Python Packaging and PyPI in 2022 - Talk Python to Me Ep.377

Опубликовано: 01 Январь 1970
на канале: Talk Python

1,416

PyPI has been in the news for a bunch of reasons lately. Many of them good. But also, some with a bit of drama or mixed reactions. On this episode, we have Dustin Ingram, one of the PyPI maintainers and one of the directors of the PSF, here to discuss the whole 2FA story, securing the supply chain, and plenty more related topics. This is another important episode that people deeply committed to the Python space will want to hear.

Background noise warning: Just wanted to apologize for a bit of background noise on my end (Dustin had amazing audio). We had construction at our place, which would have been fine. But work started on the ceiling right under my desk making much more noise than expected. I think we generally have it cleaned up, but there may be a few sounds sneaking through. Thanks for the understanding. :)

▬▬▬▬ About the podcast ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬

This video is the uncut, live recording of the Talk Python To Me podcast ( https://talkpython.fm ). We cover Python-focused topics every week and publish the edited and polished version in audio form. Subscribe in your podcast player of choice (100% free) at https://talkpython.fm/subscribe.

▬▬▬▬ Guests ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬

Dustin on Twitter: / di_codes

▬▬▬▬ Links and resources from the show ▬▬▬▬▬▬▬▬▬▬▬▬

Hardware key giveaway: https://pypi.org/security-key-giveaway/
OpenSSF funds PyPI: https://openssf.org/blog/2022/06/20/o...
James Bennet's take: https://www.b-list.org/weblog/2022/ju...
Atomicwrites (left-pad on PyPI): / pypi_moves_to_require_2fa_for_critical_pro...
2FA PyPI Dashboard: https://p.datadoghq.com/sb/7dc8b3250-...
github 2FA - all users that contribute code by end of 2023: https://github.blog/2022-05-04-softwa...
GPG - not the holy grail: https://caremad.io/posts/2013/07/pack...
Sigstore for Python: https://pypi.org/project/sigstore/
pip-audit: https://pypi.org/project/pip-audit/
PEP 691: https://peps.python.org/pep-0691/
PEP 694: https://peps.python.org/pep-0694/

Listen this episode on Talk Python: https://talkpython.fm/episodes/show/3...
Episode transcripts: https://talkpython.fm/episodes/transc...

▬▬▬▬ Dive deeper ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
Listen to the Talk Python To Me podcast at https://talkpython.fm Over 250 hours of Python courses at https://training.talkpython.fm/courses Follow us on on Mastodon. Michael: https://fosstodon.org/@mkennedy & Talk Python https://fosstodon.org/@talkpython