Open Source & More - Blog | Tidelift

Featured

Digging into the data: Open source software repo supply chain attacks

I had just wrapped up some internal Tidelift research on open source software supply chain compromises a few weeks ago when I saw PyPI's announcement ...

by Tieg Zaharia
on August 2, 2022

Tieg Zaharia

The current state of package invalidation support across package managers

By Tieg Zaharia on April 1, 2021

Deprecate, retract, unpublish, abandon, yank, orphan, archive... What do all these have in common? Well, they’re different terms for what I’ll call ...

The state of package signing across package managers

By Tieg Zaharia on June 11, 2020

Recently I looked at the state of 2FA support across package managers. 2FA adds a layer of security by requiring two sources of authentication from ...

The current state of two-factor authentication across package managers

By Tieg Zaharia on July 23, 2019

Recently at Tidelift we started asking our partnered maintainers (we call them “lifters”) to confirm that they have Two-Factor Authentication (2FA) ...

How the NIST Secure Software Development Framework impacts open source software 💾

Featured

Digging into the data: Open source software repo supply chain attacks

Tieg Zaharia

Recent Posts

The current state of package invalidation support across package managers

The state of package signing across package managers

The current state of two-factor authentication across package managers

Don't miss the latest from Tidelift

Filter by Topic

Tidelift

Product

Resources

For Maintainers