You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@semanur-prenuvo, you asked some questions about aws-sso-lib security over on boto/botocore#1923. This is a better place for discussion. What specifically do you want to know? I would estimate the supply chain security of aws-sso-lib to be a bit above average (MFA on everything, few transitive dependencies), but also not as maximal as I'm sure some high-profile projects have (e.g., I have not gotten around to signing my commits, or if someone managed to compromise the PyPI repo and publish a rogue version I'm not sure how I'd become aware other than user reports). I would note my aws-assume-role-lib has been designated a "critical" project on PyPI, which carries some security requirements like mandatory MFA, and those requirements cover all my projects including aws-sso-lib.
The text was updated successfully, but these errors were encountered:
@semanur-prenuvo, you asked some questions about
aws-sso-libsecurity over on boto/botocore#1923. This is a better place for discussion. What specifically do you want to know? I would estimate the supply chain security ofaws-sso-libto be a bit above average (MFA on everything, few transitive dependencies), but also not as maximal as I'm sure some high-profile projects have (e.g., I have not gotten around to signing my commits, or if someone managed to compromise the PyPI repo and publish a rogue version I'm not sure how I'd become aware other than user reports). I would note myaws-assume-role-libhas been designated a "critical" project on PyPI, which carries some security requirements like mandatory MFA, and those requirements cover all my projects includingaws-sso-lib.The text was updated successfully, but these errors were encountered: