YoVDO

Improving Package Repository Security - From White Papers to Practice

Offered By: Linux Foundation via YouTube

Tags

Software Security Courses npm Courses PyPi Courses The Update Framework Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the challenges and solutions in improving package repository security in this 42-minute conference talk by Jussi Kukkonen from Google. Delve into the evolution of community package repositories like PyPI and NPM, examining the obstacles hindering the adoption of modern security practices. Learn about practical examples, including PyPI's efforts to integrate The Update Framework (TUF). Discover the proposed Repository Playground collaboration project, aimed at defining best practices and workflows beyond white papers. Gain insights into topics such as community package repositories, signature problems, TUF implementation, PEP458, PEP480, and suggestions for improving security in the wider ecosystem.

Syllabus

Introduction
The problem
Community package repositories
The problem with signatures
How to make signing viable
The update framework
What is a tough implementation
What is a role
Example repository
PEP458
PEP480
PEP480 in use
Suggestions
Simple vs Complex
What could the PEPs do better
The wider ecosystem
QuestionsComments


Taught by

Linux Foundation

Tags

Related Courses

Front-End Web UI Frameworks and Tools
The Hong Kong University of Science and Technology via Coursera
Using Open Source Web Tooling to Improve Development Proficiency
Microsoft via edX
Front-End Web UI Frameworks and Tools: Bootstrap 4
The Hong Kong University of Science and Technology via Coursera
Diseñando páginas web con Bootstrap 4
Universidad Austral via Coursera
React 101 - basics complete & latest. Forms, routing, async
Udemy