You may remember a recent Python Package Index (PyPI) announcement about hiring a full-time security engineer. We’ve also mentioned several current security initiatives from PyPI. This week on the show, we talk with Mike Fiedler about accepting this new role and securing accounts on PyPI.
Mike talks about how he started as a contributor to PyPI and eventually became a maintainer. We dig into why he fits this new role well and what his responsibilities are.
We discuss the initiative to secure accounts using two-factor authentication (2FA) methods. Mike also explains how package maintainers can adopt a new, more secure publishing method called trusted publishing that doesn’t require long-lived passwords.
We also discuss Mike’s recent talk called “How to Give Back to Open Source Without Losing Your Mind.” Mike shares advice and resources for finding your own contribution entry points.
Course Spotlight: Publishing Python Packages to PyPI
In this video course, you’ll learn how to create a Python package for your project and how to publish it to PyPI, the Python Package Index. Quickly get up to speed on everything from naming your package to configuring it using setup.cfg
.
Topics:
Show Links:
Level up your Python skills with our expert-led courses: