The chapter emphasizes the importance of pinning dependencies in software development to ensure stability and security, discussing the risks of not doing so and the benefits of using lock files. It explores the significance of explicit versions over version ranges, different choices of lock files in Python development, and the process of converting loose requirements files into strict lock files. The conversation also covers managing transitive closures, potential security risks of dependency resolution, and the historical development of Python packaging tools.
We've spoken previously about security and software supply chains and we are back at it this episode. We're diving in again with Charles Coggins. Charles works at a software supply chain company and is on to give us the insiders and defender's perspective on how to keep our Python apps and infrastructure safe.
Episode sponsors
Sentry Error Monitoring, Code TALKPYTHON
Mailtrap
Talk Python Courses
Links from the show