Presented “Cheese Must Stand: Defending the Python Library Ecosystem in 2025” with Srishti Hegde at PyCon US 2025 in Pittsburgh. The talk walks through recent supply chain attacks on Python package infrastructure (the Ultralytics token breach, the NP6 typosquatting attack). We then talk through mitigations: Sigstore provenance, SLSA, SBOMs, and where an alternative secure index fits in.
Cheese Must Stand
Defending the Python Library Ecosystem — PyCon US 2025