Seth Michael Larson

Blogging about Python and the Internet

Get paid to contribute to urllib3 (Newsletter #7)

Published 2022-06-21 — ❤︎ Subscribe for more via the newsletter or RSS

Announcing urllib3's bounty program

The urllib3 team is excited to announce the start of our bounty program!

We’ve recognized that one of the biggest challenges to shipping v2.0 is not having enough time to devote to contributions. Our bounty program is hoping to spur interest from the community in the urllib3 project and fairly pay contributors for their time and experience.

The bounty program works by marking issues with bounty amounts we’re willing to pay for anyone to complete an issue. Don't worry if you're not an existing contributor — new contributors are welcome and encouraged!

Bounty amounts start at $100 for small issues and most issues are $300 or more. Each issue includes a series of tasks that must be completed in order to receive the bounty. Bounties are paid out through our public Open Collective balance.

We’ve already seen early success from the “soft launch” of our bounty program. urllib3 maintainer Quentin Pradet tweeted about a single issue with a bounty and ended up generating enough interest for 3 new contributors to open 5 new pull requests! We’ve also already paid out for two bounties.

If you're interested we've documented the process which includes finding an issue with a bounty, completing the issue, and submitting an expense to Open Collective to be paid. If you have any questions about the process you can ask in our community Discord or by emailing a maintainer.

This bounty program is an experiment so we’re looking to learn how this model can work for our project and share our findings with the rest of the open source community.

Spotify sponsors urllib3 through their FOSS Fund

Spotify announced the recipients of the 2022 Spotify FOSS Fund and urllib3 was among the 8 projects receiving funding. urllib3 was awarded €13,000 from the total fund of €100,000. In the announcement post it was noted that Spotify had over 2400 dependencies and 59 nominations from staff which were narrowed down to 18 which met eligibility criteria and finally 8 projects which received funding.

Progress on urllib3 v2.0

The v2.0 milestone on GitHub tracks our progress towards the v2.0 release of urllib3. Since the last newsletter 7 issues have been closed, leaving only 8 open issues remaining for a v2.0 release. We’re hoping through our bounty program we’ll see an increase in velocity towards a v2.0 release!

Of the issues closed, here are the highlights:

  • Fixing all the links and references in our documentation and making type hints in documentation more user-friendly after the migration to BaseHTTPConnection (#2604)
  • Dropping support for the unsafe SSLv2 and SSLv3 for pyOpenSSL and SecureTransport TLS implementations (#2563)
  • Respecting SSLContext.hostname_checks_common_name setting if explicitly enabled by user (#2518)
  • Align the logic for connecting via TLS to a proxy and the destination (#2529)
  • Switched to Flit for our build system and configured reproducible builds for our releases (#2549)
  • Switched our chunked framing logic to work consistently in all situations (#2565)
  • Changed the sentinel FAILEDTELL to use valid type hints instead of object (#2519)

OpenSSL 3.0

Back in September of 2021 OpenSSL 3.0.0 was released. Some time after the release of OpenSSL 3.0 various operating systems like Ubuntu 22.04 and Fedora 36 have started using OpenSSL 3.0 instead of OpenSSL 1.1.1 as their default version of OpenSSL.

This is exciting news for OpenSSL but requires more testing for urllib3 to make sure code won't break when using this new OpenSSL release. Currently support for OpenSSL 3.0 in CPython at the time of writing is preliminary and experimental. To ensure urllib3 users don't experience failures when using OpenSSL 3.0 we've started testing against both OpenSSL 1.1.1 and 3.0 in our continuous integration. This includes testing against the cryptography package which is currently compiled with OpenSSL 3.0.3 starting in v37.0.0. This change was completed by Illia Volochii and rewarded as a part of our bounty program.


Enjoy this article? ❤︎ Subscribe for more via the newsletter or RSS
Built with SimpleGrid, FontAwesome, Flask, and more.