CRob discusses package repository security with two people who know a lot about the topic. Zach Steindler is a principal engineer at Github, a member of the OpenSSF TAC and co-chairs the OpenSSF Security Packages Repository Working Group. Jack Cable is a senior technical advisor at CISA. Earlier this year, Zach and Jack published a helpful guide of best practices called “Principles for Package Repository Security.”
- 00:48 - Jack and Zach share their backgrounds
- 02:59 - What package repositories are and why they’re important to open source users
- 04:17 - The positive impact package security has on downstream users
- 07:06 - Jack and Zach offer insight into the "Prinicples for Package Repository Security" document
- 11:18 - Future endeavors of the Securing Software Repositories Working Group
- 17:32 - Jack and Zach answer CRob’s rapid-fire questions
- 19:31 - Advice for those entering the industry
- 21:28 - Jack and Zach share their calls to action
Episode links:
