Talk Python to Me is a weekly podcast hosted by developer and entrepreneur Michael Kennedy. We dive deep into the popular packages and software developers, data scientists, and incredible hobbyists doing amazing things with Python. If you're new to Python, you'll quickly learn the ins and outs of the community by hearing from the leaders. And if you've been Pythoning for years, you'll learn about your favorite packages and the hot new ones coming out of open source.
…
continue reading
תוכן מסופק על ידי Real Python. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Real Python או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
דומה לThe Real Python Podcast
Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Join our weekly discussion about how to build top end Angular applications and become an Angular expert. Become a supporter of this podcast: https://www.spreaker.com/podcast/adventures-in-angular--6102018/support.
…
continue reading
Get ready for a weekly dose of all things Enterprise Software and Cloud Computing! Join us as we dive into topics including Kubernetes, DevOps, Serverless, Security and Coding. Plus, we’ll keep you entertained with plenty of off-topic banter and nonsense. Don’t worry if you miss the latest industry conference - we’ve got you covered with recaps of all the latest news from AWS, Microsoft Azure, Google Cloud Platform (GCP) and the Cloud Native Computing Foundation (CNCF).
…
continue reading
This podcast talks about how to program in Java; not your tipical system.out.println("Hello world"), but more like real issues, such as O/R setups, threading, getting certain components on the screen or troubleshooting tips and tricks in general. The format is as a podcast so that you can subscribe to it, and then take it with you and listen to it on your way to work (or on your way home), and learn a little bit more (or reinforce what you knew) from it.
…
continue reading
A podcast about web design and development.
…
continue reading
Stay current on JavaScript, Node, and Front-End development. Learn from experts in programming, careers, and technology every week. Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
…
continue reading
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !
התחל במצב לא מקוון עם האפליקציה Player FM !
))
Securing Your Python Software Supply Chain With Dustin Ingram
Manage episode 296502817 series 2637014
תוכן מסופק על ידי Real Python. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Real Python או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
How well do you know your software supply chain? When you PIP install a package, what steps can you take to minimize the risk of installing something malicious? This week on the show, we have Dustin Ingram, a director of the Python Software Foundation (PSF) and a maintainer of the Python Package Index (PyPI).
We talk about Dustin’s PyCon 2021 talk titled “Secure Software Supply Chains for Python”. Dustin shares the types of attacks you should be aware of and how you can make your supply chain more trustworthy. We cover tools, techniques, and best practices.
Dustin also discusses what it takes to keep the Python Package Index running and the players working to keep it going into the future.
Course Spotlight: A Beginner’s Guide to Pip
This course is a great introduction to pip for those who are getting started Python, and for those who want to understand more about what is happening when you install new packages into your environment. It’s a worthy investment of your time to understand the fundamentals of pip.
Topics:
- 00:00:00 – Introduction
- 00:01:51 – Developer Advocate at Google
- 00:04:34 – A director of the PSF
- 00:06:27 – A maintainer of PyPI
- 00:12:29 – Secure Software Supply Chains for Python - PyCon 2021
- 00:15:53 – Do I need to be a security expert as a Python developer?
- 00:17:23 – Typo-squatting of package names
- 00:19:46 – Sponsor: Scout APM
- 00:20:52 – Dependency confusion and private repos
- 00:26:00 – What are some best practices?
- 00:31:55 – How to lessen the scale of “I don’t know what I don’t know”?
- 00:36:33 – Tools and techniques that can help
- 00:44:11 – Video Course Spotlight
- 00:45:30 – Namespaces on PyPI
- 00:53:03 – What does it take to power the Python Package Index?
- 01:01:57 – What are you excited about in the world of Python?
- 01:03:55 – What do you want to learn next?
- 01:05:52 – What is something you thought you knew about Python, but were wrong about it?
- 01:08:46 – Shout outs and social information
- 01:10:16 – Thanks and goodbye
Show Links:
- Dustin Ingram: Personal Website
- Python on Google Cloud
- Cloud Run: Develop and deploy highly scalable containerized applications on a fully managed serverless platform
- Python Software Foundation
- PSF Membership FAQ
- PyPI: The Python Package Index
- Secure Software Supply Chains for Python: PyCon 2021 - YouTube
- pip Documentation: Requirements Files
- pip Documentation: Hash-Checking Mode
- PEP-0440: Direct references for pip
- pip-tools: pip-tools keeps your pinned dependencies fresh
- PyPA: Python Packaging User Guide
- The Update Framework (TUF)
- tuf: A secure updater framework for Python
- pipx: Install and Run Python Applications in Isolated Environments
- How to Publish an Open-Source Python Package to PyPI - Real Python Article
- Poetry: Python packaging and dependency management made easy
- PyUp: Python Dependency Security
- Dependabot: Automated dependency updates
- Why Package Signing is not the Holy Grail: Donald Stufft
- Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies
- What Is Pip? A Guide for New Pythonistas - Real Python Article
- A ‘Worst Nightmare’ Cyberattack: The Untold Story Of The SolarWinds Hack
- Security scanners for Python and Docker: from code to dependencies
- What does it take to power the Python Package Index?
Level up your Python skills with our expert-led courses:
203 פרקים
שתפו
Manage episode 296502817 series 2637014
תוכן מסופק על ידי Real Python. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Real Python או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
How well do you know your software supply chain? When you PIP install a package, what steps can you take to minimize the risk of installing something malicious? This week on the show, we have Dustin Ingram, a director of the Python Software Foundation (PSF) and a maintainer of the Python Package Index (PyPI).
We talk about Dustin’s PyCon 2021 talk titled “Secure Software Supply Chains for Python”. Dustin shares the types of attacks you should be aware of and how you can make your supply chain more trustworthy. We cover tools, techniques, and best practices.
Dustin also discusses what it takes to keep the Python Package Index running and the players working to keep it going into the future.
Course Spotlight: A Beginner’s Guide to Pip
This course is a great introduction to pip for those who are getting started Python, and for those who want to understand more about what is happening when you install new packages into your environment. It’s a worthy investment of your time to understand the fundamentals of pip.
Topics:
- 00:00:00 – Introduction
- 00:01:51 – Developer Advocate at Google
- 00:04:34 – A director of the PSF
- 00:06:27 – A maintainer of PyPI
- 00:12:29 – Secure Software Supply Chains for Python - PyCon 2021
- 00:15:53 – Do I need to be a security expert as a Python developer?
- 00:17:23 – Typo-squatting of package names
- 00:19:46 – Sponsor: Scout APM
- 00:20:52 – Dependency confusion and private repos
- 00:26:00 – What are some best practices?
- 00:31:55 – How to lessen the scale of “I don’t know what I don’t know”?
- 00:36:33 – Tools and techniques that can help
- 00:44:11 – Video Course Spotlight
- 00:45:30 – Namespaces on PyPI
- 00:53:03 – What does it take to power the Python Package Index?
- 01:01:57 – What are you excited about in the world of Python?
- 01:03:55 – What do you want to learn next?
- 01:05:52 – What is something you thought you knew about Python, but were wrong about it?
- 01:08:46 – Shout outs and social information
- 01:10:16 – Thanks and goodbye
Show Links:
- Dustin Ingram: Personal Website
- Python on Google Cloud
- Cloud Run: Develop and deploy highly scalable containerized applications on a fully managed serverless platform
- Python Software Foundation
- PSF Membership FAQ
- PyPI: The Python Package Index
- Secure Software Supply Chains for Python: PyCon 2021 - YouTube
- pip Documentation: Requirements Files
- pip Documentation: Hash-Checking Mode
- PEP-0440: Direct references for pip
- pip-tools: pip-tools keeps your pinned dependencies fresh
- PyPA: Python Packaging User Guide
- The Update Framework (TUF)
- tuf: A secure updater framework for Python
- pipx: Install and Run Python Applications in Isolated Environments
- How to Publish an Open-Source Python Package to PyPI - Real Python Article
- Poetry: Python packaging and dependency management made easy
- PyUp: Python Dependency Security
- Dependabot: Automated dependency updates
- Why Package Signing is not the Holy Grail: Donald Stufft
- Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies
- What Is Pip? A Guide for New Pythonistas - Real Python Article
- A ‘Worst Nightmare’ Cyberattack: The Untold Story Of The SolarWinds Hack
- Security scanners for Python and Docker: from code to dependencies
- What does it take to power the Python Package Index?
Level up your Python skills with our expert-led courses:
203 פרקים
All episodes
×
ברוכים הבאים אל Player FM!
Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.
דומה לThe Real Python Podcast
Talk Python to Me is a weekly podcast hosted by developer and entrepreneur Michael Kennedy. We dive deep into the popular packages and software developers, data scientists, and incredible hobbyists doing amazing things with Python. If you're new to Python, you'll quickly learn the ins and outs of the community by hearing from the leaders. And if you've been Pythoning for years, you'll learn about your favorite packages and the hot new ones coming out of open source.
…
continue reading
Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Join our weekly discussion about how to build top end Angular applications and become an Angular expert. Become a supporter of this podcast: https://www.spreaker.com/podcast/adventures-in-angular--6102018/support.
…
continue reading
Get ready for a weekly dose of all things Enterprise Software and Cloud Computing! Join us as we dive into topics including Kubernetes, DevOps, Serverless, Security and Coding. Plus, we’ll keep you entertained with plenty of off-topic banter and nonsense. Don’t worry if you miss the latest industry conference - we’ve got you covered with recaps of all the latest news from AWS, Microsoft Azure, Google Cloud Platform (GCP) and the Cloud Native Computing Foundation (CNCF).
…
continue reading
This podcast talks about how to program in Java; not your tipical system.out.println("Hello world"), but more like real issues, such as O/R setups, threading, getting certain components on the screen or troubleshooting tips and tricks in general. The format is as a podcast so that you can subscribe to it, and then take it with you and listen to it on your way to work (or on your way home), and learn a little bit more (or reinforce what you knew) from it.
…
continue reading
A podcast about web design and development.
…
continue reading
Stay current on JavaScript, Node, and Front-End development. Learn from experts in programming, careers, and technology every week. Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
…
continue reading
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !
התחל במצב לא מקוון עם האפליקציה Player FM !
