BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//programme.europython.eu//europython-2023//speaker//8SJZJ
 T
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-europython-2023-ETSMPK@programme.europython.eu
DTSTART;TZID=CET:20230720T143500
DTEND;TZID=CET:20230720T150500
DESCRIPTION:[PEP 458](https://peps.python.org/pep-0458/) uses cryptographic
  signing on [PyPI](https://pypi.org) to protect Python packages against at
 tackers. The implementation of the PEP inspired the [Repository Service fo
 r TUF (RSTUF)](http://repository-service-tuf.readthedocs.io/)\, a project 
 [accepted into the OpenSSF sandbox](https://github.com/ossf/tac/pull/137).
  We identified that the design could benefit other organizations and repos
 itories looking to secure their software supply chains.\nIn this talk we w
 ould answer the following questions: \n- How did the PEP 458 design help t
 o start the Repository Service for TUF (RSTUF)?\n- How could RSTUF be used
  for PyPI with its millions of packages?\n- How can RSTUF be deployed by a
 ny organization at any scale without requiring TUF expertise?\n\nAdditiona
 lly\, in this talk\, we would give an overview of PEP 458\, how it works\,
  and give a high-level overview of TUF.
DTSTAMP:20260520T134643Z
LOCATION:South Hall 2A
SUMMARY:PEP 458 a solution not only for PyPI - Kairo de Araujo\, Martin Vra
 chev
URL:https://programme.europython.eu/europython-2023/talk/ETSMPK/
END:VEVENT
END:VCALENDAR