Explore the challenges and solutions in improving package repository security in this 42-minute conference talk by Jussi Kukkonen from Google. Delve into the evolution of community package repositories like PyPI and NPM, examining the obstacles hindering the adoption of modern security practices. Learn about practical examples, including PyPI's efforts to integrate The Update Framework (TUF). Discover the proposed Repository Playground collaboration project, aimed at defining best practices and workflows beyond white papers. Gain insights into topics such as community package repositories, signature problems, TUF implementation, PEP458, PEP480, and suggestions for improving security in the wider ecosystem.