final bells and whistles

lwasser · lwasser · commit 730b70386eec · 2025-03-13T14:29:37.000-06:00
diff --git a/_pages/volunteer.md b/_pages/volunteer.md
@@ -10,7 +10,7 @@ header:
   overlay_image: images/headers/pyopensci-learn-header.png
   overlay_filter: 0.3
 volunteer-mission:
-  - excerpt: "The vibrant and diverse pyOpenSci community is driven by volunteer Pythonistas that care deeply about the scientific Python open source software that drives open science."
+  - excerpt: "pyOpenSci is a volunteer community that broadens participation in scientific open source. We make finding, sharing and contributing to reusable code easier for everyone, everywhere."
 build-skills:
   - title: "pyOpenSci volunteers build skills and community"
     excerpt: "When you volunteer with pyOpenSci, you’re both giving back and developing professional skills. As a volunteer you will:
@@ -34,43 +34,23 @@ help-us:
     btn_label: "> Check out our GitHub Help Wanted Board"
     btn_class: btn--inverse
   - image_path:
-    title: "Sign up to be a scientific Python package reviewer"
+    title: "Sign up to review a Python package"
     alt:
-    excerpt: "Finding reviewers is one of the more challenging parts of running a peer review process. We are always looking for new reviewers from a broad range of scientific domains. Some reviewers have extensive packaging expertise and others have domain expertise. We think that mix is great, so sign up today! If you are new to reviewing we are happy to support you through our peer review mentorship program."
+    excerpt: "We are always looking for new reviewers from a broad range of scientific domains. Some reviewers have extensive packaging expertise and others have domain expertise or focus on package usability. If you are new to reviewing we are happy to support you through our peer review mentorship program. [Learn more about the reviewer role](https://www.pyopensci.org/software-peer-review/how-to/reviewer-guide.html) and sign up using the link below."
     url: https://forms.gle/GHfxvmS47nQFDcBM6
     btn_label: "> Sign up now."
     btn_class: btn--inverse
   - image_path:
     title: "Get involved as software peer review Editor"
     alt:
-    excerpt: "We also often recruit new editors to support our peer review process. Keep an eye out on our [Discourse forum](https://pyopensci.discourse.group/) for calls for new editors. In the meantime if you are interested in learning more about the editor role, check out our [peer review guidebook](https://www.pyopensci.org/software-peer-review/). "
+    excerpt: "We also often recruit new editors to support our peer review process. "
     url: https://www.pyopensci.org/software-peer-review/how-to/editors-guide.html
     btn_label: "> Click here to learn more about the editor role."
     btn_class: btn--inverse
 ---
 
 {% include feature_row id="volunteer-mission" type="center" %}
 
-<div class="pyos-section purple">
-<div class="content" markdown="1">
-
-{% include feature_row id="diverse-backgrounds" type="left" %}
-
-</div>
-</div>
-
-{% include div_purple_bottom.html  %}
-
-
-<div class="pyos-section" markdown="1">
-<div class="content" markdown="1">
-
-{% include feature_row id="build-skills" type="right" %}
-
-</div>
-</div>
-
-{% include div_purple_top.html  %}
 
 <div class="pyos-section purple" markdown="1">
 <div class="content padding" markdown="1">
@@ -101,6 +81,26 @@ And last but not least, we’d also love for you to be a guest blogger on the [p
 </div>
 
 
+<div class="pyos-section purple">
+<div class="content" markdown="1">
+
+{% include feature_row id="diverse-backgrounds" type="left" %}
+
+</div>
+</div>
+
+{% include div_purple_bottom.html  %}
+
+
+<div class="pyos-section" markdown="1">
+<div class="content" markdown="1">
+
+{% include feature_row id="build-skills" type="right" %}
+
+</div>
+</div>
+
+{% include div_purple_top.html  %}
 
 {% include div_purple_top.html  %}
 
diff --git a/_posts/2025-03-13-python-packaging-security-pypi.md b/_posts/2025-03-13-python-packaging-security-pypi.md
@@ -1,19 +1,20 @@
 ---
 layout: single
-title: "How to Secure Your Python Packages on PyPI: Stop the Mining Madness"
+title: "How to Secure Your Python Packages When Publishing to PyPI"
 excerpt: "Learn how to secure your Python package PyPI publishing workflows and protect your package from attacks. This post covers actionable steps, using PyPI Trusted Publisher, and sanitizing workflows, to ensure your projects stay safe."
 author: "Leah Wasser"
 permalink: /blog/python-packaging-security-publish-pypi.html
 header:
   overlay_image: images/headers/pyopensci-inessa.png
   overlay_filter: rgba(20, 13, 36, 0.3)
 categories:
+  - python-packaging
   - blog-post
   - community
 classes: wide
 toc: true
 comments: true
-last_modified: 2024-12-19
+last_modified: 2025-03-13
 ---
 
 ## Is your PyPI publication workflow secure?
@@ -31,12 +32,12 @@ While unsettling, there’s a silver lining: the PyPI security team had already
 This means that the important thing for us, as maintainers, is that we all should know how to lock down our publishing workflows.
 Here, I'll cover the lessons learned that you can apply TODAY to your Python packaging workflows!
 
-*Special thanks to [Sviatoslav Sydorenko](https://github.com/webknjaz) for reviewing and providing significant input on this blog post!!*
+*Special thanks to [Seth Larson](https://github.com/sethmlarson), [Hugo van Kemenade](https://github.com/hugovk), [Sviatoslav Sydorenko](https://github.com/webknjaz), [William Woodruff](https://github.com/woodruffw) and [Carol Willing](https://github.com/willingc) for reviewing and significantly improving blog post!!*
 
 <div class="notice" markdown="1">
 ## TL;DR Takeaways
 
-The Ultralytics breach is a wake-up call for all maintainers: secure your workflows to protect your users and the Python ecosystem. The most important steps that you can take are actually the simplest:
+The fall 2024 Ultralytics breach was a wake-up call for all maintainers: secure your workflows to protect your users and the Python ecosystem. The most important steps that you can take are actually the simplest:
 
 Below are **3 things that you can do right now** to secure your PyPI Python packaging workflow:
 
@@ -202,13 +203,12 @@ $ zizmor .github/workflows/publish-pypi.yml
 error[template-injection]: code injection via template expansion
    --> path/here/pyosMeta/.github/workflows/publish-pypi.yml:97:7
 github.ref_name may expand into attacker-controllable code
+```
 
-You can also set up `zizmor` as a pre-commit hook. pyOpenSci plans to do this in the near future, but here is an example of it [set up for core Python](https://github.com/python/cpython/pull/127749/files#diff-63a9c44a44acf85fea213a857769990937107cf072831e1a26808cfde9d096b9R64).
+You can also set up `zizmor` as a pre-commit hook. pyOpenSci plans to do this in the  future, but here is an example of it [set up for core Python](https://github.com/python/cpython/pull/127749/files#diff-63a9c44a44acf85fea213a857769990937107cf072831e1a26808cfde9d096b9R64).
 
 Pre-commit hooks run checks every time you commit a file to Git history. [Learn more about using them here.](https://www.pyopensci.org/python-package-guide/package-structure-code/code-style-linting-format.html#use-pre-commit-hooks-to-run-code-formatters-and-linters-on-commits)
 
-
-
 ## Other security measures you can consider
 
 There are other things that we can learn too from the recent breach. Many of these will be identified if you set up zizmor. These are discussed below.
@@ -307,6 +307,7 @@ pyOpenSci follows best practices for PyPI publishing using our custom GitHub Act
 <div class="notice" markdown="1">
 ## Get involved with pyOpenSci
 
+* Check out our [volunteer page](https://www.pyopensci.org/volunteer.html) if you are interested in getting involved.
 * Keep an eye on our [events page](/events.html) for upcoming training events.
 
 Follow us on social platforms:
