Brussels / 1 & 2 February 2020


Package managers: resolve differences

Lively panel discussion on package management

Package managers have become the default way for managing dependencies for most projects but they’re not without their challenges and risks. In this panel we bring together experts representing several popular package managers for a lively discussion on package management best practices, the state of package management communities, and a look forward at what we can expect to see in the future.

Join our facilitators as they put representatives of popular package managers on the spot with difficult questions on package management infrastructure, security, and compliance.

We’ll tackle topics such as: * Versioning and naming * Knowing the full graph of packages you’re consuming * Best practices for securing your use of package managers * Finding and resolving vulnerabilities in packages you’re using * Malicious packages and typo-squatting * Meeting your open source license obligations * Dealing with dependencies that aren’t packages

With package managers becoming the default way for managing dependencies, they are now a critical part of the software supply chain and while at first each package manager appears quite different, they share common requirements, are used in similar workflows, and are all targets for malicious actors.

In this panel we will focus on those common problems so that regardless of which package manager you use, you’ll come away with a breadth of knowledge on how to securely use package managers in your software supply chain.


William Bartholomew