PSF Meeting Minutes for June 10, 2026
Title: 2026-06-10 PSF Board Meeting Minutes Encoding: utf-8 Author: psf at python.org Content-Type: text/x-rst
A regular meeting of the Python Software Foundation ("PSF") Board of Directors was held over Group Conference Call via phone and Internet Relay Chat/Slack beginning at 13:00 UTC, on June 10, 2026. Olivia Sauls took notes/minutes.
All votes are reported in the form "Y-N-A" (in favor-Y‚opposed-N‚abstentions-A; e.g. "5-1-2" means "5 in favor, 1 opposed, and 2 abstentions").
- 1 Attendance
- 2 Minutes of Past Meetings
- 3 Board and Staff Monthly Reports for June 2026
- 3.1 Deb Nicholson
- 3.2 Oliva Sauls
- 3.3 Laura Graves
- 3.4 Loren Crary
- 3.5 Marie Nordin
- 3.6 Seth Larson
- 3.7 Mike Fiedler
- 3.8 Jaime Barrera
- 3.9 Jacob Coffee
- 3.10 Maria Ashna
- 3.11 Kelly Ragland
- 3.12 Abigail Mesrenyame Dogbe
- 3.13 Sheena O'Connell
- 3.14 Denny Perez
- 3.15 Cristián Maureira-Fredes
- 3.16 Simon Willison
- 3.17 Jannis Leidel
- 3.18 Georgi Ker
- 3.19 KwonHan Bae
- 3.20 Tania Allard
- 3.21 Cheuk Ting Ho
- 3.22 Chris Neugebauer
- 4 Work Group Reports
- 5 PSF Board Votes Approved by Email
- 6 Votes Approved by Working Groups
- 7 Consent Agenda Resolutions
- 8 New Business
- 9 Discussions
1 Attendance
The following members of the Board of Directors (11 of 12) were present at the meeting: Christopher Neugebauer, Jannis Leidel, Cristián Maureira-Fredes, KwonHan Bae, Deb Nicholson, Georgi Ker, Denny Perez, Abigail Mesrenyame Dogbe, Sheena O'Connell, Cheuk Ting Ho. Simon Willison joined at 13:07 UTC.
Olivia Sauls (Program Director), Laura Graves (Controller), Marie Nordin (Community Communications Manager), Kelly Ragland (Finance Manager), Loren Crary (Deputy Executive Director), Seth Larson (Python Security Developer in Residence), Jacob Coffee (Director of Engineering) and Mike Fiedler (PyPI Safety & Security Engineer) were also in attendance.
2 Minutes of Past Meetings
Minutes from prior meeting April 8, 2026:
RESOLVED, that the Python Software Foundation approve the minutes at https://mail.python.org/archives/list/psf-important@python.org/thread/YUUUOYKK7CRVCALFLTXYR4AM3BYOEJTL/ as representing a true and accurate record of the April 8, 2026 meeting.
Approved, 10-0-0
3 Board and Staff Monthly Reports for June 2026
3.1 Deb Nicholson
June report not provided.
3.2 Oliva Sauls
- PyCon US 2026 budget wrap up
- PyCon US 2026 recording and transcript review and publishing
- Post-mortem calls with vendors and conference chairs
- PyCon US 2026 statistic reports and data collection
- Hotel audit
- Attendee survey result review
- PyCon US 2027 design calls
- Managing Community Events Coordinator
3.3 Laura Graves
- Ongoing accounting activities
- PyLadies T-shirt sales advice
- Canceling Phyllis’ credit card charges
- Contract review for new engineering team activity
- Paperwork for BoA to remove Phyllis and add Laura
- Meetings with PNC to update bank accounts
- match account permissions at BoA so we can close that account and move all to PNC
- Investment options for better interest/earning potential
- Strategic plan review
- Work with sutro li for account access permissions, reporting, work distribution
- Bank updates at Bank of America to remove old signers (Kurt, Ewa, Joe, and Phyllis) and add new signers (Deb, Kelly)
- PyPI Orgs taxability concerns research
- PyCon
- Making employee allocations for 25 budget and projections for 26
- 26 budget review
- Venue insurance coverage review and renewal
- Contract review for on-site personnel
- Sales tax review for different activities (conference registration, PyLadies auction tickets, lead retrieval, tshirt donations)
- Review of sales at PyCon US
- Registration for California sales tax license
- Set up/ payments for travel grants, tutorials, keynotes
- Review of keynote speech
- UBIT analysis for Expo Hall vendors (IRC §513(d) convention/trade show exception)
- Research of third parties selling items at PyCon
- Research nonprofit fundraising rules for promoting sponsor offsite events and insurance implications
- Reporting
- Granting JustWorks access to employment accounts and signing PoA forms for ongoing support (Mass, Minn, Cali)
- Registered Agent renewals (Utah, Massachusetts, North Carolina)
- Filing extension for 990
- Annual Reports (Wisconsin, Florida)
- Complete filing of 1042-S’s for 2025
- Wisconsin UI Quarterly Tax and Wage Report
- Continuing to work with state of Massachusetts regarding unemployment account access
- Requesting refund for Illinois employment tax overpayment
- Updating Washington state contact information
- Filing Washington 2025 Annual Excise Return
- Vermont quarterly wage reporting Q1 2026
- Registration for sales tax remittance with state of California
- Request certification of good standing from Delaware
- Correspondence with IRS regarding overdue payment on form 8955-SSA
- Research on Russia/OFAC sanctions compliance (General License 27 and domestic legal risk for NGO activities)
- Research and process creation for Honorarium return of PyCon 2025 speaker
- Human Resources
- Working with Accrue to get access to JustWorks and submit 401k withholding from paychecks that were missing
- Uploading employee docs to JustWorks (employee handbook)
- Final PTO payout for severed employees
- Review job posting for PyPI Sustainability Engineer
- Review staff PTO balances to ensure correct amounts transferred from Bamboo to JustWorks - correcting balances for all leave types
- Calls with Accrue and Vestwell regarding 401k plan transition
- Removing previous controller from Vestwell account
- Registering with Vestwell for plan transition
- Hartford Statutory Disability audit
- Enrolling in E-Verify to properly verify employee’s I-9s
- Offer letter and onboarding paperwork for new hire
- 401k transition monitoring
- Working with Vestwell for transition from Accrue to ensure 401k deductions are properly contributed
- Manual contributions for missed 401k deductions
- Director of Infrastructure compensation benchmarking
- New York safe/sick leave analysis for combined PTO policy
- Discussions with staff revolving around policy and structure updates to current employee handbook
- Working with ADP and BCBS regarding plan renewal in August
3.4 Loren Crary
- PyCon US
- Correspondence with current and prospective sponsors
- Contract negotiation with current and prospective sponsors
- Assessing and pursuing grant opportunities
- Drafting and revising strategic public communications
- PyCon US planning support
- Board relations
- Strategic Planning support
- Strategic team management and support
- Policy review support
- Managing Programs Director & Community Communications Manager
3.5 Marie Nordin
- PyCon US
- PSF Booth
- Coordination of onsite logistics, volunteer team, staffing, inventory, meet & greets, social media, and oversight of everything PSF Booth related
- Organized and ran the Python Developer Survey Open Space
- Attended and participated in Strategic Plan Open Space
- Sponsorship benefit communications - On demand press release/posts (NVIDIA & HRT) - Ongoing social media posts
- Communications support - Social media posts for tutorials, sponsor presentations, community booths, startup row, and misc - Daily during conference email writing/editing - Attendee emails editing
- PSF Booth
- Strategic Plan
- Review and commentary on strategic plan
- Communications
- Coordination and editing of blog posts and social communications related to strategic plan
- Support strategic plan specific office hours
- CSA Communications & Coordination
- Writing/editing blog posts & arranging presentation of awards
- Board Election
- Project management & communications
- Oversight of CiviCRM updates for new Packaging Council (PC) election
- Communications liaison for PC election
- Annual Impact Report
- On pause, should pick up soon with 2025 financials incoming
- Grants Transparency Report
- Generation of graphs
- Analysis & write up
- Q2 Newsletter
- Coordination of content, editing, publication
- Administration
- Grants WG/Community Partner Program
- Fellows WG
- D&I WG
- Meetup Pro Network
- Office hours
- Miscellaneous communications support
3.6 Seth Larson
- PyCon US 2026
- The bulk of the work in May was preparations for and executing the Python Software Foundation's premier conference: PyCon US 2026. Here's a non-exhaustive list of work to bring "Security" to PyCon US:
- Delivered an Alpha-Omega × PSF review and "looking forward" as a sponsored talk slot on behalf of Alpha-Omega.
- Developers-in-Residence "Meet-and-Greet" at the PSF Booth during Opening Ceremony.
- Session Chair for the new Security Talk Track. The track was very successful, we had multiple talks that over-filled the room to standing room only.
- PSF Security Update following keynote with Mike.
- Sprints! Discussed archive formats for wheel 2.0 to avoid differential attacks and developed a new security policy and threat model for CPython.
- Writing a blog post about PyCon US 2026 with links to all talks on YouTube once available.
- The bulk of the work in May was preparations for and executing the Python Software Foundation's premier conference: PyCon US 2026. Here's a non-exhaustive list of work to bring "Security" to PyCon US:
- EuroPython 2026
- Registered and booked EuroPython travel. EuroPython runs July 12th->17th.
- Submitted to the Python Language Summit a talk about the Python Security Response Team. Will be covering the Language Summit as the "blogger" as I've done in previous years.
- Will be speaking during the normal talk tracks about the Python Security Response Team, Security Policies, and Threat Models.
- UN Open Source Week 2026
- Registered and booked UN Open Source Week travel. Will be participating in the Alpha-Omega / Sovereign Tech Agency “Maintain-a-thon”. June 21st->27th.
- Vulnerabilities, Security Policy
- Began using Scrutineer along with Claude Max to scan repositories for Python and Python packaging. Found and reported a few issues upstream, but nothing major or exciting. Gave some feedback to Andrew on Scrutineer and how it works, especially with asking for documentation about how to use Scrutineer with Claude Code instead of Claude AI.
- Developed a new security policy and basic threat model for CPython which includes:
- Explicit valuing of security response team member well-being over technical merit of a report.
- Banning reporters who do not respect the security policy repeatedly.
- How the Code of Conduct will be involved with security reports if necessary.
- What to include and how to format a vulnerability report.
- You can [see the security policy published](https://devguide.python.org/security/policy/) in the new ["Security" section of the Python Developer Guide](https://devguide.python.org/security/).
- I've tested this new policy against some existing reports with Claude and will publish some follow-up results from this testing.
- Audit of "[python.org](http://python.org)"
- Preparing for an audit of "python.org" which will be conducted by Trail of Bits in early June. This included signing a bunch of paperwork, determining the components to focus on for the audit, setting up a Slack Connect channel, and preparing all the repositories to receive security reports.
- Other items
- Multiple security project proposals, writing
- Discussing Alpha-Omega AI Security Engineer contract.
- Discussing security feature work with PyPI.
3.7 Mike Fiedler
- Malware Response
- The security inbox took in 451 messages in May, roughly 306 of them malware reports submitted through the web and API.
- About 80 were still pending review heading into June, a backlog from a conference-heavy month (more below).
- That backlog is in full removal and administrative follow-up, not initial user protection. Auto-quarantine runs without Mike at his desk, so user-facing exposure stayed low even as travel slowed the manual queue.
- A snapshot of the detection system in May shows:
- Of 233 distinct reported packages, 173 (74.2%) were auto-quarantined, with a median report-to-quarantine time of effectively zero: downloads were blocked before any manual review. Full removal followed at a median of about 23 hours, where the conference-month lag shows up, well after users were protected.
- Median total exposure (upload to first protective action) was about 1.3 hours, with a 90th percentile of about 66 hours.
- Reports from trusted observers, the signal that drives auto-quarantine, were 100% accurate across 209 reports, zero false positives.
- Reports corroborated by two or more independent observers were also 100% accurate; single-observer reports came in around 93%. That is the basis for letting trusted, corroborated reports trigger action automatically.
- One number needs explaining. Median detection time (upload to first report) was about 1.2 hours, but the average is much higher, skewed by a handful of long-dormant malicious packages uploaded years ago (some between 2017 and 2020) that retroactive scanning only surfaced this month. That is historical cleanup, not a regression; the median reflects how quickly newly uploaded malware is caught.
- On tooling, Mike shipped finer-grained response aimed at the threat his conference talks centered on: a malicious release inside an otherwise-legitimate project.
- [Per-release quarantine](https://github.com/pypi/warehouse/pull/20062) lets an admin quarantine a single bad release and its files while clearing the rest of the project, tracking release- and project-level lifecycle states independently.
- A [companion change](https://github.com/pypi/warehouse/pull/20068) stops a quarantined release from being advertised as the project's latest version (the treatment a yanked release gets), and a new [admin action removes a single malicious release](https://github.com/pypi/warehouse/pull/20092) outright. Together they contain a compromised release in place without taking down a legitimate project's entire history.
- Community Engagement and Conferences
- May was the year's main venue for sharing PyPI's security story, and Mike used it heavily.
- The talks shared a throughline: the threat (credential phishing and compromised legitimate packages), the answer (Trusted Publishing, which removes the long-lived credential entirely), and the validation (PyPI's recently completed second independent audit).
- At PyCon US 2026 in Long Beach, CA (May 13-19), which featured a new dedicated [Security track](https://us.pycon.org/2026/tracks/security/), Mike presented across the full week:
- Alpha-Omega sponsor presentation with Seth Larson, a year-in-review and look ahead
- Packaging Summit: "Limiting vectors and incentives for abuse"
- Security track: "Anatomy of a Phishing Campaign," walking through the real phishing attacks PyPI has weathered and what actually stops them
- Maintainer Summit: "And Now for Something Completely Legitimate," on supply-chain attacks delivered through compromised legitimate packages, plus a security roundtable for maintainers
- Main stage: the PSF Security Update with Seth
- Mike continued straight into two more events:
- Open Source Summit North America (May 19): a [Trusted Publishing talk](https://sched.co/2JQsc) and the Alpha-Omega roundtable
- OpenSSF Community Day (May 21): the keynote [Anatomy of a Phishing Campaign](https://openssfcdna2026.sched.com/event/2I44z/keynote-anatomy-of-a-phishing-campaign-mike-fiedler-python-software-foundation)
- Reaching maintainer and community audiences with concrete "what to do when the next one lands" guidance connects directly to the platform changes below.
- Thanks to Alpha-Omega and the Sovereign Tech Agency for making this travel possible.
- Limiting Abuse Vectors
- Themes from the Packaging Summit talk are starting to shape platform direction.
- Mike helped scope abuse-limiting levers: upload rate limits, the incentives around name squatting, handling of obfuscated binaries, and a longer-term "Upload 2.0" direction. That work is still taking shape, not shipping soon.
- One concrete hardening did land. Mike [closed a set of open-redirect vectors](https://github.com/pypi/warehouse/pull/20035) caused by URL-parser differentials, where a user-submitted URL (in project metadata, a Trusted Publisher claim, or a route parameter) could be crafted so PyPI's parser sees one destination while the browser visits another, via backslashes, percent-encoded characters, or embedded tabs and newlines.
- Open redirects on a trusted domain are exactly what a phishing campaign reaches for, so closing them removes a building block before it can be used.
- Mike also stood up a [support-repo autoresponder](https://github.com/pypi/support) to set expectations on the support queue and reduce manual load, and surfaced the [deployed commit SHA in page source](https://github.com/pypi/warehouse/pull/20047) so anyone can verify which build a page came from when diagnosing a deploy or cache issue.
- Trusted Publishing and Attestations
- Ongoing support: adding [pending-publisher counts to metrics](https://github.com/pypi/warehouse/pull/20017) for visibility into April's defense-in-depth work, diagnosing a GitLab error report, and reviewing [entry-point validation](https://github.com/pypi/warehouse/pull/20081).
- Mike also worked on the PyPI attestation style guide implementation (sync and design review), continuing the OpenSSF/PyPI collaboration on standardizing how attestations are produced and consumed.
- Infrastructure and Hygiene
- Routine maintenance kept the platform current and reduced risk:
- Upgraded to [Python 3.14.5](https://github.com/pypi/warehouse/pull/20066) and moved container images to [Debian trixie](https://github.com/pypi/warehouse/pull/20103).
- Shipped [Dependabot batches with security patches, including `trove-classifiers`](https://github.com/pypi/warehouse/pull/20087), [JavaScript security updates](https://github.com/pypi/warehouse/pull/20097), and a [CodeQL Action upgrade](https://github.com/pypi/warehouse/pull/20095).
- [Swapped a broken third-party GitHub Action for GitHub's first-party app-token action](https://github.com/pypi/warehouse/pull/20037), so one fewer third party touches PyPI's CI app private key and the minted token is revoked when the job ends instead of staying valid for an hour.
- Refactored search to use [`opensearch-py`'s built-in AWS signer, dropping a separate dependency](https://github.com/pypi/warehouse/pull/20091), and fixed [`ResourceWarning`s by closing file objects](https://github.com/pypi/warehouse/pull/20101).
- Reviewed and merged a Fastly contributor's [migration of email-domain validation to Fastly's Domain Research API](https://github.com/pypi/warehouse/pull/19997), replacing the Domainr API (used to validate registration email domains) that is being deprecated later this year.
- It ships alongside the old backend, gated behind an environment variable for a controlled rollout.
- Ecosystem Contributions
- Beyond PyPI itself, Mike contributed upstream to tools the project depends on
- He tested the `wtforms` 3.3.0 beta, wrote an `ast-grep` tool to find affected call sites, and [reported the findings upstream](https://github.com/pallets-eco/wtforms/issues/922#issuecomment-4556806071); added a [DNS-blocking feature to `pytest-socket`](https://github.com/miketheman/pytest-socket/pull/482); and contributed a [test-suite speedup to `pytest`](https://github.com/pytest-dev/pytest/pull/14441)
3.8 Jaime Barrera
June report not provided.
3.9 Jacob Coffee
- PyCon US
- IT/Infra Budget bookkeeping
- Post-conference reports for various team members
- Disabling registration, preparing for static archive sometime in July/August
- Audits for Stripe for Accounting team members
- PyCon US 2026 Execution
- On-site infrastructure: registration setup, check-in and Code of Conduct scanning, lead retrieval, schedule displays and digital signage, volunteer dashboard, open-spaces signups/boards, etc.
- Mobile app: push notifications, schedule and maps bug fixes. Worked with various sponsors on selling them or supporting their usage of lead retrieval
- Was sole on-call and paged overnight some times mid-conference for PyPI fix issues.
- Hiring (Infra Eng. & PyPI Eng.)
- Infrastructure Engineer: restarting interviews after final candidate(s) declined or were not a good fit. Pipeline remains warm (panel + warm referrals). Cycle drew ~230 applications down to 4 finalists. We are currently at 383 applicants.
- PyPI Revenue/Sustainability Engineer: role scoped, job description authored, recruiting underway, discussed with various folks at PyCon Italia, PyCon US, on the internets about the role scope.
- python.org Security Audit / Trail of Bits
- Assisted Seth and Hugo in deploying the production patch for the python.org download-metadata API authentication bypass (DEVCORE report; latent since 2014; patched, no evidence of exploitation), plus hardening and raising log retention from 3 to 30 (90?) days.
- Trail of Bits third-party audit ("Patch the Planet") confirmed for the week of June 1; scope covers python/release-tools and pythondotorg; draft report targeted ~June 13. Kickoff, Slack Connect channel, and intake complete, working through code review of various PRs and reports so far submitted.
- Board Strategic Plan Review / 2H26 Planning
- Stood up the strategy@python.org community-feedback address (worked through Mailman routing with Ee Durbin).
- Reviewed and edited the "Strategic Planning at the PSF" blog post (published ~May 11); reserved the Board Open Space (Sunday 2pm) at PyCon US for the planning cycle.
- Preparing on prioritizing 2H26 plans based on engineering doc [Strategic Planning](https://docs.google.com/document/d/1YEIiGOGtcpJsC6VfDMtsCGEQuJ1BbatFbn4v8fNL0JU/edit?tab=t.0) (I came up with this name first 😜)
- IT/Infra Budget Bookkeeping
- Hardware refresh budget: itemized terminals, iPads, Zebra badge printers, and check-in MacBook (current gear loses support after 2026); now own all staff equipment purchasing on a 3-year replacement cycle.
- Reconciling PyCon purchases into the budget sheet; split SurveyMonkey cost (1/12 PyCon, 11/12 PyPI)
- Recreating in-kind sponsorship tracking for tax reporting (Fastly contribution ~$4.5M/yr; 2025 and 2026 reports outstanding).
- Flagged a contract-scope risk: PyPI service agreements as written read as though we now owe support for anything PyPI-related.
- Responded to various pages (~11) around PyPI, core team infra, misc. PSF infra
- NVIDIA Partnership (PyPI)
- Met with NVIDIA at PyCon (May 16) on management APIs, org-scoped namespaces, private/curated index, and PEP 694 staged releases. NVIDIA is potentially willing to fund engineering, maybe support roles via SOW; contracting to start late summer 🤞🏽
- Other
- Launched a Permissions Audit project (GitHub, Stripe, Google Workspace; ≥2 owners per product) to be completed 2H26.
- PyPI scale/under-resourcing data for Fastly.
- Received access/transfer of GitLab PSF account after existing contract expired.
- Reviewing access for volunteers and severed team members now that PyCon US is over
3.10 Maria Ashna
June report not provided.
3.11 Kelly Ragland
Since this is my first report, I tried to capture things I have done to date and what I am working on currently.
September 2025 – June 2026
- COMPLETED & OPERATIONAL
- Financial Systems & Automation
- Automated financial data pipelines: Built from scratch for five platforms, now fully operational:
- PayPal - individual receipt-level imports
- Stripe - batched payout groupings with reserve and payout journal entries
- Benevity - workplace giving
- Tidelift
- Fidelity Charitable
- Pipeline architecture: Each pipeline is built around how that platform actually moves money, outputting import-ready files coded to correct GL accounts and classes in QuickBooks Online.
- Fiscal sponsoree financial reporting system: Pulls live data from QBO via API, processes through a Python pipeline, generates formatted year-over-year pivot table worksheets, with the goal of distributing reports to all fiscal sponsoree programs via OneDrive. This is the primary financial view those programs have into their own activity.
- PEX pipeline: Explored and partially built an automation pipeline for PEX credit and debit transactions. Determined that maintaining automation alongside monthly operations exceeds current bandwidth; transitioning to Sutro Li to handle manually.
- Automated financial data pipelines: Built from scratch for five platforms, now fully operational:
- Donations, Grants & Sponsorship
- Accounts receivable ownership: Responsible for tracking all incoming wires and managing AR across the organization, including matching bank transactions across multiple platforms to ensure payments are correctly applied and recorded in QBO — streamlining the reconciliation process for Sutro Li.
- End-to-end donation and grant processing: Across all platforms and payment types.
- Sponsor invoicing: Full ownership including for fiscal sponsorees (previously a Controller function), with ongoing AR open invoice reporting.
- Donor and sponsor portal management.
- CiviCRM Administration
- Routine maintenance: Donor records and user access management.
- Complex troubleshooting: Including reconciliation with Stripe and QBO as needed.
- Fundraising Data Operations & Donor Reporting
- Data reconciliation infrastructure: Built a Python-based reconciliation script merging Stripe charge exports with CiviCRM records using a full outer join with flexible matching logic. Output flags each record as matched, unmatched in Stripe, or unmatched in CiviCRM. This is still a work in progress for next year. I had to do a lot of manual work to get this to a finished state this year.
- Donor counting methodology: Established a formal, auditable methodology for counting donors across aggregated and indirect giving channels (Benevity, GitHub Sponsors, fiscal sponsoree conference donations). Guiding principle: donors counted only when PSF has sufficient information to steward and re-solicit them. Fiscal sponsoree conference donors excluded from PSF totals — stewardship belongs to the sponsoree project.
- Donor report design: Designed report tracking giving across pre-fundraiser, during-fundraiser, and post-fundraiser periods based on Marie’s original report/spreadsheet.
- PyCon US 2026
- Managed invoicing and contracts for conference sponsors.
- Added all travel grant, keynote, and tutorial expenses to QBO.
- Supported Laura with payment processing
- Provided on-site support at the conference.
- Edited tutorial offer letters and coordinated sponsor registration categorization (e.g. Pi Health bulk registration via Stripe).
- Institutional Knowledge Reconstruction & Gap Coverage
- 1099 initial filing: Filed the organization’s initial 1099s under significant time pressure following the prior Controller’s departure and during the ED’s maternity leave — a process outside my prior experience and defined role, undertaken in close coordination with the ED to meet filing deadlines.
- Prior period audit: Audited the transition period between the prior Controller’s journal entry system and current processes (September–December 2025) to identify double-counting or missed entries. Ongoing — see In progress section.
- Prior period corrections: Identified and corrected journal entry errors inherited from the prior Controller’s system, including revising recording methodology for Stripe transactions — converting several months of net-only entries to gross income, expenses, and net in the Stripe passthrough account, leaving it correctly balanced at zero.
- Temp Staff Supervision
- Connor (accounts payable): December 2025–March 2026.
- Katie (Earth Class Mail processing, PSF Donations email moderation, PayPal transaction matching, QBO troubleshooting, and various other tasks): December 2025–present.
- Operational & Administrative
- ACH batch approvals in Pinnacle: Regular ongoing responsibility for authorizing payment batches.
- PSF-donations email: Regular moderation and management of the PSF-donations inbox.
- Adobe product renewal: Met with Adobe representative, coordinated and completed annual renewal of PSF’s Adobe products.
- Platform account access transitions: Invested significant time migrating login credentials and account access across 20+ platforms to ensure continuity of financial operations. This process is ongoing as lesser-known platforms surface. In several cases, coordinating with customer support was required due to 2FA being tied to the prior Controller's phone or other credentials no longer accessible to PSF.
- Fiscal Sponsoree Support — Completed Reports
- Initial year-over-year financial reports completed and reconciled against prior reports and QBO P&Ls for:
- BAPyA and subcategories (including PyBay)
- North Bay Python
- Pallets
- PuPPy
- PyBeach
- PyCascades
- PyLadies (and sub categories)
- PyOhio
- Twisted
- BAPyA highlight: Delivered the organization’s first financial report since 2023; met with incoming treasurer to walk through financials and establish an ongoing working relationship.
- PyOhio highlight: Joined their team by providing timely fundraiser data as they sought to give regular updates to their community and matching donor about fundraising totals.
- Liability insurance: Managing liability insurance renewals for fiscal sponsoree events, including evaluating coverage options and coordinating payments.
- Fiscal Sponsoree Event Sponsors: contracts and invoicing
- Regular meetings: Holding monthly and quarterly check-ins with fiscal sponsorees depending on need.
- Initial year-over-year financial reports completed and reconciled against prior reports and QBO P&Ls for:
- Misc Collaboration with Laura
- HR systems audit: Helped identify discrepancies between BambooHR and JustWorks PTO records across multiple leave categories, including auditing all employee records across both systems.
- PyCon Sales Tax: Calculating PyCon US 2026 taxable sales.
- Sutro Li — Transitional Collaboration
- Onboarding: Played an active role in onboarding Sutro Li and continue to collaborate on an ongoing basis as work is transitioned and new processes are established.
- Board financial reporting: Took ownership of preparing board-level reports in coordination with Sutro Li, applying a clear balance sheet and P&L framework and flagging preliminary figures appropriately. To start this in July.
- Stripe reconciliation: Identified a known 2024 Stripe discrepancy; proposed and agreed to implement a journal entry-based correction approach (rather than mass deletion/re-import); working directly with Robin at Sutro Li to reconcile and establish cleaner reporting going forward.
- Workflow improvements: Contributed practical ideas for document and workflow processes, including evaluating Dropbox-to-QBO linking options to streamline document routing.
- Financial Systems & Automation
- IN PROGRESS & ONGOING
- Financial Systems & Automation
- Board financial reporting pipeline: Continuing to develop and refine automated Board financial reporting — Python-based pipeline pulling live QBO data, producing summaries that are drillable for detail.
- Pipelines still in progress: GitHub Sponsors, Thanks.dev, Bill.com, PaylPal Giving, Cybergrants, and YourCause — each at various stages of completion.
- Monthly pipeline operations: Running all completed pipelines on an ongoing basis — initiating API pulls or downloading portal reports, running through Python scripts, importing into QBO, and performing transaction matching. Working toward a consistent monthly cadence as overall workload allows.
- Ongoing debugging and maintenance: As edge cases surface across all pipelines.
- Fiscal Sponsoree Support — Reports In Progress
- Initial reports in progress or still to be completed for:
- Bandit
- Jazzband
- Boston Python
- ChiPy
- PhillyPUG
- PyBoston
- PyHawaii
- PyMNtos
- PyPA
- PyRVA
- Python San Diego User Group
- The Packaging Workgroup
- Initial reports in progress or still to be completed for:
- Note on reconciliation effort: Each report requires reconciling against prior reports and QBO P&Ls and documenting or resolving discrepancies. This reconciliation has been substantially more time-intensive than report generation itself. My goal is to get a regular reporting schedule of monthly or quarterly depending on need.
- Prior Period & Reconciliation
- Prior period audit: Ongoing investigation into transition period entries (September–October 2025), including a remaining $534.10 discrepancy in CPython GitHub Sponsors records.
- Stripe 2024 reconciliation: Working with Robin at Sutro Li to resolve a known discrepancy in 2024 Stripe transaction records using a journal entry-based correction approach.
- Prior year catch-up: Simultaneously working to catch up on prior year financials while managing current-year workload.
- Receivables Workflow
- Building a sustainable workflow for staying on top of receivables across 10+ active payment and donation platforms — currently establishing processes while managing the volume of prior year catch-up work.
- Compliance
- SecurityMetrics compliance questionnaire: In progress, including a meeting with a SecurityMetrics representative to gain clarity on the process and requirements.
- Documentation
- Process and procedure documentation: Working toward comprehensive documentation for all financial pipelines and workflows built to date, so that work is reproducible, auditable, and not dependent on a single person
- Financial Systems & Automation
3.12 Abigail Mesrenyame Dogbe
June report not provided.
3.13 Sheena O'Connell
- PyCon US
- Education and outreach WG: working on getting more people involved in a few things
- Maybe Kelly P (from education summit) will join our WG
- Found a few folks who are keen to drive python educator community efforts on Guild of Educators.
- Local meetups:
- PyData JHB location wrangling and talk. Shared info about PSF
- JoziJS: Snuck in a Django talk
- PyCon South Africa:
- Sponsor hunting and various organising efforts
- PyCon Africa: Largely uninvolved, got chair to consider consequences of Ebola outbreak
3.14 Denny Perez
June report not provided.
3.15 Cristián Maureira-Fredes
- (May) PyConUS: A couple of discussions for the first Spanish Keynote, other meetings, and giving a talk.
- (May) PSF: Lots of reviews and discussions around the Strategic Plan.
- (May) PSF: Syncing with a few board members, and talking with other community folks around PyConUS.
- PSF: Usual discussions around the diff platforms, and having a couple of meetings with the EC.
- Community: EuroPython: Finalizing a few keynotes, and last talk slots for the conference, plus some meetings from the programme team
3.16 Simon Willison
June report not provided.
3.17 Jannis Leidel
June report not provided.
3.18 Georgi Ker
June report not provided.
3.19 KwonHan Bae
- PSF - participated in board discussions via Slack and email
- PSF - attended board meeting
- PSF - PyConUS
- COMMUNITY : Python Asia Organize
- COMMUNITY : PyCon KR Organize
- COMMUNITY : PyCon Busan Organize
- COMMUNITY : PyCon US 2026 Debriefing meetup in Korea
3.20 Tania Allard
June report not provided.
3.21 Cheuk Ting Ho
- Attended and spoke at events: Education Summit at PyCon US, PyCon IT and PyData London
3.22 Chris Neugebauer
June report not provided.
4 Work Group Reports
4.1 Code of Conduct
- Nothing to report at this time.
4.2 Grants
- Nothing to report at this time.
4.3 Sponsors
- Nothing to report at this time.
4.4 Marketing
- Nothing to report at this time.
4.5 Jobs
- Of the 583 Job submissions created in June 2026:
- 187 have status approved
- 5 have status archived
- 30 have status draft
- 153 have status expired
- 96 have status rejected
- 107 have status removed
- 5 have status review
4.6 Trademarks
- Nothing to report
4.7 Fellows
- Nothing to report
4.8 Packaging
- Nothing to report
4.9 Infrastructure
- Nothing to report
4.10 Scientific Python
- Nothing to report
4.11 Diversity & Inclusion Work Group
- Nothing to report
5 PSF Board Votes Approved by Email
- None at this time.
6 Votes Approved by Working Groups
6.1 Grants
- None at this time.
6.2 Sponsors
- None at this time.
6.3 Scientific Python
- None at this time.
7 Consent Agenda Resolutions
- None at this time.
8 New Business
- None at this time.
9 Discussions
- The board discussed a financial update from the fractional accounting firm.
- The board discussed the PyCon US 2026 keynote discrepancy and how it intersects with nonprofit best practices.
- The board discussed an update from the D&I workgroup and office hours.
- The board discussed a report out from the Python Survey results open space session.
- The board discussed the upcoming board elections.
- The board discussed an update on the strategic plan community and staff feedback.
Meeting adjourned at 14:30 UTC
