Every time you fetch a package from the Python Package Index (PyPI) you’re making an implicit security decision. However, the security implications of package indexes are not typically well understood by developers. What guarantees does PyPI provide? What are the threats? What is The Update Framework (TUF) and how does it help? Join us on a tour through the past, present, and future of PyPI’s security.