We're hiring a Security Developer in Residence! This a contract role so we can consider remote candidates from anywhere the US can do business with. https://pyfound.blogspot.com/2023/01/the-psf-is-hiring-security-developer-in.html
Sounds good @jobsfordevelopers
Could you please expand the "secrets" library (or your memory model) to allow for secret strings that must not be swapped to disk or auto-relocated in memory? An official method for erasing these objects would also help.
It should not be this difficult or fraught to input and use passcodes and keys in #Python.
TYVM #infosec #passwords
@tasket Thanks for writing, but our social media account isn't the most effective place for a feature request. You might want to see if others are already working on a patch for the functionality you want and/or find out if other community members have a workaround they use that could also help you.
Look at this! A 3 year long hand-sitting session over a basic security feature other FOSS projects like Debian implemented decades ago on a shoestring budget.
https://discuss.python.org/t/pep-458-secure-pypi-downloads-with-package-signing/2648/135
Seems to me the Python official sites are just there to take ppl's infosec ideas and bury them. I'd rather complain on social media, thanks.
@tasket Oh, please complain or discuss all you like! Everything in Python is done by community consensus, so you can talk to us here, but we can't force community decisions from our Mastodon account. We don't have a process for taking comments here and adding them to the ongoing community discussions but we also aren't trying to hide those discussions from people who contact us here.
@zleap @jobsfordevelopers Thanks for sharing!