Completed
Improvement: The slow but inevitable death of setup.py
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Secure Software Supply Chains for Python
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Secure Software Supply Chains for Python PyCon US 2021
- 3 Developer Advocate @ Google • Director @ Python Software Foundation • Maintainer @ Python Package Index
- 4 Software Supply Chain Everything it takes to produce your software
- 5 Secure Software Supply Chain What is it?
- 6 Supply Chain Attacks Let's see some examples
- 7 Supply Chain Attack: Man-in-the-middle
- 8 Supply Chain Attack: Typosquatting
- 9 Supply Chain Attack: Dependency Confusion
- 10 Supply Chain Attack: Being a target of "research"
- 11 Supply Chain Attack: Getting SolarWinded
- 12 What we can do: HTTPS everywhere
- 13 What we can do: Use lockfiles
- 14 Version pins • Hashes X • Full dependency tree
- 15 An underused workflow Compiled Dependencies
- 16 What can we prevent with lockfiles?
- 17 What we can do: Vulnerability notifications
- 18 Improvemnt: Package Signing
- 19 Improvement: Fully audited/curated
- 20 Improvement: The slow but inevitable death of setup.py
- 21 Improvement: The Update Framework
- 22 Improvement: Namespaces on PyPI
- 23 Improvement: More funding for projects