pypi
diff --git a/‎.github/workflows/node-ci.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/node-ci.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎Dockerfile
Lines changed: 1 addition & 1 deletion b/‎Dockerfile
Lines changed: 1 addition & 1 deletion
diff --git a/‎Procfile
Lines changed: 6 additions & 7 deletions b/‎Procfile
Lines changed: 6 additions & 7 deletions
diff --git a/‎bin/redis-tls
Lines changed: 0 additions & 25 deletions b/‎bin/redis-tls
Lines changed: 0 additions & 25 deletions
diff --git a/‎bin/start-web
Lines changed: 0 additions & 10 deletions b/‎bin/start-web
Lines changed: 0 additions & 10 deletions
diff --git a/‎bin/start-worker
Lines changed: 0 additions & 10 deletions b/‎bin/start-worker
Lines changed: 0 additions & 10 deletions
diff --git a/‎dev/db/post-migrations.sql
Lines changed: 3 additions & 0 deletions b/‎dev/db/post-migrations.sql
Lines changed: 3 additions & 0 deletions
diff --git a/‎dev/environment
Lines changed: 2 additions & 0 deletions b/‎dev/environment
Lines changed: 2 additions & 0 deletions
diff --git a/‎docker-compose.yml
Lines changed: 0 additions & 10 deletions b/‎docker-compose.yml
Lines changed: 0 additions & 10 deletions
diff --git a/‎docs/blog/posts/2025-02-25-terms-of-service.md
Lines changed: 58 additions & 0 deletions b/‎docs/blog/posts/2025-02-25-terms-of-service.md
Lines changed: 58 additions & 0 deletions
@@ -32,7 +32,7 @@ jobs:
             persist-credentials: false
       - uses: actions/setup-node@v4
         with:
-          node-version: 23.8.0
+          node-version: 23.9.0
           cache: 'npm'
       - name: Install Node dependencies
         run: npm ci
 
@@ -1,6 +1,6 @@
 # First things first, we build an image which is where we're going to compile
 # our static assets with. We use this stage in development.
-FROM node:23.8.0-bookworm AS static-deps
+FROM node:23.9.0-bookworm AS static-deps
 
 WORKDIR /opt/warehouse/src/
 
 
@@ -1,8 +1,7 @@
 release: bin/release
-web: bin/start-web ddtrace-run python -m gunicorn.app.wsgiapp -c gunicorn-prod.conf.py warehouse.wsgi:application
-web-api: bin/start-web ddtrace-run python -m gunicorn.app.wsgiapp -c gunicorn-prod.conf.py warehouse.wsgi:application
-web-uploads: bin/start-web ddtrace-run python -m gunicorn.app.wsgiapp -c gunicorn-uploads.conf.py warehouse.wsgi:application
-worker: bin/start-worker celery -A warehouse worker --concurrency=${CELERY_CONCURRENCY:-1} -Q default -l info --max-tasks-per-child 1024
-worker-beat: bin/start-worker celery -A warehouse beat -S redbeat.RedBeatScheduler -l info
-worker-traced: env DD_SERVICE=warehouse-worker bin/start-worker ddtrace-run celery -A warehouse worker --concurrency=${CELERY_CONCURRENCY:-1} -Q default -l info --max-tasks-per-child 32
-worker-drain-sqs: env BROKER_URL=sqs:///?region=us-east-2&queue_name_prefix=pypi-worker bin/start-worker --concurrency=${CELERY_CONCURRENCY:-1} celery -A warehouse worker -Q default -l info --max-tasks-per-child 1024
+web: ddtrace-run python -m gunicorn.app.wsgiapp -c gunicorn-prod.conf.py warehouse.wsgi:application
+web-api: ddtrace-run python -m gunicorn.app.wsgiapp -c gunicorn-prod.conf.py warehouse.wsgi:application
+web-uploads: ddtrace-run python -m gunicorn.app.wsgiapp -c gunicorn-uploads.conf.py warehouse.wsgi:application
+worker: celery -A warehouse worker --concurrency=${CELERY_CONCURRENCY:-1} -Q default -l info --max-tasks-per-child 1024
+worker-beat: celery -A warehouse beat -S redbeat.RedBeatScheduler -l info
+worker-traced: env DD_SERVICE=warehouse-worker ddtrace-run celery -A warehouse worker --concurrency=${CELERY_CONCURRENCY:-1} -Q default -l info --max-tasks-per-child 32
@@ -50,6 +50,9 @@ VALUES
 -- Set TOTP secret to IU7UP3EMIPI7EBPQUUSEHEJUFNBIWOYG for select users
 UPDATE users SET totp_secret = '\x453f47ec8c43d1f205f0a5244391342b428b3b06' WHERE username IN ('ewdurbin', 'di', 'dstufft', 'miketheman');
 
+-- Create Terms of Service Engagements for select users to keep from flashing banner on login
+INSERT INTO user_terms_of_service_engagements (user_id, revision, created, engagement) (SELECT id, 'initial', NOW(), 'agreed' from users where username IN ('ewdurbin', 'di', 'dstufft', 'miketheman'));
+
 -- Make select users owners of 'sampleproject'
 INSERT INTO roles (role_name, user_id, project_id)
   SELECT 'Owner', id, '4587cc12-e342-4880-9f61-ea4990fb81ea'
 
@@ -5,6 +5,8 @@ WAREHOUSE_ENV=development
 WAREHOUSE_TOKEN=insecuretoken
 WAREHOUSE_IP_SALT="insecure himalayan pink salt"
 
+TERMS_NOTIFICATION_BATCH_SIZE=0
+
 AWS_ACCESS_KEY_ID=foo
 AWS_SECRET_ACCESS_KEY=foo
 
 
@@ -34,16 +34,6 @@ services:
   redis:
     image: redis:7.0
 
-  localstack:
-    image: localstack/localstack:3.5
-    stop_signal: SIGKILL
-    environment:
-      SERVICES: "sqs"
-      LOCALSTACK_HOST: "localstack"
-      LS_LOG: "error"
-    ports:
-      - "4566:4566"
-
   opensearch:
     build:
       context: ./dev/compose/opensearch
 
@@ -0,0 +1,58 @@
+---
+title: Introducing our new Terms of Service
+description: PyPI is formalizing our policies to help us move forward with new services.
+authors:
+  - ewdurbin
+date: 2025-02-25
+tags:
+  - policies
+  - transparency
+---
+
+We're introducing a new
+[Terms of Service](https://policies.python.org/pypi.org/Terms-of-Service/)
+to formalize our relationship to users
+and enable us to move forward with providing new features and services,
+specifically
+[Organization Accounts](https://docs.pypi.org/organization-accounts/).
+
+<!-- more -->
+
+PyPI has had some form of [Terms of Use](https://policies.python.org/pypi.org/Terms-of-Use/)
+document for users since it
+[began accepting uploads in 2005](https://github.com/pypi/legacy/commit/b139c00cfc5794159afb1fc185d77dbc5fc1a2a4#diff-a67499b048e6bb6ef08d44c7a3c541199615b68e3bd153eb0ccedc492e3dec9dR7-R13)
+and has only been updated twice[^1] since.
+These terms have primarily served to protect PyPI
+and the Python Software Foundation (PSF) who operates it.
+
+Over time we have introduced additional policies to protect our users and community
+such as our
+[Code of Conduct](https://policies.python.org/python.org/code-of-conduct/)
+[Privacy Notice](https://policies.python.org/pypi.org/Privacy-Notice/)
+and
+[Acceptable Use Policy](https://policies.python.org/pypi.org/Acceptable-Use-Policy/).
+
+Our new
+[Terms of Service](https://policies.python.org/pypi.org/Terms-of-Service/)
+formalizes our relationship to PyPI users,
+makes protections for the PSF and PyPI users more explicit,
+and establishes terms we need to provide
+[Organization Accounts](https://docs.pypi.org/organization-accounts/)
+to paid
+[Corporate Organizations](https://docs.pypi.org/organization-accounts/pricing-and-payments/#corporate-organizations).
+
+We have worked with our legal team to retain compatibility with the superseded
+[Terms of Use](https://policies.python.org/pypi.org/Terms-of-Use/)
+while adding as permissive a set of new terms as possible to ensure that PyPI users 
+and the PSF are protected.
+
+You will notice a banner on login reminding you of these updated terms,
+as well as an email notification to your primary email address if it has been verified.
+These terms will take effect for existing users March 27, 2025 and
+your continued use of PyPI after that date constitutes agreement to these new terms.
+
+[^1]: 
+  See these commits for substantive changes since the Terms of Use was introduced:
+  [2009-11-29](https://github.com/pypi/legacy/commit/ddbd32a78a431ab46cad912046c2492998edc618#diff-a6e30135c956f467cffa36eb37a756a53921754d55ddd6ea80d2a0b4c3f4abfaR16-R33)
+  and
+  [2016-12-16](https://github.com/pypi/legacy/commit/f645942c65a372fdacd4d48ffb4afed4502632e8#diff-bbf95bcc6416475537256acea89690f7c6b1f965c0306e9b883813bd3e4f6c10R15-R98).