Who’s Keeping the Python Ecosystem Safe?

Опубликовано: 05 Июнь 2024
на канале: The New Stack
1,771
6

Mike Fiedler, a PyPI safety and security engineer at the Python Software Foundation, prefers the title “code gardener,” reflecting his role in maintaining and securing open source projects. Recorded at PyCon US, Fiedler explains his task of “pulling the weeds” in code—handling unglamorous but crucial aspects of open source contributions. Since August, funded by Amazon Web Services, Fiedler has focused on enhancing the security of the Python Package Index (PyPI). His efforts include ensuring that both packages and the pipeline are secure, emphasizing the importance of vetting third-party modules before deployment.

One of Fiedler’s significant initiatives was enforcing mandatory two-factor authentication (2FA) for all PyPI user accounts by January 1, following a community awareness campaign. This transition was smooth, thanks to proactive outreach. Additionally, the foundation collaborates with security researchers and the public to report and address malicious packages.

In late 2023, a security audit by Trail of Bits, funded by the Open Technology Fund, identified and quickly resolved medium-sized vulnerabilities, increasing PyPI's overall security. More details on Fiedler's work are available in the full interview video.

Here's the article to go along with the video podcast: https://thenewstack.io/whos-keeping-t...

Learn more from The New Stack about PyPl:

PyPI Strives to Pull Itself Out of Trouble
https://thenewstack.io/pypi-strives-t...

Poisoned Lolip0p PyPI Packages
https://thenewstack.io/poisoned-lolip...

How Python Is Evolving
https://thenewstack.io/how-python-is-...

Join our community of newsletter subscribers to stay on top of the news and at the top of your game. https://thenewstack.io/newsletter/


Смотрите видео Who’s Keeping the Python Ecosystem Safe? онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь The New Stack 05 Июнь 2024, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 1,77 раз и оно понравилось людям.