To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Got it!
Artwork

Real Python Data Science Python2 Python3 Learn Python Django Programming Development Dev Open Source Software Python Tech Prog Languages Code Test
Content provided by Real Python. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Real Python or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

Similar to The Real Python Podcast

Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

The Real Python Podcast « »
Welcoming PyPI's Safety & Security Engineer Mike Fiedler

58:31
 
Play
Playing
Share
 

MP3Episode home
Manage episode 381080928 series 2637014
Content provided by Real Python. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Real Python or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

You may remember a recent Python Package Index (PyPI) announcement about hiring a full-time security engineer. We’ve also mentioned several current security initiatives from PyPI. This week on the show, we talk with Mike Fiedler about accepting this new role and securing accounts on PyPI.

Mike talks about how he started as a contributor to PyPI and eventually became a maintainer. We dig into why he fits this new role well and what his responsibilities are.

We discuss the initiative to secure accounts using two-factor authentication (2FA) methods. Mike also explains how package maintainers can adopt a new, more secure publishing method called trusted publishing that doesn’t require long-lived passwords.

We also discuss Mike’s recent talk called “How to Give Back to Open Source Without Losing Your Mind.” Mike shares advice and resources for finding your own contribution entry points.

Course Spotlight: Publishing Python Packages to PyPI

In this video course, you’ll learn how to create a Python package for your project and how to publish it to PyPI, the Python Package Index. Quickly get up to speed on everything from naming your package to configuring it using setup.cfg.

Topics:

  • 00:00:00 – Introduction
  • 00:02:11 – PyPI Safety and Security Engineer
  • 00:05:21 – Why did you initially become a PyPI contributor?
  • 00:11:26 – What are you most excited about in your new role?
  • 00:12:02 – Current security concerns
  • 00:15:07 – Focus on malicious package reporting
  • 00:16:30 – 2FA enforcement and building trust
  • 00:26:51 – Managing credentials and password managers
  • 00:29:24 – Forms of 2FA
  • 00:31:48 – Trusted publishers
  • 00:38:08 – Video Course Spotlight
  • 00:39:28 – Updating an older project
  • 00:41:44 – Evolution of security
  • 00:43:06 – Typosquatting and evolving security
  • 00:49:13 – How To Give Back to Open Source Without Losing Your Mind
  • 00:52:48 – What are you excited about in the world of Python?
  • 00:54:45 – What do you want to learn next?
  • 00:57:06 – How can people follow your work online?
  • 00:57:37 – Thanks and goodbye

Show Links:

Level up your Python skills with our expert-led courses:

Support the podcast & join our community of Pythonistas

  continue reading

211 episodes

#Real Python #Data Science #Python2 #Python3 #Learn Python #Django #Programming #Development #Dev #Open Source #Software #Python #Tech #Prog Languages #Code #Test
Artwork

Welcoming PyPI's Safety & Security Engineer Mike Fiedler

The Real Python Podcast

625 subscribers

published

Play Playing
iconShare
 
MP3Episode home
Manage episode 381080928 series 2637014
Content provided by Real Python. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Real Python or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

You may remember a recent Python Package Index (PyPI) announcement about hiring a full-time security engineer. We’ve also mentioned several current security initiatives from PyPI. This week on the show, we talk with Mike Fiedler about accepting this new role and securing accounts on PyPI.

Mike talks about how he started as a contributor to PyPI and eventually became a maintainer. We dig into why he fits this new role well and what his responsibilities are.

We discuss the initiative to secure accounts using two-factor authentication (2FA) methods. Mike also explains how package maintainers can adopt a new, more secure publishing method called trusted publishing that doesn’t require long-lived passwords.

We also discuss Mike’s recent talk called “How to Give Back to Open Source Without Losing Your Mind.” Mike shares advice and resources for finding your own contribution entry points.

Course Spotlight: Publishing Python Packages to PyPI

In this video course, you’ll learn how to create a Python package for your project and how to publish it to PyPI, the Python Package Index. Quickly get up to speed on everything from naming your package to configuring it using setup.cfg.

Topics:

  • 00:00:00 – Introduction
  • 00:02:11 – PyPI Safety and Security Engineer
  • 00:05:21 – Why did you initially become a PyPI contributor?
  • 00:11:26 – What are you most excited about in your new role?
  • 00:12:02 – Current security concerns
  • 00:15:07 – Focus on malicious package reporting
  • 00:16:30 – 2FA enforcement and building trust
  • 00:26:51 – Managing credentials and password managers
  • 00:29:24 – Forms of 2FA
  • 00:31:48 – Trusted publishers
  • 00:38:08 – Video Course Spotlight
  • 00:39:28 – Updating an older project
  • 00:41:44 – Evolution of security
  • 00:43:06 – Typosquatting and evolving security
  • 00:49:13 – How To Give Back to Open Source Without Losing Your Mind
  • 00:52:48 – What are you excited about in the world of Python?
  • 00:54:45 – What do you want to learn next?
  • 00:57:06 – How can people follow your work online?
  • 00:57:37 – Thanks and goodbye

Show Links:

Level up your Python skills with our expert-led courses:

Support the podcast & join our community of Pythonistas

  continue reading

211 episodes

#Real Python #Data Science #Python2 #Python3 #Learn Python #Django #Programming #Development #Dev #Open Source #Software #Python #Tech #Prog Languages #Code #Test

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Similar to The Real Python Podcast

Listen to 500+ topics
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

Quick Reference Guide

Top Podcasts
The Bill Simmons Podcast
PTI
First Take
Marketplace
Comedy of the Week
The Bugle
How Did This Get Made?
Doug Loves Movies
Planet Money
TED Talks Daily
NBC Nightly News with Lester Holt
The World This Hour
Daily Boost Motivation and Coaching
Radiolab
Science Friday
This American Life
Criminal
Sword and Scale
In The Dark
Player FM logo
Help/FAQ | Upgrade | Advertise
Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion
Science|Soccer|Sports|Storytelling|Technology|True Crime
Copyright 2024 | Sitemap | Privacy Policy | Terms of Service | | Copyright
Episode being played series thumbnail
icon icon
Speed
Series settings
1x
1x
Volume
100%
icon
icon icon
/

View Player FM in...
Player FM
Browser
Chrome
Safari
Firefox