Dustin Ingram and the Open Source Security Team at Google

Dustin talks about the Open Source Security Team at Google, what they do, the bill they’ve contributed to for Securing Open Source Software Act of 2022, a rewards program they have to pay maintainers called SOS Rewards, and Google’s role in the Sigstore project.

Listen at :studio_microphone:https://podcast.sustainoss.org/150

Can they both look at https://github.com/pypi/warehouse/pull/9972 ?

This is the fix for the one of most requested feature for Python Package Repository - server side metadata about packages. Dustin is the PSF director, Warehouse is PSF project, and neither PSF nor Google SOS are responding to the request of doing security review to merge that request. GitHub contains all details. No funding either.