Episode 343 – Stop trying to fix the open source software supply chain

Josh and Kurt talk about a blog post that explains there isn’t really an open source software supply chain. The whole idea of open source being one thing is incorrect, open source is really a lot of little things put together. A lot of companies and organizations get this wrong. Show Notes

Episode 332 – PyPI: 2FA or not 2FA, that is the question

Josh and Kurt talk about PyPI mandating two factor authentication for the top 1% of projects. It feels like a simple idea, but it’s not when you start to think about it. What problems does 2FA solve? How common are these attacks? What are the second and third order effects of mandating 2FA? This episodeContinue reading “Episode 332 – PyPI: 2FA or not 2FA, that is the question”