The chapter delves into the importance of strict lock files for applications versus libraries, focusing on consistency and compatibility issues. It explores the significance of software supply chain security, committing lock files, and understanding PEP 517 and 518 standards. The conversation further discusses modern packaging improvements, code performance optimization, transferring locked dependencies, and the role of tools like PIP compile and Pants build in managing dependencies.
We've spoken previously about security and software supply chains and we are back at it this episode. We're diving in again with Charles Coggins. Charles works at a software supply chain company and is on to give us the insiders and defender's perspective on how to keep our Python apps and infrastructure safe.
Episode sponsors
Sentry Error Monitoring, Code TALKPYTHON
Mailtrap
Talk Python Courses
Links from the show