the conda-forge blog

We do a lot of things but only blog about some of them.

Here are some recent selections.

  • Travis CI Security Incident - Matthew R. Becker, 2021-09-24

    On September 9, 2021 one of our core devs discovered that artifacts building on Travis CI were being uploaded to our conda channel from PRs running on forked repositories. A quick investigation revealed that Travis CI was passing encrypted secrets to PR builds on forks. Further examination of our logs and artifacts indicated that this had been happening since about September 3, 2021. This security bug was subsequently confirmed by Travis CI. See this CVE for more details on this incident. As far as we know, there were no actual exploits against conda-forge which used this vulnerability.

  • Contributing Packages To conda-forge Using Grayskull - ForgottenProgramme, 2021-06-16

    When contributing packages to conda-forge, Grayskull can make your life much easier. Grayskull generates recipes for Python packages hosted on PyPI.

  • Conda-forge Outreachy - viniciusdc, 2021-02-02

    Conda-forge is participating in the upcoming round of Outreachy i.e May 2021 to August 2021. The goal of this program is to increase participation from under-represented groups in free and open-source software. Outreachy is organized by Software Freedom Conservancy.

  • 2020 in Review - conda-forge/core, 2020-12-26

    As 2020 winds down, the Core team thought it’d be fun to review some of the big accomplishments our community has made this year.

  • Package Distribution and the anaconda.com Terms of Service - conda-forge/core, 2020-11-20

    Various members of the community have raised questions publicly and privately about the implications of Anaconda’s new Terms of Service (TOS) on anaconda.com. First of all, we understand your concerns. We would like to explain a bit how conda-forge works, how the TOS change affects us and conda-forge users, and what our plans as a community are for the future.