Techly NewsGet the app

Get the latest tech news

How Python is Fighting Open Source's 'Phantom' Dependencies Problem


Since 2023 the Python Software Foundation has had a Security Developer-in-Residence (sponsored by the Open Source Security Foundation's vulnerability-finding "Alpha-Omega" project). And he's just published a new 11-page white paper about open source's "phantom dependencies" problem — suggestin...

And he's just published a new 11-page white paper about open source's "phantom dependencies" problem — suggesting a way to solve it. From the whitepaper: Python Enhancement Proposal 770 is backwards compatible and can be enabled by default by tools, meaning most projects won't need to manually opt in to begin generating valid PEP 770 SBOM metadata. The white paper "details the approach, challenges, and insights into the creation and acceptance of PEP 770 and adopting Software Bill-of-Materials (SBOMs) to improve the measurability of Python packages," explains an announcement from the Python Software Foundation.

Get the Android app

Or read this on Slashdot

Read more on:

Photo of python

python

Photo of open source

open source

Photo of Phantom

Phantom

Related news:

News photo

Representing Python notebooks as dataflow graphs

News photo

Create space-saving clones on macOS with Python

News photo

Rust, Python, and TypeScript: the new trifecta

« Digital Foundry Leaves IGN, Now Independent
Optimizing my sleep around Claude usage limits »