Talk Python to Me is a weekly podcast hosted by developer and entrepreneur Michael Kennedy. We dive deep into the popular packages and software developers, data scientists, and incredible hobbyists doing amazing things with Python. If you're new to Python, you'll quickly learn the ins and outs of the community by hearing from the leaders. And if you've been Pythoning for years, you'll learn about your favorite packages and the hot new ones coming out of open source.

#435: PyPI Security

October 25, 2023 01:03:23 61.12 MB Downloads: 0
Do you worry about your developer / data science supply chain safety? All the packages for the Python ecosystem are much of what makes Python awesome. But the are also a bit of an open door to your code and machine. Luckily the PSF is taking this seriously and hired Mike Fiedler as the full time PyPI Safety & Security Engineer (not to be confused with the Security Developer in Residence staffed by Seth Michael Larson). Mike is here to give us the state of the PyPI security and plans for the future.

Links from the show

Mike on Twitter: @mikefiedler
Mike on Mastodon: @miketheman@hachyderm.io

Supply Chain examples
SolarWinds: csoonline.com
XcodeGhost: wikipedia.org
Google Ad Malware: medium.com

PyPI: pypi.org
OWASP Top 10: owasp.org
Trusted Publishers: docs.pypi.org
libraries.io: libraries.io
GitHub Full 2FA: github.blog
Mike's Latest Blog Post: blog.pypi.org
pprintpp package: github.com
ICDiff: github.com
Watch this episode on YouTube: youtube.com
Episode transcripts: talkpython.fm

--- Stay in touch with us ---
Subscribe to us on YouTube: youtube.com
Follow Talk Python on Mastodon: talkpython
Follow Michael on Mastodon: mkennedy

Sponsors
Sentry Error Monitoring, Code TALKPYTHON
Talk Python Training