Note that this month was on the quiet side due to attending the CISA Open Source Security summit, having to take sick time off, and taking a 2 week-long vacation.
I attended the Open Source Security summit hosted by CISA in early March. The event was attended by many other open source ecosystems. The summit focused on strengthening the security of open source infrastructure like package repositories.
I'm speaking at the OpenSSF SOSS Community Day in Seattle on April 15th. I'm also a participant in the Tabletop Exercise that caps off SOSS Community Day. Will attend the OSS Summit event as well.
Submitted an idea to Google Summer of Code 2024 with Dustin Ingram on adopting the OpenSSF Hardened Compiler Options for C/C++ for CPython.
Published a report to my blog for the month of March.
- CPython source and documentation builds moved to GitHub Actions thanks to Developer-in-Residence Łukasz Langa for reviewing and dry-running the GitHub Action during the most recent CPython release.
- Security advisories for CVE-2023-6597 and CVE-2024-0450 were published while I was away by Ee Durbin.
- Reviewed Brett Cannon's lock file pre-PEP to ensure package URLs and SBOMs can be constructed reliably and for future changes to checksum algorithms.