Python Foundation (PSF) has revealed that it received three separate summons from the US Department of Justice in March and April of 2023, demanding data relating to PYPI users – the Python programming software repository. Despite no legal explanation being provided, all three summonses were issued.
The requested data consisted of names associated with identified accounts, postal, electronic, residential and official addresses, session records, and related network identifiers, registration dates, phone numbers, IP addresses, payment method and source, loaded packages, and logging IP addresses of PYPI packages.
PSF underlined the importance of user privacy and their commitment to preventing any data breach or disclosure. However, the organization stated that on the advice of its legal team, it was obliged to comply with the information requests.
Python Foundation reported that it is actively working on developing new data storage and disclosure policies that protect user privacy and personal data from unnecessary request or compromise. The new policies will be public and touch procedures for future data requests from the government, limits and duration for personal data retention and various interests of the Python community.
US Govt Requests PYPI User Data
/Reports, release notes, official announcements.