Avoiding the "left-pad" problem: How to secure your pip install process

309287088ccfe196428a5dbe2b051c48?s=47 Aaron Bassett
September 17, 2016

Avoiding the "left-pad" problem: How to secure your pip install process

Video: https://www.youtube.com/watch?v=qt7TboNJGJg

When Azer Koçulu pulled 11 lines of code from npm he not only broke thousands of dependent packages but also prevented developers all over the world from deploying their code. This talk will show how you can harden your pip install process, ensure that packages have not been tampered with, protect against MITM attacks and even how to keep deploying if a package is deleted or if PyPI goes offline.

309287088ccfe196428a5dbe2b051c48?s=128

Aaron Bassett

September 17, 2016
Tweet