PyPI has been in the news for a bunch of reasons lately. Many of them good. But also, some with a bit of drama or mixed reactions. On this episode, we have Dustin Ingram, one of the PyPI maintainers and one of the directors of the PSF, here to discuss the whole 2FA story, securing the supply chain, and plenty more related topics. This is another important episode that people deeply committed to the Python space will want to hear.
Links from the show
Dustin on Twitter : @di_codes
Hardware key giveaway : pypi.org
OpenSSF funds PyPI :
openssf.org
James Bennet's take :
b-list.org
Atomicwrites (left-pad on PyPI) :
reddit.com
2FA PyPI Dashboard :
datadoghq.com
github 2FA - all users that contribute code by end of 2023 :
github.blog
GPG - not the holy grail :
caremad.io
Sigstore for Python : pypi.org
pip-audit : pypi.org
PEP 691 : peps.python.org
PEP 694 : peps.python.org
Watch this episode on YouTube :
youtube.com
Episode transcripts :
talkpython.fm
--- Stay in touch with us ---
Subscribe to us on YouTube : youtube.com
Follow Talk Python on Twitter :
@talkpython
Follow Michael on Twitter : @mkennedy
Sponsors
RedHat
IRL Podcast
Talk Python Training