“Defense in Depth: A Practical Guide to Python Supply Chain Security”: an incredibly high quality post by someone with respectable credentials. Read the whole thing.