Avoiding the "left-pad" problem: How to secure your pip install process

Aaron Bassett | Saturday 15:30 | Ferrier Hall

When Azer Ko├žulu pulled 11 lines of code from npm he not only broke thousands of dependent packages but also prevented developers all over the world from deploying their code. This talk will show how you can harden your pip install process, ensure that packages have not been tampered with, protect against MITM attacks and even how to keep deploying if a package is deleted or if PyPI goes offline.

Link to video | Link to slides