AVOIDING THE "LEFT-PAD" PROBLEM: HOW TO SECURE YOUR PIP INSTALL PROCESS @aaronbassett getadministrate.com

@AARONBASSETT

getadministrate.com

What are packages?

“Most software today is very much like an Egyptian pyramid with millions of bricks piled on top of each other, with no structural integrity, but just done by brute force and thousands of slaves.” Alan Kay

PRODUCTION

QUALITY ASSURANCE

LOCAL DEVELOPMENT

• 40,000 pages of specifications • 420,000 • 17 lines of code errors in last 11 versions

THE ONLY BUG FREE CODE IS NO CODE

ORPHAN PACKAGES

PIP TOOLS TO THE RESUCE

pip-sync

"LEFT-PAD" PROBLEM

KEEP IT LOCAL

PIP HASH

hashin 0.6.0

• Inspect code before installing • Be your own Pypi • Use pip-compile and pip-sync • Hash all the things

THANK YOU @aaronbassett getadministrate.com