The Real Python Podcast

Welcoming PyPI's Safety & Security Engineer Mike Fiedler


Listen Later

You may remember a recent Python Package Index (PyPI) announcement about hiring a full-time security engineer. We’ve also mentioned several current security initiatives from PyPI. This week on the show, we talk with Mike Fiedler about accepting this new role and securing accounts on PyPI.

Mike talks about how he started as a contributor to PyPI and eventually became a maintainer. We dig into why he fits this new role well and what his responsibilities are.

We discuss the initiative to secure accounts using two-factor authentication (2FA) methods. Mike also explains how package maintainers can adopt a new, more secure publishing method called trusted publishing that doesn’t require long-lived passwords.

We also discuss Mike’s recent talk called “How to Give Back to Open Source Without Losing Your Mind.” Mike shares advice and resources for finding your own contribution entry points.

Course Spotlight: Publishing Python Packages to PyPI

In this video course, you’ll learn how to create a Python package for your project and how to publish it to PyPI, the Python Package Index. Quickly get up to speed on everything from naming your package to configuring it using setup.cfg.

Topics:

  • 00:00:00 – Introduction
  • 00:02:11 – PyPI Safety and Security Engineer
  • 00:05:21 – Why did you initially become a PyPI contributor?
  • 00:11:26 – What are you most excited about in your new role?
  • 00:12:02 – Current security concerns
  • 00:15:07 – Focus on malicious package reporting
  • 00:16:30 – 2FA enforcement and building trust
  • 00:26:51 – Managing credentials and password managers
  • 00:29:24 – Forms of 2FA
  • 00:31:48 – Trusted publishers
  • 00:38:08 – Video Course Spotlight
  • 00:39:28 – Updating an older project
  • 00:41:44 – Evolution of security
  • 00:43:06 – Typosquatting and evolving security
  • 00:49:13 – How To Give Back to Open Source Without Losing Your Mind
  • 00:52:48 – What are you excited about in the world of Python?
  • 00:54:45 – What do you want to learn next?
  • 00:57:06 – How can people follow your work online?
  • 00:57:37 – Thanks and goodbye
  • Show Links:

    • PyPI hires a Safety & Security Engineer - The Python Package Index
    • Inbound Malware Volume Report - The Python Package Index
    • 2FA Enforcement for New User Registrations - The Python Package Index
    • PyPI 2FA Security Key Giveaway - PyPI
    • Software Bill Of Materials - National Telecommunications and Information Administration
    • Introducing ‘Trusted Publishers’ - The Python Package Index
    • Trusted Publishers - Getting Started - PyPI Docs
    • How To Give Back to Open Source Without Losing Your Mind – vBrownBag
    • Good First Issues - OpenSauced
    • Good First Issues
    • Participation - Hacktoberfest 2023
    • Python Release Python 3.12.0 - Python.org
    • htmx - high power tools for html
    • The web framework for perfectionists with deadlines - Django
    • The Python Package Index - Blog
    • Mike Fiedler, Code Gardener (@[email protected]) - Fosstodon
    • Mike Fiedler, Code Gardener (@mikefiedler) / X
    • Mike Fiedler’s personal website
    • Level up your Python skills with our expert-led courses:

      • A Beginner's Guide to pip
      • Everyday Project Packaging With pyproject.toml
      • Publishing Python Packages to PyPI
      • Support the podcast & join our community of Pythonistas

        ...more
        View all episodesView all episodes
        Download on the App Store

        The Real Python PodcastBy Real Python

        • 4.7
        • 4.7
        • 4.7
        • 4.7
        • 4.7

        4.7

        134 ratings


        More shows like The Real Python Podcast

        View all
        Hanselminutes with Scott Hanselman by Scott Hanselman

        Hanselminutes with Scott Hanselman

        377 Listeners

        Software Engineering Radio - the podcast for professional software developers by se-radio@computer.org

        Software Engineering Radio - the podcast for professional software developers

        265 Listeners

        The Changelog: Software Development, Open Source by Changelog Media

        The Changelog: Software Development, Open Source

        287 Listeners

        LINUX Unplugged by Jupiter Broadcasting

        LINUX Unplugged

        262 Listeners

        Thoughtworks Technology Podcast by Thoughtworks

        Thoughtworks Technology Podcast

        41 Listeners

        Talk Python To Me by Michael Kennedy

        Talk Python To Me

        585 Listeners

        Software Engineering Daily by Software Engineering Daily

        Software Engineering Daily

        628 Listeners

        Super Data Science: ML & AI Podcast with Jon Krohn by Jon Krohn

        Super Data Science: ML & AI Podcast with Jon Krohn

        295 Listeners

        Python Bytes by Michael Kennedy and Brian Okken

        Python Bytes

        213 Listeners

        Data Engineering Podcast by Tobias Macey

        Data Engineering Podcast

        140 Listeners

        Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

        Syntax - Tasty Web Development Treats

        987 Listeners

        CoRecursive: Coding Stories by Adam Gordon Bell - Software Developer

        CoRecursive: Coding Stories

        186 Listeners

        DataFramed by DataCamp

        DataFramed

        269 Listeners

        Practical AI by Practical AI LLC

        Practical AI

        190 Listeners

        The Stack Overflow Podcast by The Stack Overflow Podcast

        The Stack Overflow Podcast

        63 Listeners