Starting 2024 off strong for securing Python (SBOM, provenance, macOS build repro, software IDs, oh my!)
2024 has only just begun and there's already so much to talk about. Here's a summary of topics in the first weekly report for 2024 from the Security Developer-in-Residence role:
Publish provenance on PyPI using Trusted Publishers
Software Bill-of-Materials for CPython available sooner than 3.13.0
Diffoscope support for XAR format useful for macOS build reproducibility
Discussion of Software Identifiers, mainly Package URLs and why they're great.
Read more: https://sethmlarson.dev/security-developer-in-residence-weekly-report-24
Don't miss what's next. Subscribe to sethmlarson.dev:
Start the conversation: