Talk Python To Me - Python Conversations For Passionate Developers

Do you worry about your developer / data science supply chain safety? All the packages for the Python ecosystem are much of what makes Python awesome. But the are also a bit of an open door to your code and machine. Luckily the PSF is taking this seriously and hired Mike Fiedler as the full time PyPI Safety & Security Engineer (not to be confused with the Security Developer in Residence staffed by Seth Michael Larson). Mike is here to give us the state of the PyPI security and plans for the future. Links from the show Mike on Twitter: @mikefiedler Mike on Mastodon: @miketheman@hachyderm.io Supply Chain examples SolarWinds: csoonline.com XcodeGhost: wikipedia.org Google Ad Malware: medium.com PyPI: pypi.org OWASP Top 10: owasp.org Trusted Publishers: docs.pypi.org libraries.io: libraries.io GitHub Full 2FA: github.blog Mike's Latest Blog Post: blog.pypi.org pprintpp package: github.com ICDiff: github.com Watch this episode on YouTube: youtube.com Episode transcripts: talkpython.fm --- Stay in touch with u