Choosing Wisely - How to Pick the Right Third Party Packages for your Project

Friday 11:40 AM–12:10 PM in Hall E

Part of the DjangoCon AU specialist track

Python has an incredible library of open source packages you can use in your own project, but how do you pick the right one? What can happen if you pick the wrong one? In this talk, we'll discuss the process of choosing the right dependencies - from architecture to security to licensing. By the end you'll have a good understanding of what to look for in a package and what to avoid.

See this talk and many more by getting your ticket to PyCon AU now!

I want a ticket!

Building a modern Python application can sometimes feel a little like building out of Lego bricks, with third party packages ready to solve almost any problem just a pip install away. At last count, PyPI had over 450,000 packages to choose from, and the right ones will save you time and let you focus on the problems you really care about.

Unfortunately, picking the right packages isn't always as simple as googling "Django multi factor auth" and pip installing the first result. There are some very serious factors to consider when choosing a package, and this talk will take you through the most important ones.

We'll cover the following:

What are the risks of installing the wrong package?
How do we know when a third party package is the right solution?
How can we evaluate the quality of a package, especially when the contents may be way above our own skill level?
How are packages licensed and why should we care?
How can we manage the ongoing risks of having third party code in our projects?

This will be an important foundational talk for anyone building Python applications in a personal or commercial setting. Third party libraries are one of the most common ways attackers compromise applications, and all developers should have a good understanding of the strategies professional developers use to manage this risk while getting the most out of Python's amazing ecosystem.

Evan Brumley He/Him • @evanbrumley@aus.social

Evan is the technical leader of WSP’s Software Engineering division, and is a solution architect and software engineer with over 14 years of experience in the industry. He specializes in complex web-application development using Python and loves working on projects that sit at the intersection of software and traditional engineering. At WSP he runs projects that combine modern software development best practices in web and mobile with complex engineering and scientific analysis.

In his spare time Evan 3D prints museum quality dinosaur skulls and falls off climbing walls. His twin obsession with stickers and crafting led to the curlyboi creation station of PyConAU 2019, which may make a return this year!