Now on at #PyconUS2022 is @di_codes talking about Securing the Open Source Supply Chain.
ABC’s of software supply chain
Artifact: ie a file on PyPi
Attestation: evidence or proof that something happened
Advisory: public disclosure, CVEs
Build: build process produces artifacts
Certificate: easier now, with LetsEncrypt
Digest: hash digest, not reversible
Ephemeral: used once and thrown away (in context of cryptographic keys and signing)
F: Fuzzing (vary inputs)
G: Google
Hardware keys: best path for 2FA
Identity: unique and verifiable
Joe Biden: Executive Order
Key: verify signature by keyholder
Lockfile: pipfile.lock
On now at #PyCon#PyConUS2022: Brandt Bucher on Python’s Structural Pattern Matching. He works at Microsoft working on improving Python performance with @gvanrossum.
Advice for getting started speaking at conferences:
Don’t be afraid to throw your hat into the ring. “I have nothing new to say, it’s all been covered” is a myth that I hear beginners perpetuate as a way to talk themselves out of speaking. It's not true.
What an audience is genuinely interested in is your unique perspective, your story, and the way you tell it. Storytelling is as much a part of a great talk as technical knowledge.
@brandon_rhodes is one of the best storytellers in our community, and his talks are a great resource for becoming familiar with the technique.