If you're a first time reader, welcome! π Below are the articles that I'm most proud of so if you're looking for a place to start then look no further:
Python and SLSA π
Supply chain Layers for Software Artifacts (SLSA) is a framework of tools to generate and verify provenance for software artifacts.
How can these tools be put to use in existing Python packages to attest to provenance of wheels and source distributions on PyPI?
Preparing for the wave of open source funding
Financial support is becoming more frequent and in higher amounts for open source projects. From the perspective of
urllib3 which has seen success in this area, what are some ways that projects can prepare themselves to ride the wave?
People in your software supply chain
Open source is entering a new era of scrutiny driven by organizations digging into their dependencies. Let's remember that the most important dependency we're relying on won't show up in your lock files, it's people!
Security for package maintainers
Package maintainers have extremely privileged accounts with any unauthorized access having the potential to affect millions of users. What are some secure account configurations and best practices that can keep this nightmare scenario from happening to you?
How does UTF-8 turn βπβ into βF09F9882β?
Deep-dive into how the UTF-8 encoding works bit-by-bit with hand-crafted flow chart diagrams along with some historical perspective.