PyCon Pittsburgh. April 15-23, 2020.

Talk: TUFening PyPI: Securing the Package Supply Chain

Presented by:

Paul Kehrer, William Woodruff

Description

Every time you fetch a package from the Python Package Index (PyPI) you’re making an implicit security decision. However, the security implications of package indexes are not typically well understood by developers. What guarantees does PyPI provide? What are the threats? What is The Update Framework (TUF) and how does it help? Join us on a tour through the past, present, and future of PyPI’s security.