparency report
  • Review and edits to Meetup application for reopening meetup requests
• PyCon US
  • Contacting groups who do special travel grants about program for 2026
  • Onboarding meeting with Naomi
  • Adjusting all PEX card balances for PyCon US travel
  • Creating donation form for PyLadies auction
  • PyCon US Travel Grant review and documentation updates
• Reporting
  • Filing Annual Reports
    • Utah
    • Washington
    • Delaware
  • Renewing Registered Agent Services
    • Delaware
    • Maryland
    • Ohio
    • Washington
• Human Resources
  • Gaining access to VSP account
  • Updating beneficiary information
  • Reviewing FSA payout for 2025
  • Workers Comp Audit
  • Gaining access to Accrue account
  • Onboarding documents and calls with new PEO
  • Providing year-end information for Accrue/Guideline

3.4   Loren Crary

• Correspondence with current and prospective sponsors
• Contract negotiation with current and prospective sponsors
• Assessing and pursuing grant opportunities
• Drafting and revising strategic public communications
• Board relations
• Strategic Planning support
• Strategic team management and support
• Policy review support
• Targeted outreach to promote PyCon US Call for Proposal and PyCon US/PSF sponsorship program
• Managing Programs Director & Community Communications Manager

3.5   Marie Nordin

• PyCon US
  • PSF Booth coordination, logistics, volunteer team management
  • Community Booth facilitation of application review & decision making, communications
  • General communications support
  • Members lunch
  • Sponsor benefit communications
  • Supporting presenting of CSA’s
• Grants
  • Reopening Meetup Pro Network applications
    • Coordination of form updates
    • Communications
    • Documentation updates
  • Administration of new Community Partner Program
  • Progress on 2025 transparency report
• Fellows
  • Q1 nomination review & voting administration
  • Supporting Fellows WG process updates
• Annual Impact Report coordination of ongoing design work
• Working with Jacob on new wiki requirements & communications
• Python Developers Survey promotion & gathering feedback

3.6   Seth Larson

• Python Security Response Team
  • Added 5 new members following the PEP 811 process
  • Implemented non-”python” GitHub organization members being added to GHSA tickets as collaborators.
  • Documenting GHSA process for other members.
• PyCon US: Chairing “Trailblazing Security Talk Track
  • Blog posts, splash page, finalized schedule
• Relative dependency cooldowns in pip
  • [https://github.com/pypa/pip/pull/13625](https://github.com/pypa/pip/pull/13625)
  • [https://nesbitt.io/2026/03/04/package-managers-need-to-cool-down.html](https://nesbitt.io/2026/03/04/package-managers-need-to-cool-down.html)
  • [https://sethmlarson.dev/pip-relative-dependency-cooling-with-crontab](https://sethmlarson.dev/pip-relative-dependency-cooling-with-crontab)
  • [https://github.com/git-pkgs/proxy/pull/17](https://github.com/git-pkgs/proxy/pull/17)
• Deprecate security foot-gun os.path.commonprefix() in Python standard library
  • [https://sethmlarson.dev/deprecate-confusing-apis-like-os-path-commonprefix](https://sethmlarson.dev/deprecate-confusing-apis-like-os-path-commonprefix)
  • [https://github.com/astral-sh/ruff/issues/22981#issuecomment-4000835840](https://github.com/astral-sh/ruff/issues/22981#issuecomment-4000835840)
• Maturin adds support for Software Bill of Materials (PEP 770) for Rust packages
  • [https://github.com/PyO3/maturin/issues/2554](https://github.com/PyO3/maturin/issues/2554)
  • Works with cryptography: [https://github.com/PyO3/maturin/issues/2554#issuecomment-3892255689](https://github.com/PyO3/maturin/issues/2554#issuecomment-3892255689)
• OSSF Vulnerability Disclosure WG
  • New security team models given elevated load from generative AI, whether reports are valid or not.
  • Respecting maintainer time should be in security policies: [https://sethmlarson.dev/respecting-maintainer-time-should-be-in-security-policies](https://sethmlarson.dev/respecting-maintainer-time-should-be-in-security-policies)
  • [https://github.com/ossf/wg-vulnerability-disclosures/issues/184](https://github.com/ossf/wg-vulnerability-disclosures/issues/184)
  • NodeJS: [https://github.com/nodejs/TSC/issues/1826](https://github.com/nodejs/TSC/issues/1826)

3.7   Mike Fiedler

• Mike focused on malware response at scale, advancing the Trusted Account Associations project, improving PyPI API capabilities, and kicking off a third-party security audit of PyPI's warehouse codebase.
• Malware Response
  • February saw 277 malware reports across 303 security inbox threads, with 84 corroborated as true positives.
  • Of 233 reported packages, 131 were automatically quarantined (56.2% auto-quarantine rate), continuing the system's zero false-positive track record.
  • Mike [fixed a quarantine evaluation issue](https://github.com/pypi/warehouse/pull/19578) and [sorted malware reports by count](https://github.com/pypi/warehouse/pull/19540) to improve admin triage workflows.
  • An [advisory was published for dydx-v4-client](https://osv.dev/vulnerability/PYSEC-2026-1) 1.1.5.post1.
• Trusted Account Associations
  • Progress continued on the Trusted Account Associations project:
    • [Refactored the account associations data model](https://github.com/pypi/warehouse/pull/19053) to generalize for multiple provider types
    • Prepared [GitLab account associations](https://github.com/pypi/warehouse/pull/19298)with flagged behavior handling, moving toward merge
    • Reworked the Google Account Associations branch to prepare for testing
• Security Infrastructure Improvements
  • An AI-enabled security researcher contributed five patches addressing rare validation edge cases across PyPI's authentication and admin flows, including [TOTP validation](https://github.com/pypi/warehouse/pull/19480), [Stripe return URL validation](https://github.com/pypi/warehouse/pull/19477), [admin CSRF for macaroon deletion](https://github.com/pypi/warehouse/pull/19478), [observation creation for applications](https://github.com/pypi/warehouse/pull/19479), and [installation token verification](https://github.com/pypi/warehouse/pull/19481).
  • While these addressed uncommon code paths rather than active vulnerabilities, each required additional work to conform to PyPI's development practices and test requirements.
• Other security improvements:
  • Added a Fastly NGWAF rule to block null byte injection attacks and SQL injection attempts
  • [Shipped security.txt](https://github.com/pypi/warehouse/pull/19459) to production, surfacing PyPI's vulnerability disclosure contact information
  • [Replaced the zxcvbn password strength library](https://github.com/pypi/warehouse/pull/19503) with a modern, maintained alternative
  • [Converted prohibited email domain column to case-insensitive](https://github.com/pypi/warehouse/pull/19450) matching
  • Contributed additional [disposable email domains](https://github.com/disposable-email-domains/disposable-email-domains/pull/876) to the community blocklist
• API Improvements
  • [Code reviewed and shipped metadata 2.5 support](https://github.com/pypi/warehouse/pull/19254)
  • [Shipped ownership data in the JSON API](https://github.com/pypi/warehouse/pull/19525),providing project maintainer and owner details programmatically.
  • This supports the ongoing effort to deprecate legacy XMLRPC endpoints and gives security researchers better tooling for campaign linkage analysis.
  • A deprecation announcement and migration documentation will follow.
  • Built a [webtest query counter](https://github.com/pypi/warehouse/pull/19544) for measuring database query efficiency during development
• Security Audit
  • A Sovereign Tech Agency-funded security audit of PyPI's warehouse codebase by Trail of Bits kicked off at the end of February.
  • The engagement runs through March, with a readout at the end of March.
• Community Engagement
  • Mike attended FOSDEM in Brussels in early February, thanks to AWS Open Source Marketing sponsorship.
  • In the Package Manager devroom, multiple talks cited prior PyPI security work, and discussions on sustainability were central themes.
  • Mike helped facilitate connections between industry professionals and PSF board members.
  • Following FOSDEM, Mike attended the OpenSSF Package Registry Maintainer Forum, where registry maintainers from across ecosystems gathered to discuss shared challenges.
  • PyPI's pioneering (or pyoneering!) position in the space was widely recognized, and connections from the forum have already generated follow-on collaboration opportunities.
• Other community engagement:
  • Reviewed attestation UI proposal with OpenSSF working group
  • Participated in OpenSSF Securing Software Repositories working group meeting (EMEA-friendly session), sharing FOSDEM learnings
  • Attended Alpha-Omega public meetings, including the Open Source Corps of Engineers session on AI-driven maintenance
  • Attended PSF Board Meeting
  • Contributed to the [git-pkgs](https://github.com/git-pkgs/git-pkgs) open source community tool
• Other Items
  • Prepared PyPI section of the [PSF Annual Impact Report](https://docs.google.com/document/d/13nJxwrUaExHUcpNIs4h4VbIwYB7lp9yXVMHF_25oTfw/edit?tab=t.0)
  • [Provided BigQuery patch](https://github.com/pypi/linehaul-cloud-function/issues/252#issuecomment-3885468407) for linehaul to enable tracking bytes downloaded
  • Discovered [linehaul test fixtures don't actually run](https://github.com/pypi/linehaul-cloud-function/issues/263)
  • Updated [linehaul](https://github.com/pypi/linehaul-cloud-function) dependencies and addressed [zizmor findings](https://github.com/pypi/linehaul-cloud-function/pull/261)
  • [Fixed mobile UI bug for file details](https://github.com/pypi/warehouse/pull/19500)
  • [Showed disabled reason to authenticated users](https://github.com/pypi/warehouse/pull/19501)
  • [Admin UI improvements for sponsors](https://github.com/pypi/warehouse/pull/19553)
  • Responded to a production memory incident, managing communications
  • Reviewed [disallowing pull_request_target](https://github.com/pypi/warehouse/pull/18886) for trusted publishing
  • Various code reviews and dependency maintenance

3.8   Jaime Barrera

March report not provided.

3.9   Jacob Coffee

• Preparing for PyCon US
  • Schedule launch testing
  • Mobile app testing
• Attended SCaLE conference in Pasadena, CA
  • Collaborated with Elaine & Jon, saw moderate success in pitches for sponsors / booth slots as well as individuals that did (or will) register for the conference
• Spent time working towards new Python core team and PSF blogs
  • Python core team blog is live
• Deprecated the wiki
  • Did this in a poor way (communicatively), sorry about that!
  • New solution is in the works, working with Marie
• Worked toward a better workflow with the [Python.org](http://Python.org) codebase
  • Re-organized things out of the top level, improved DevEx
• Worked with finance team on a number of projects including mailing list improvements
• Worked on Cabotage (Internal PaaS)
  • After reviewing other solutions, decided that it was best to just improve the service
  • Total redesign on the frontend
  • Many features landed by Ee that improve UX
  • Working toward making it a great experience for us internally but also good for our community users like PyLadies

3.10   Maria Ashna

March report not provided.

3.11   Kelly Ragland

March report not provided.

3.12   Abigail Mesrenyame Dogbe

• Education and Outreach workgroup discussions on the Educator in Residence proposal
• Interacted and connected with New African Pythonistas
• PSF Board Office Hours

3.13   Sheena O'Connell

• PyCon Namibia:
  • Fundraising support
  • Ran some Python teacher training (much needed!)
  • Did a “playing the long game” talk encouraging younger folks to learn foundational code (looks like it worked)
• PyTV:
  • Django+LLM talk
• Django Con US: Trying to pull together a learning sprint
• PSF: worked on the educator in residence proposal. Got help from the Education workgroup
• PyCon Africa: chipping away at CoC issues slowly. Will have more time for it now I hope
• PyConZA: Started pulling the team together

3.14   Denny Perez

March report not provided.

3.15   Cristián Maureira-Fredes

March report not provided.

3.16   Simon Willison

March report not provided.

3.17   Jannis Leidel

March report not provided.

3.18   Georgi Ker

• Community: PyTV PyLadies Panel + Panel with Paul Everitt and Carol Willing on AI’s Impact on the Python Community
• Community: PyPodcats video production
• PSF: Booth Organizing + Design for PSF booth
• PSF: Led 2 D&I Workgroup Meetings of difference timezones
• PSF: Written an article about the D&I Workgroup: [https://pyfound.blogspot.com/2026/02/python-is-for-everyone-inside-psfs-d.html](https://pyfound.blogspot.com/2026/02/python-is-for-everyone-inside-psfs-d.html)
• PSF: PyCon US Design work

3.19   KwonHan Bae

• PSF - participated in board discussions via Slack and email
• PSF - attended board meeting
• COMMUNITY : Python Asia Organize
• COMMUNITY : PyCon KR Organize

3.20   Tania Allard

March report not provided.

3.21   Cheuk Ting Ho

March report not provided.

3.22   Chris Neugebauer

• Community: Working on North Bay Python CFP and general organising
• PSF: PyCon US booth team
• PSF: Executive committee meetings etc

4.1   Code of Conduct

• Nothing to report at this time.

4.2   Grants

• Nothing to report at this time.

4.3   Sponsors

• Nothing to report at this time.

4.4   Marketing

• Nothing to report at this time.

4.5   Jobs

• Of the 729 Job submissions created in March 2026:
  • 203 have status approved
  • 8 have status archived
  • 41 have status draft
  • 279 have status expired
  • 74 have status rejected
  • 102 have status removed
  • 22 have status review

4.6   Trademarks

• Nothing to report

4.7   Fellows

• Nothing to report

4.8   Packaging

• Nothing to report

4.9   Infrastructure

• Nothing to report

4.10   Scientific Python

• Nothing to report

4.11   Diversity & Inclusion Work Group

• Nothing to report

6.1   Grants

• None at this time.

6.2   Sponsors

• None at this time.

6.3   Scientific Python

• None at this time.