I propose to release version 3.8.3 soon, fixing a collection of security vulnerabilities.
Although I have passed on the release manager hat to @tfmorris, he has enough on his plate with the release process for 3.9, so I am trying to assist by taking on this task, in the interest of releasing security fixes without too much delay.
Concerning the Apple notarization issue, CS&S is currently hiring someone who should be able to apply with Apple to regain access to our Apple Developer account. If I understood correctly they should be starting to work this week, but I expect it will take a bit longer before they regain access to the account and accept the new terms of service there, letting us notarize new releases again.
If you are aware of other important issues to fix in 3.8 let me know.
I don't think a fiscal host should be the only ones holding the keys to the Apple Developer account? We should have a member of the core team as a backup, yes?
@antonin_d are you not a bit concerned about that? It feels like a risk to be put back into the same situation in the future. I trust them, don't get me wrong, it's just that we should have backups in place within the core team, don't you think?
If we want to get the subscription fees waived, the account holder has to be a non-profit, so in our case CS&S. Individual developers can then be added to the account (but with restricted permissions, not letting them approve new terms and conditions for instance). Otherwise, individual developers could get their own account, but then that's not something that can be transferred when they come and go.