Summary: The Python Package Index (PyPI) has introduced a new feature called ‘Project Archival’ that allows project maintainers to mark their projects as archived, indicating no further updates will occur. Users will be warned about the project’s maintenance status, aiming to enhance security and transparency in open-source dependencies. This system helps mitigate risks such as hijacking of abandoned projects and reduces user support queries.
Affected: Python Package Index (PyPI)
Keypoints :
- Project maintainers can archive projects to indicate they will not receive further updates or maintenance.
- A warning banner will inform users to seek actively maintained alternatives, enhancing security against attacks targeting abandoned projects.
- The system plans to introduce more project statuses like ‘deprecated’ and ‘feature-complete’ for increased clarity on project conditions.