Python Packaging and PyPI in 2022
Episode #377,
published Sat, Aug 13, 2022, recorded Thu, Aug 11, 2022
PyPI has been in the news for a bunch of reasons lately. Many of them good. But also, some with a bit of drama or mixed reactions. On this episode, we have Dustin Ingram, one of the PyPI maintainers and one of the directors of the PSF, here to discuss the whole 2FA story, securing the supply chain, and plenty more related topics. This is another important episode that people deeply committed to the Python space will want to hear.
Background noise warning: Just wanted to apologize for a bit of background noise on my end (Dustin had amazing audio). We had construction at our place, which would have been fine. But work started on the ceiling right under my desk making much more noise than expected. I think we generally have it cleaned up, but there may be a few sounds sneaking through. Thanks for the understanding. :)
Links from the show
Background noise warning: Just wanted to apologize for a bit of background noise on my end (Dustin had amazing audio). We had construction at our place, which would have been fine. But work started on the ceiling right under my desk making much more noise than expected. I think we generally have it cleaned up, but there may be a few sounds sneaking through. Thanks for the understanding. :)
Links from the show
Dustin on Twitter: @di_codes
Hardware key giveaway: pypi.org
OpenSSF funds PyPI: openssf.org
James Bennet's take: b-list.org
Atomicwrites (left-pad on PyPI): reddit.com
2FA PyPI Dashboard: datadoghq.com
github 2FA - all users that contribute code by end of 2023: github.blog
GPG - not the holy grail: caremad.io
Sigstore for Python: pypi.org
pip-audit: pypi.org
PEP 691: peps.python.org
PEP 694: peps.python.org
Watch this episode on YouTube: youtube.com
Episode transcripts: talkpython.fm
--- Stay in touch with us ---
Subscribe to us on YouTube: youtube.com
Follow Talk Python on Mastodon: talkpython
Follow Michael on Mastodon: mkennedy
Hardware key giveaway: pypi.org
OpenSSF funds PyPI: openssf.org
James Bennet's take: b-list.org
Atomicwrites (left-pad on PyPI): reddit.com
2FA PyPI Dashboard: datadoghq.com
github 2FA - all users that contribute code by end of 2023: github.blog
GPG - not the holy grail: caremad.io
Sigstore for Python: pypi.org
pip-audit: pypi.org
PEP 691: peps.python.org
PEP 694: peps.python.org
Watch this episode on YouTube: youtube.com
Episode transcripts: talkpython.fm
--- Stay in touch with us ---
Subscribe to us on YouTube: youtube.com
Follow Talk Python on Mastodon: talkpython
Follow Michael on Mastodon: mkennedy