Version 0.17 Oct. 27, 2023

We released a new schedule version!

We have a new session: “Flakes: Nix Unshackled” by Graham Christensen .

Version 0.16 Oct. 25, 2023

Added Pradyun Gedam's talk before lunch on Thursday. Made room for a talk at 10:25 on Friday - awaiting title + abstract.

We have a new session: “Python packaging and Bloomberg” by Pradyun Gedam .

Sadly, we had to cancel sessions:

• “Reproducible Builds, the first ten years” by h01ger
• “Automating New Package Release Discovery with Spack Scout” by Alec Scott

We have moved a session around: “Securing your Package Ecosystem with Trusted Publishing” by William Woodruff (Oct. 27, 2023, 10:25 a.m. → Oct. 27, 2023, 10:50 a.m.)

Version 0.15 Oct. 24, 2023

Added opening and closing sessions.

We have new sessions!

• “Conference Closing”
• “Conference Opening and Welcome”
• “Day 2 Welcome”

Version 0.14 Oct. 24, 2023

We sadly had to cancel a session: “Say no to YAPS! Perverting/Reusing Existing Packaging Systems” by Adam Retter.

We sadly had to cancel a session: “Say no to YAPS! Perverting/Reusing Existing Packaging Systems” by Adam Retter.

Version 0.13 Oct. 23, 2023

We released a new schedule version!

We sadly had to cancel a session: “The Great Artifact Repository Security Audit: Finding & Fixing Vulnerabilities in Infrastructure Critical to the Open Source Software Supply Chain” by Jonathan Leitschuh.

Version 0.12 Oct. 23, 2023

Dropped Jonathan's talk.

Version 0.11 Oct. 23, 2023

Dropped Jonathan Leitschuh's talk

Version 0.10 Oct. 19, 2023

Added new BoF.

We have a new session: “BoF: WASM Packaging” by Bjorn Neergaard .

Version 0.9 Oct. 19, 2023

Added another BoF to the schedule

We have a new session: “BoF: Supply Chain Security, SBOMs and Package Managers” by Maximilian Huber, Gary O'Neall .

Version 0.8 Oct. 12, 2023

We released a new schedule version!

We have a new session: “BoF: CUDA Packaging” by Kevin Mittman .

Version 0.7 Oct. 10, 2023

We released a new schedule version!

We have a new session: “Helping an Ecosystem Fade Away” by Samuel Giddins .

Version 0.6 Sept. 28, 2023

We released a new schedule version!

We have a new session: “WinGet and Chocolatey: A Real-World Look at Package Management Tools on Windows” by Paul Broadwith .

We had to move some sessions, so if you were planning on seeing them, check their new dates or locations:

• “Securing your Package Ecosystem with Trusted Publishing” by William Woodruff (Oct. 26, 2023, 11:15 a.m. → Oct. 27, 2023, 10:25 a.m.)
• “Stop Shipping Systems: Homogenising Software Supply Chains” by May McEntee (Oct. 27, 2023, 10:25 a.m. → Oct. 26, 2023, 11:15 a.m.)

Version 0.5 Sept. 26, 2023

We released a new schedule version!

Version 0.4 Sept. 26, 2023

We released a new schedule version!

We have new sessions!

• “Reproducible Builds, the first ten years”
• “Devbox: reproducible project-based environments or why global packages considered harmful”

We had to move some sessions, so if you were planning on seeing them, check their new dates or locations:

• “Securing Software Package Releases with SLSA v1.0” by Elad Pticha (Oct. 26, 2023, 10:25 a.m. → Oct. 26, 2023, 6 p.m.)
• “Secure the Build, Secure the Cloud: Using OIDC Tokens in CI/CD Pipelines” by Elad Pticha (Oct. 26, 2023, 6:20 p.m. → Oct. 26, 2023, 10:25 a.m.)

Version 0.3 Sept. 9, 2023

We released a new schedule version!

We have new sessions!

• “Learning to Predict and Improve Build Successes in Package Ecosystems”
• “How fast can we brew?”
• “Shared Objects and Content Addressing: a Survey of Techniques”
• “Build your own SLSA 3+ provenance builder on GitHub Actions”
• “Streaming optimized scientific software installations on any Linux distro with EESSI”
• “Package management analysis in the OSS Review Toolkit”
• “Transparent compromise-resilience: How to bootstrap trust for the open-source ecosystem”
• “The Great Artifact Repository Security Audit: Finding & Fixing Vulnerabilities in Infrastructure Critical to the Open Source Software Supply Chain”
• “Securing Software Package Releases with SLSA v1.0”
• “Secure the Build, Secure the Cloud: Using OIDC Tokens in CI/CD Pipelines”
• “BuildXYZ: Automatic on-demand dependency dispenser”

Version 0.2 Sept. 6, 2023

We released a new schedule version!

We have new sessions!

• “Code Signing is Critical Infrastructure”
• “Explainability in Spack concretization”
• “Stop Shipping Systems: Homogenising Software Supply Chains”
• “Reverse Engineering Package Registries In The Middle Of Nowhere”
• “Automating New Package Release Discovery with Spack Scout”
• “How we used Rust to modernize the conda ecosystem”
• “Poetry's dependency resolver and its environment-independent lockfile”
• “Quality Assurance for 20,000+ packages in GNU Guix”
• “Universal packages, powered by WebAssembly Interfaces - WAI”
• “Python Resolution Evolution: Decoupling Metadata from Downloads in Pip”
• “Securing Open Source Supply Chains with LLMs”
• “Securing your Package Ecosystem with Trusted Publishing”
• “Package Managers, Software Security and Functional Safety”
• ““Our stuff” - how to protect users from package compromise with RSTUF”
• “Ensuring Runtime Reproducibility in the Python Ecosystem”
• “Wolfi: Building a New Linux (Un)distro”
• “Secure packaging for AI models”
• “Rebuilding Trust: Asserting Integrity in Language Package Ecosystems”
• “Untangling Software Supply Chain sBO(O)M”
• “Gotta Go Fast”
• “What's in a name(space)?”
• “Build provenance for package registries”
• “How does homebrew handle licensing data”
• “Optimizing Dependency Solves in Spack”
• “emscripten-forge, a conda-forge like distribtuion for wasm in the browser”
• “Probabilistic Package Builds: Guiding Spack's Concretizer with Predicted Build Outcomes”

Version 0.1 Sept. 4, 2023

We released our first schedule!