AI-powered
podcast player
Listen to all your favourite podcasts with AI-powered features
#377: Python Packaging and PyPI in 2022
Talk Python To Me
Package Signing Is Not the Holy Grail
3min Snip
00:00
Summary
Transcript
Episode notes
Short lived tokens directly from your cloud provider? Ye, essentially it works for the copo cloud and a couple other things. People just say it's a little bit like the two f a stuff,. If you just sign your packages to prove they come from you, everything is going to be fine unless the person just goes rogue. There's issues with web of trust, like actually establishing o great, like, you'v signed this thing, but how do i establish that the person that signed it is actually a person that i trust? And thot tome one's provided me with a malicious public right?
Get the Snipd
podcast app
Unlock the knowledge in podcasts with the podcast player of the future.
AI-powered
Discover
highlights
Listen to the best highlights from the podcasts you love and dive into the full episode
Save any
moment
Hear something you like? Tap your headphones to save it with AI-generated key takeaways
Share
& Export
Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more
AI-powered
podcast player
Listen to all your favourite podcasts with AI-powered features
Discover
highlights
Listen to the best highlights from the podcasts you love and dive into the full episode