DiscoverTalk Python To Me#435: PyPI Security
#435: PyPI Security

#435: PyPI Security

Update: 2023-10-25
Share

Description

Do you worry about your developer / data science supply chain safety? All the packages for the Python ecosystem are much of what makes Python awesome. But the are also a bit of an open door to your code and machine. Luckily the PSF is taking this seriously and hired Mike Fiedler as the full time PyPI Safety & Security Engineer (not to be confused with the Security Developer in Residence staffed by Seth Michael Larson). Mike is here to give us the state of the PyPI security and plans for the future.



Episode sponsors



Sentry Error Monitoring, Code TALKPYTHON

Talk Python Courses



Links from the show



Mike on Twitter: @mikefiedler

Mike on Mastodon: @miketheman@hachyderm.io



Supply Chain examples

SolarWinds: csoonline.com

XcodeGhost: wikipedia.org

Google Ad Malware: medium.com



PyPI: pypi.org

OWASP Top 10: owasp.org

Trusted Publishers: docs.pypi.org

libraries.io: libraries.io

GitHub Full 2FA: github.blog

Mike's Latest Blog Post: blog.pypi.org

pprintpp package: github.com

ICDiff: github.com

Watch this episode on YouTube: youtube.com

Episode transcripts: talkpython.fm



--- Stay in touch with us ---

Subscribe to us on YouTube: youtube.com

Follow Talk Python on Mastodon: talkpython

Follow Michael on Mastodon: mkennedy
Comments 
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

#435: PyPI Security

#435: PyPI Security

Michael Kennedy (@mkennedy)