The Real Python Podcast

Welcoming PyPI's Safety & Security Engineer Mike Fiedler

Listen Later

You may remember a recent Python Package Index (PyPI) announcement about hiring a full-time security engineer. We’ve also mentioned several current security initiatives from PyPI. This week on the show, we talk with Mike Fiedler about accepting this new role and securing accounts on PyPI.

Mike talks about how he started as a contributor to PyPI and eventually became a maintainer. We dig into why he fits this new role well and what his responsibilities are.

We discuss the initiative to secure accounts using two-factor authentication (2FA) methods. Mike also explains how package maintainers can adopt a new, more secure publishing method called trusted publishing that doesn’t require long-lived passwords.

We also discuss Mike’s recent talk called “How to Give Back to Open Source Without Losing Your Mind.” Mike shares advice and resources for finding your own contribution entry points.

Course Spotlight: Publishing Python Packages to PyPI

In this video course, you’ll learn how to create a Python package for your project and how to publish it to PyPI, the Python Package Index. Quickly get up to speed on everything from naming your package to configuring it using setup.cfg.

Topics:

  • 00:00:00 – Introduction
  • 00:02:11 – PyPI Safety and Security Engineer
  • 00:05:21 – Why did you initially become a PyPI contributor?
  • 00:11:26 – What are you most excited about in your new role?
  • 00:12:02 – Current security concerns
  • 00:15:07 – Focus on malicious package reporting
  • 00:16:30 – 2FA enforcement and building trust
  • 00:26:51 – Managing credentials and password managers
  • 00:29:24 – Forms of 2FA
  • 00:31:48 – Trusted publishers
  • 00:38:08 – Video Course Spotlight
  • 00:39:28 – Updating an older project
  • 00:41:44 – Evolution of security
  • 00:43:06 – Typosquatting and evolving security
  • 00:49:13 – How To Give Back to Open Source Without Losing Your Mind
  • 00:52:48 – What are you excited about in the world of Python?
  • 00:54:45 – What do you want to learn next?
  • 00:57:06 – How can people follow your work online?
  • 00:57:37 – Thanks and goodbye

    • Show Links:

    • PyPI hires a Safety & Security Engineer - The Python Package Index
    • Inbound Malware Volume Report - The Python Package Index
    • 2FA Enforcement for New User Registrations - The Python Package Index
    • PyPI 2FA Security Key Giveaway - PyPI
    • Software Bill Of Materials - National Telecommunications and Information Administration
    • Introducing ‘Trusted Publishers’ - The Python Package Index
    • Trusted Publishers - Getting Started - PyPI Docs
    • How To Give Back to Open Source Without Losing Your Mind – vBrownBag
    • Good First Issues - OpenSauced
    • Good First Issues
    • Participation - Hacktoberfest 2023
    • Python Release Python 3.12.0 - Python.org
    • htmx - high power tools for html
    • The web framework for perfectionists with deadlines - Django
    • The Python Package Index - Blog
    • Mike Fiedler, Code Gardener (@[email protected]) - Fosstodon
    • Mike Fiedler, Code Gardener (@mikefiedler) / X
    • Mike Fiedler’s personal website

      • Level up your Python skills with our expert-led courses:

      • A Beginner's Guide to pip
      • Everyday Project Packaging With pyproject.toml
      • Publishing Python Packages to PyPI

        • Support the podcast & join our community of Pythonistas

        ...more
        View all episodesView all episodes
        Download on the App Store
        The Real Python PodcastBy Real Python
        • 4.7
        • 4.7
        • 4.7
        • 4.7
        • 4.7

        4.7

        139 ratings

        More shows like The Real Python Podcast

        View all
        The Changelog: Software Development, Open Source by Changelog Media

        The Changelog: Software Development, Open Source

        288 Listeners

        Software Engineering Daily by Software Engineering Daily

        Software Engineering Daily

        625 Listeners

        Talk Python To Me by Michael Kennedy

        Talk Python To Me

        579 Listeners

        Soft Skills Engineering by Jamison Dance and Dave Smith

        Soft Skills Engineering

        289 Listeners

        Super Data Science: ML & AI Podcast with Jon Krohn by Jon Krohn

        Super Data Science: ML & AI Podcast with Jon Krohn

        302 Listeners

        Python Bytes by Michael Kennedy and Brian Okken

        Python Bytes

        213 Listeners

        Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

        Syntax - Tasty Web Development Treats

        988 Listeners

        Darknet Diaries by Jack Rhysider

        Darknet Diaries

        8,088 Listeners

        Tech Brew Ride Home by Morning Brew

        Tech Brew Ride Home

        969 Listeners

        Practical AI by Practical AI LLC

        Practical AI

        200 Listeners

        AWS Podcast by Amazon Web Services

        AWS Podcast

        207 Listeners

        Django Chat by William Vincent and Carlton Gibson

        Django Chat

        75 Listeners

        Last Week in AI by Skynet Today

        Last Week in AI

        310 Listeners

        Machine Learning Street Talk (MLST) by Machine Learning Street Talk (MLST)

        Machine Learning Street Talk (MLST)

        100 Listeners

        The Pragmatic Engineer by Gergely Orosz

        The Pragmatic Engineer

        70 Listeners