How well do you know your software supply chain? When you PIP install a package, what steps can you take to minimize the risk of installing something malicious? This week on the show, we have Dustin Ingram, a director of the Python Software Foundation (PSF) and a maintainer of the Python Package Index (PyPI).
We talk about Dustin’s PyCon 2021 talk titled “Secure Software Supply Chains for Python”. Dustin shares the types of attacks you should be aware of and how you can make your supply chain more trustworthy. We cover tools, techniques, and best practices.
Dustin also discusses what it takes to keep the Python Package Index running and the players working to keep it going into the future.
Course Spotlight: A Beginner’s Guide to Pip
This course is a great introduction to pip for those who are getting started Python, and for those who want to understand more about what is happening when you install new packages into your environment. It’s a worthy investment of your time to understand the fundamentals of pip.
Topics:
Show Links:
Level up your Python skills with our expert-led courses: