Drink from the firehose: release-monitoring.org
Presented by
Nick Coghlan
Wednesday
3:40 p.m.–4:25 p.m.
Target audience:
Developer
Abstract
For a long time, the preferred approach to network service security has been the hardened bunker: define a system, deploy it, and patch it promptly when security vulnerabilities in the components used are reported and fixed.
However, continuous integration services and automated deployments have opened up a new model: the moving target that grabs new releases of dependencies almost as soon as they are available, runs them through the CI process like any other software change, and then deploys them to production. Even if a new security flaw slips through testing, that's considered better than being exposed to the flaws that were classified as normal bug fixes, but actually represented security issues.
release-monitoring.org is a shared community service born out of the Fedora Infrastructure team that monitors for new upstream releases, and emits structured events that can be used to automatically trigger appropriate follow-on action.
So if you'd like to learn how to drink from the firehose, this talk's for you!
Presented by
Nick Coghlan
Nick is a CPython core developer, BDFL-Delegate for Python packaging interoperability standards, and a founding member of the PSF's Python Packaging Working Group.
As a member of Red Hat's Platform Engineering team, he works on software supply chain management toooling like release-monitoring.org for Fedora and Red Hat Enterprise Linux.