The core․py podcast wasn't dead, it was just sleeping! Pablo Galindo Salgado and I return to talk about the upcoming new REPL in #Python 3.13 ♒️

Join us for our signature professional takes just in time for 3.13 beta 1 and #PyConUS 🛜

#pypy #synthwave #chrząszcz

podcasters.spotify.com/pod/show/corep…

Check out the 2023 PSF Annual Impact Report! Includes for the first time an update on supply chain security.

🐍🛡

#opensource #python #oss #supplychain #security

🐍🛡️

This is huge news, GitHub Actions is providing build provenance for artifacts! 🤩

github.blog/changelog/2024…

The project I'm mentoring for adopting the @OpenSSF Hardened Compiler Options guide for C/C++ in CPython was accepted! 🎉

Recording is available for my talk on securing software ecosystems where they are! 💪

Software security tends to operate on a high-level, above individual ecosystems. What should we take into account when attempting to secure #opensource ecosystems?

youtube.com/watch?v=0CPJJZ…

Hm, this doesn't look like #Python 3.12.

Really exciting to see Python 'Publish Provenance' and PEP 740 moving forward! 🤩

github.com/pypi/warehouse…

New trust anchor (root zone KSK) for the DNS generated

Unlock the secrets to fortifying your Python projects and securing PyPI in our exclusive webinar! 💻 Join @PyPI experts as they share strategies to enhance your project's security posture. There's still time to register hubs.ly/Q02svkR70 #PythonSecurity #CyberSec #Webinar

'Do stuff and then blog about it' remains one of the most underrated pieces of career advice

Still in disbelief that we're getting a Paper Mario Thousand Year Door remake in a month! 😍 This game is incredible if you're into RPGs and story, one of my favorites.

I wrote about my time at #OSSummit North America 2024:

sethmlarson.dev/security-devel…

Open source can turn money into security and maintenance. Happy that this report dug into how diversification of funding sources benefits projects:

blog.tidelift.com/new-report-fro…

Not only can critics, journalists, and the public clown on the AI Pin that turned out to be complete rubbish; we *must* do. This is AI's Juicero moment. 404media.co/we-must-never-…

Been a minute since I've dug into an RFC, was starting to miss it! 😄

Thanks to Microsoft for supporting its #opensource dependencies like urllib3! 🙏

sethmlarson.dev/thanks-to-micr…

PyPI now has three new Trusted Publishing, thanks (in part) to our work at Trail of Bits! This realizes our goal of expanding Trusted Publishing to compute environments outside of GitHub Actions:

blog.pypi.org/posts/2024-04-…