PyPI & Supply Chain Security
11-09, 19:00–19:20 (UTC), Room 3

The Python Package Index (PyPI) is one of the oldest software repositories for a language ecosystem and the canonical place to publish Python code. It serves more than 2 billion requests a day, and is almost entirely supported by volunteers and the non-profit Python Software Foundation.

In this talk, we'll review some recent supply-chain attacks and how they relate to PyPI specifically. In addition, we'll take a look at some in-progress projects to make PyPI more resilient, secure and sustainable.

Dustin Ingram is a director at the Python Software Foundation, a maintainer of the Python Package Index, and a Developer Advocate at Google.