pypi

This story was originally published on HackerNoon at: https://hackernoon.com/step-by-step-guide-to-publishing-your-first-python-package-on-pypi-using-poetry-lessons-learned.
Learn to create, prepare, and publish a Python package to PyPI using Poetry. Follow our step-by-step guide to streamline your package development process.
Check more stories related to programming at: https://hackernoon.com/c/programming. You can also check exclusive content about #python, #python-tutorials, #python-tips, #python-development, #python-programming, #python-packages, #package-management, #pypi, and more.

This story was written by: @viachkon. Learn more about this writer by checking @viachkon's about page, and for more stories, please visit hackernoon.com.

Poetry automates many tasks for you, including publishing packages. To publish a package, you need to follow several steps: create an account, prepare a project, and publish it to PyPI.

Josh and Kurt talk about PyPI suspending new accounts and packages for a day, and a 60 minutes story about deepfakes. The problems are mostly the same, but for very different reasons. The world is changing faster than we can keep up, so what is a human to do?

Show Notes

• PyPI Repository Under Attack: User Sign-Ups and Package Uploads Temporarily Halted](https://thehackernews.com/2023/05/pypi-repository-under-attack-user-sign.html)
• 60 minutes reporter voice clone
• Cooridor Crew deepfakes
• Certificate bit flip
• Candy is delicious

Josh and Kurt talk about a blog post that explains there isn't really an open source software supply chain. The whole idea of open source being one thing is incorrect, open source is really a lot of little things put together. A lot of companies and organizations get this wrong.

Show Notes

• Iliana's Twitter
• There is no “software supply chain”
• Google supply chain blog
• GitHub ansi_term advisory
• PyPI 2FA Dashboard
• tarfile issue rediscovered in 2022

Josh and Kurt talk about PyPI mandating two factor authentication for the top 1% of projects. It feels like a simple idea, but it's not when you start to think about it. What problems does 2FA solve? How common are these attacks? What are the second and third order effects of mandating 2FA? This episode should have something for everyone on all sides of this discussion to violently disagree with.

Show Notes

• PyPI announcement
• NPM expired domains
• Morten Linderud Tweet
• Congratulations: We Now Have Opinions on Your Open Source Contributions

Full #twitch VOD here (prime sub or paid sub required):  https://www.twitch.tv/videos/1528342722

https://github.com/untitaker/python-atomicwrites

https://thehackernews.com/2022/07/pypi-repository-makes-2af-security.html

Twitch streams (175+ hours of content!):
Https://twitch.tv/brakesec

www.brakeingsecurity.com

Twitter:

@infosystir

@boettcherpwned

@brakesec

@bryanbrake