Kairo de Araujo
I am an Open Source Software Engineer at VMware Inc, a staff member of the VMware Open Source Program Office (OSPO), working on the Security Supply Chain team.
Currently, I am focused on PyPI.org, Python-TUF, and some contributions to Tern Tools.
As a Software Engineer, I have contributed to Open Source and writing software since 2013.
I am a former system engineer; however, I use these technologies daily. I have long experience in Infrastructures such as Networking, Cloud, Virtualization, Storage Area Networks, and Storage Disks.
I have worked for IBM, ING, and Forescout in the past.
Sessions
PEP 458 uses cryptographic signing on PyPI to protect Python packages against attackers. In this talk we will share our lessons learned from the ongoing implementation work in PyPI/Warehouse with the Python community. How does PEP 458 work and what is TUF? What protection can it offer now and what does it enable in the future? And how am I affected as a Python developer and as a user?