--- title: "Protecting the Collective Good - Dustin Ingram" tags: PyConAPAC2022, 2022-organize, 2022-共筆 --- # Protecting the Collective Good - Dustin Ingram {%hackmd 3JQH2UcwQ1e5RMgz4GRiKg %} <iframe src=https://app.sli.do/event/qhRpkD1Pz1uJsdjXtMiRgr height=450 width=100%></iframe> Slide link 投影片連結： YouTube link　演講影片連結：TBA > Collaborative writing start from below > 從這裡開始共筆 take aways - enable 2FA - pypi.org/2fa - https://pypi.org/security-key-giveaway/ - be aware of vulnerabilities - [pip-audit](https://pypi.org/project/pip-audit/) - security policies - https://github.com/apps/allstar-app - security scorecards - https://securityscorecards.dev/ - sign with sigstore - https://www.sigstore.dev/ - https://www.python.org/download/sigstore/ - be a user - take open source security seriously ho - gpg is not assuming human lollllllll - sneak peak!!! signing cpython releases with sigstore!!! Below is the part that speaker updated the talk/tutorial after speech 講者於演講後有更新或勘誤投影片的部份