Log in

goodpods headphones icon

To access all our features

Open the Goodpods app
Close icon
The Real Python Podcast - Securing Your Python Software Supply Chain With Dustin Ingram

Securing Your Python Software Supply Chain With Dustin Ingram

The Real Python Podcast

07/02/21 • 71 min

plus icon
bookmark
Share icon

How well do you know your software supply chain? When you PIP install a package, what steps can you take to minimize the risk of installing something malicious? This week on the show, we have Dustin Ingram, a director of the Python Software Foundation (PSF) and a maintainer of the Python Package Index (PyPI).

We talk about Dustin’s PyCon 2021 talk titled “Secure Software Supply Chains for Python”. Dustin shares the types of attacks you should be aware of and how you can make your supply chain more trustworthy. We cover tools, techniques, and best practices.

Dustin also discusses what it takes to keep the Python Package Index running and the players working to keep it going into the future.

Course Spotlight: A Beginner’s Guide to Pip

This course is a great introduction to pip for those who are getting started Python, and for those who want to understand more about what is happening when you install new packages into your environment. It’s a worthy investment of your time to understand the fundamentals of pip.

Topics:

  • 00:00:00 – Introduction
  • 00:01:51 – Developer Advocate at Google
  • 00:04:34 – A director of the PSF
  • 00:06:27 – A maintainer of PyPI
  • 00:12:29 – Secure Software Supply Chains for Python - PyCon 2021
  • 00:15:53 – Do I need to be a security expert as a Python developer?
  • 00:17:23 – Typo-squatting of package names
  • 00:19:46 – Sponsor: Scout APM
  • 00:20:52 – Dependency confusion and private repos
  • 00:26:00 – What are some best practices?
  • 00:31:55 – How to lessen the scale of “I don’t know what I don’t know”?
  • 00:36:33 – Tools and techniques that can help
  • 00:44:11 – Video Course Spotlight
  • 00:45:30 – Namespaces on PyPI
  • 00:53:03 – What does it take to power the Python Package Index?
  • 01:01:57 – What are you excited about in the world of Python?
  • 01:03:55 – What do you want to learn next?
  • 01:05:52 – What is something you thought you knew about Python, but were wrong about it?
  • 01:08:46 – Shout outs and social information
  • 01:10:16 – Thanks and goodbye

Show Links:

07/02/21 • 71 min

plus icon
bookmark
Share icon

Featured in these lists

Generate a badge

Get a badge for your website that links back to this episode

Select type & size
Open dropdown icon
share badge image

<a href="https://goodpods.com/podcasts/the-real-python-podcast-186798/securing-your-python-software-supply-chain-with-dustin-ingram-17007673"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to securing your python software supply chain with dustin ingram on goodpods" style="width: 225px" /> </a>

Copy