sethmlarson.dev

Subscribe
Archives
January 9, 2024

Starting 2024 off strong for securing Python (SBOM, provenance, macOS build repro, software IDs, oh my!)

2024 has only just begun and there's already so much to talk about. Here's a summary of topics in the first weekly report for 2024 from the Security Developer-in-Residence role:

  • Publish provenance on PyPI using Trusted Publishers

  • Software Bill-of-Materials for CPython available sooner than 3.13.0

  • Diffoscope support for XAR format useful for macOS build reproducibility

  • Discussion of Software Identifiers, mainly Package URLs and why they're great.

Read more: https://sethmlarson.dev/security-developer-in-residence-weekly-report-24

Don't miss what's next. Subscribe to sethmlarson.dev:
Start the conversation:
Blog GitHub X
Powered by Buttondown, the easiest way to start and grow your newsletter.