Starting 2024 off strong for securing Python (SBOM, provenance, macOS build repro, software IDs, oh my!)

                January 9, 2024

            Starting 2024 off strong for securing Python (SBOM, provenance, macOS build repro, software IDs, oh my!)

            2024 has only just begun and there's already so much to talk about. Here's a summary of topics in the first weekly report for 2024 from the Security Developer-in-Residence role:
Publish provenance on PyPI using Trusted Publishers
Software Bill-of-Materials for CPython available sooner than 3.13.0
Diffoscope support for XAR format useful for macOS build reproducibility
Discussion of Software Identifiers, mainly Package URLs and why they're great.
Read more: https://sethmlarson.dev/security-developer-in-residence-weekly-report-24

Don't miss what's next. Subscribe to sethmlarson.dev:

Start the conversation: