sethmlarson.dev

Archives
Log in
Subscribe
January 24, 2024

Security Developer-in-Residence weekly report #26: Releases on PyPI are never "done"

This is the 26th weekly report for the Security Developer-in-Residence role:

  • Discussion of open-ended PyPI releases and PEP 740 (digital attestations on PyPI)

  • Software Bill-of-Materials work is progressing, updates for latest round of feedback from downstream distributors of Python.

  • Two new Developer-in-Residence roles filled by the PSF!

Read more: https://sethmlarson.dev/security-developer-in-residence-weekly-report-26

Don't miss what's next. Subscribe to sethmlarson.dev:
← Newer Software Bill-of-Materials documents are now available for CPython Older → New article: Defending against the PyTorch supply chain attack PoC

Add a comment:

You're not signed in. Posting this comment will subscribe you to this newsletter with the email address you enter below.
Share this email:
Share on Hacker News Share on Reddit Share via email Share on Mastodon Share on Bluesky
sethmlarson.dev
Bluesky
Mastodon
Powered by Buttondown, the easiest way to start and grow your newsletter.