Python is of utmost importance to both Google Cloud and thus to Google Cloud users, and is also used internally by the search engine giant to power many of its core products and services.
Google is now making a $ 350,000 donation to support some Python Software Foundation (PSF) projects aimed at improving the supply chain security of the Python ecosystem.
PSF is the non-profit organization that supports the programming language, which according to some popularity rankings is now more popular than Java.
SEE: Hiring Kit: Python Developer (TechRepublic Premium)
Python is big with data scientists thanks to add-ons like NumPy, but is less used for mobile app and web app development, where JavaScript and TypeScript shine.
Google’s additional support for PSF focuses on three areas, including the spread of malware via the Python Package Index (PyPI), PSF’s official repository for software add-ons for Python.
Support includes detecting malware for PyPI, enhancements to core Python tools and services, and contributing to a 2021 CPython (Core Python) developer role.
The role is full-time and aims to help the CPython project prioritize maintenance and address the backlog of issues.
The Python Steering Council and Python Software Foundation are working together to hire a developer to help CPython prioritize tasks and understand how the backlog can be addressed.
The developer will also be researching maintainers to get a better picture of CPython, which will be used to ensure that future funding and volunteer hours are allocated effectively.
As PSF explains, Google’s additional sponsorship funds will be used to “address critical improvements in supply chain security, including the development of malware detection for PyPI, a prototype of dynamic analytics infrastructure for distribution, and other fundamental tool enhancements.”
The supply chain attacks on software distribution began to focus after SolarWinds, the alleged Russian attackers, hacked the software maker of enterprises. The attackers used its software updates from the Orion Infrastructure Monitoring to plant a backdoor in organizations of interest.
Python packages have also been used to spread malware targeting the financial sector.
Google has been sponsoring PSF since 2010 and becomes the open source language’s first “visionary sponsor”. Python was created in 1989 by Guido van Rossum, who returned from retirement last year to work for Microsoft’s growing open source teams. Previously, he was in charge of Python efforts at Dropbox.
Van Rossum will retire as Python’s Benevolent Dictator for Life (BDFL) in 2018. Other key sponsors of Python include Salesforce, Fastly, Bloomberg and Microsoft Azure.
SEE: Digital transformation: the new rules for completing projects
Google also donates Google Cloud infrastructure to PSF to support PSF operations, such as the Python Package Index.
“Google Cloud has given us access to peer-to-peer cloud comparisons that enable us to serve PyPI downloads cost-effectively while being good managers of the limited resources we have from other infrastructure providers,” said Ee Durbin, CEO of infrastructure, Python Software Foundation.
“The publication of PyPI’s analysis as a public dataset on BigQuery has reduced the burden of supporting and managing access to information critical to library maintainers, as well as the team that keeps PyPI online,” Durbin added .