Feeds
Seth Michael Larson: Visualizing the Python package SBOM data flow
Published 2024-11-22 by Seth Larson
Reading time: minutes
TLDR: Skip intro, take me to the visualization!
I'm working on improving measurability of Python packages by allowing Software Bill-of-Materials documents (SBOM) to be included in Python packages so that projects and build tools can record information about a package for downstream use.
This is a cross-functional project where I need input from Python projects, Python packaging tools (build backends+tools and installers), but also from folks completely outside the Python community like SBOM tooling maintainers. With projects like this, it can be difficult to "see the forest through the trees". When you're reviewing the packaging PEP, it can be difficult to imagine how or who is using the new standard. This article is to help visualize the end-to-end data flow.
How SBOM data will be included in Python packagesIn short, the proposal is:
- Allow Python projects to manually specify SBOM documents in pyproject.toml with [project].sbom-files = ["..."]
- Allow Python package archives to include self-describing SBOM documents and reference them in metadata via Sbom-File field.
- Zero-or-more SBOM documents per Python package archive. Each tool adding SBOM data creates a new SBOM inside the archive to avoid conflicts. End-user SBOM tools need to handle multiple SBOMs to "stitch" them together.
There are two Python packages being shown, Package A on the left and Package B on the right. Package A depends on Package B. Package A is a pure-Python package with no bundled dependencies. Package B uses binary extensions and uses auditwheel to bundle shared libraries.
@import url(https://fonts.googleapis.com/css2?family=Inter:wght@400;500);
AuditwheelAuditwheelPython EnvironmentPython EnvironmentBuild BackendBuild BackendPythonPackage
Python...Python
Package B
Python...Source ForgeSource ForgeSource Code BSource Code BSBOM GeneratorSBOM GeneratorSrc
SBOMSrc...Src
SBOMSrc...Build
SBOMBuild...3rd P
Deps3rd P...SO /
DLLsSO /...Build
SBOMBuild...Src
SBOMSrc...Build
SBOMBuild...3rd P
Deps3rd P...Py
Pkg BPy...Build
SBOMBuild...Src
SBOMSrc...Build
SBOMBuild...METADATAMETADATAPython
Package B
Python...METADATAMETADATAOperational SBOM (OBOM)Operational SBOM (OBOM)1122335566Package BPackage BDataDataDataDataDataDataDataDataBuild BackendBuild BackendPython
Package A
Python...Source ForgeSource ForgeSource Code ASource Code AMETADATAMETADATAPackage APackage ADataDataPython
Package A
Python...METADATAMETADATAPython Package IndexPython Package Indexinstall_requiresinstall_re...44DEPENDS_ONDEPENDS_ONrefrefrefrefrefrefText is not SVG - cannot display
How SBOM data flows from Python package source code, build, to an SBOM generation tool
Stage 1: If the Python project bundles third-party software in their own source code then the project may specify one or more SBOM documents through project.sbom-files in pyproject.toml. Build backends copy these documents into source distributions and wheels.
Stage 2: If the Python build-backend pulls dependencies (like Maturin and Cargo) while building a wheel those dependencies can be recorded in another SBOM document in the wheel.
Stage 3: If a tool that modifies wheels by adding dependencies is used (like auditwheel) then that tool can record modifications in an SBOM document. At this point there are three separate SBOM documents included in the Package B archive.
Stage 4: Archives are uploaded to an index like PyPI. The index can do some validation of included SBOM documents, if any.
Stage 5: Installers download and install the Python package archives. The SBOM files are placed into the .dist-info/sboms/ directory in the Python environment and referenced in package metadata.
Stage 6: SBOM generation tools scan the Python environment and using existing Python package metadata and new SBOM documents with per-package data stitch together an Operational SBOM (OBOM) detailing the Python environment.
Who does what?The plan is to allow each "actor" in the system adding SBOM data to a Python package to create their own SBOM document inside the Python package.
This means they can choose any SBOM standard (although we'll recommend sticking to a well-known one like CycloneDX and SPDX) and that intermediate tools won't need to "merge" SBOM data together. Avoiding this merging is extremely important, because cross-standard SBOM data merges are a very hard problem. This problem is deferred to SBOM generation tools which already need to support multiple SBOM standards.
- Pure-Python projects that don't vendor software are easy, there's nothing to do here.
- Python projects that vendor software can annotate that software using an SBOM and specify the SBOM in pyproject.toml. Keeping this up-to-date is a non-zero amount of work, but I am hoping that by providing this PEP it will enable these types of contributions. I'm also hoping to provide a lightweight pre-commit hook to help keeping these SBOM documents up-to-date, similar to what CPython already uses.
- Python project which use a build backend that pull dependencies should be able to annotate what those dependencies are at build time. There will be exceptions, looking into tools like Meson and multibuild to see what can be done.
- Python bundling tools like auditwheel, delocate, etc can annotate shared libraries and DLLs that are pulled into wheels.
My hope is that the most difficult part of this work (manually annotating a package if automatic tools can't) will enable a new type of contribution from users of Python packages to provide SBOM data. Previously there was no standardized method to have SBOM data propagate through Python packages, thus discouraged this type of contribution.
If you're interested in having your use-case covered or you have concerns about the approach, please open a GitHub issue on the project tracker.
That's all for this post! 👋 If you're interested in more you can read the last report.
Have thoughts or questions? Let's chat over email or social:
sethmichaellarson@gmail.com
@sethmlarson@fosstodon.org
Want more articles like this one? Get notified of new posts by subscribing to the RSS feed or the email newsletter. I won't share your email or send spam, only whatever this is!
Want more content now? This blog's archive has ready-to-read articles. I also curate a list of cool URLs I find on the internet.
Find a typo? This blog is open source, pull requests are appreciated.
Thanks for reading! ♡ This work is licensed under CC BY-SA 4.0
︎ImageX: Unlocking Drupal Recipes: Instantly Boost Your Website's Features
Authored by Nadiia Nykolaichuk.
An exciting recipe is brewing in the Drupal kitchen. Picture a cookbook filled with delightful dishes, each requiring just one simple step. Similarly, Drupal users will soon enjoy the ability to add valuable functionalities to their websites with a single click, thanks to Recipes.
ImageX: Instantly Enhance Your Website with Drupal Recipes for Exciting Features
Authored by Nadiia Nykolaichuk.
An exciting recipe is brewing in the Drupal kitchen. Picture a cookbook filled with delightful dishes, each requiring just one simple step. Similarly, Drupal users will soon enjoy the ability to add valuable functionalities to their websites with a single click, thanks to Recipes.
FSF Events: Free Software Directory meeting on IRC: Friday, November 22, starting at 12:00 EST (17:00 UTC)
Metadrop: Artisan Drupal SDC theme: What you need to know
Artisan is a Drupal base theme built on Bootstrap 5 and Sass. It offers easy theme configurations, theme presets (or variants), and extensive use of CSS variables.
Why Artisan?The inspiration for Artisan comes from Radix, a well-known theme we used for a long time. However, once you master something that is not directly tailored to your needs, you may start to wish for changes—small ones at first, but larger ones over time. For example, we found ourselves overwriting too many base templates for our Drupal projects. We wanted the templates provided by the base theme to be extensible enough to avoid being discarded based on the needs of specific projects. In the end, we decided to create our own theme.
The main goal of the Artisan base theme is to provide a foundation that allows most of its components to be reused without requiring complete overwrites in the custom theme of a specific project. To achieve this, Artisan offers a functional design base that is easily extensible, as explained below.
Artisan also makes extensive use of CSS custom properties (commonly known as CSS variables) to fully leverage their benefits. By using these variables, you can easily reuse styles across your project, ensuring greater design consistency. Additionally, they simplify…
Django Weblog: 2024 Django Developers Survey
The DSF is once again partnering with JetBrains to run the 2024 Django Developers Survey 🌈
Please take a moment to fill it out! It should only take about 10 minutes to complete. It’s an important metric of Django usage, and is immensely helpful to guide future technical and community decisions.
The survey will be open until December 21st, 2024. After the survey is over, we will publish the aggregated results. JetBrains will also randomly choose 10 winners (from those who complete the survey in its entirety with meaningful answers), who will each receive a $100 Amazon Gift Card or a local equivalent.
How you can helpTake a moment to re-share the survey on socials, and with your respective communities? The more diverse the answers, the better the results for all of us.
Thank you for taking the time to contribute to this community effort, and thank you to JetBrains for their consistent support over the years!
LN Webworks: Drupal Theming: A Comprehensive Guide For Developers
Drupal theming system is one of the most flexible and powerful tools for web developers, especially when it comes to creating visually appealing and highly functional websites. As a Content management system (CMS), drupal provides the best customization capabilities, making it a top choice for developers worldwide.
Today we are going to delve deeper into Drupal's Theming system, and its core component.
In this blog, we'll dive into Drupal’s theming system, its core components, and how LN Webworks, with its expert team, leverages Drupal development services to ensure that every Drupal-based website is not just functional but also visually engaging.
LN Webworks: How To Integrate Pipedrive With Webform: Step By Step Guide
Integrating Pipedrive, a powerful CRM tool, with a Drupal Webform can automate lead capturing, tracking, and data management. By using Webform, we can create a custom form and submit form data directly to Pipedrive, enabling a seamless flow of information from your website to your CRM
In this post, we’ll walk through the process of creating a Drupal Webform and then show how to configure a submit handler to send form data to Pipedrive.
Prerequisites
Before we begin, ensure that you have the following:
- A Pipedrive account and API access (API key).
- A Drupal installation with the Webform module installed and enabled.
The Webform module allows you to create forms and manage submissions in Drupal. To install the Webform module, follow these steps:
BRAINSUM: AI Chatbot demo with Drupal and RAG
At DrupalCon Barcelona, we were amazed to see all the powerful and functional Drupal AI integrations in action. I have been following the development closely, and after the recent release announcement of the AI (Artificial Intelligence) module, we decided to recreate one of its use cases: a RAG chatbot enabling semantic search.
1xINTERNET blog: The Event Platform module - and how it can help you organise your next tech talk or event
Learn how the Event Platform module simplified building the DrupalCamp Berlin 2024 website, its key features, benefits, and potential for improvements.
Real Python: Quiz: Expression vs Statement in Python: What's the Difference?
In this quiz, you’ll test your understanding of Expression vs Statement in Python: What’s the Difference?
By working through this quiz, you’ll revisit the key differences between expressions and statements in Python, and how to use them effectively in your code.
[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]
Real Python: Quiz: Interacting With Python
In this quiz, you’ll test your understanding of the different ways you can interact with Python.
By working through this quiz, you’ll revisit key concepts related to Python interaction in interactive mode using the Read-Eval-Print Loop (REPL), through Python script files, and within Integrated Development Environments (IDEs) and code editors.
You’ll also test your knowledge of some other options that may be useful, such as Jupyter Notebooks.
[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]
Django Weblog: Announcing the 6.x Steering Council elections 🚀
Today, we’re announcing early elections for the Django Software Foundation Steering Council over the 6.x Django release cycle. Elected members will be on the Steering Council for two years, from the end of those elections in December, until April 2027 with the scheduled start of the Django 7.x release cycle.
Why we have early electionsThe DSF Board of Directors previously shared Django’s technical governance challenges, and opportunities. Now that the Board elections are completed, we’re ready to proceed with this other, separate election, following existing processes. We will want a Steering Council who strives to meet the group’s intended goals:
-
To safeguard big decisions that affect Django projects at a fundamental level.
-
To help shepherd the project’s future direction.
We expect the new Steering Council will take on those known challenges, resolve those questions of technical leadership, and update Django’s technical governance. They will have the full support of the Board of Directors to address this threat to Django’s future. And the Board will also be more decisive in intervening, should similar issues keep arising.
Elections timelineHere are the important dates of the Steering Council elections, subject to change:
- 2024-11-21: announcement & opening of voter registration
- 2024-11-26 23:59 AoE (Anywhere on Earth): voter registration closes
- 2024-11-27: opening of Steering Council candidates registration
- 2024-12-04 23:59 AoE: candidates registration closes
- (one week gap per defined processes)
- 2024-12-10: voting starts
- 2024–12-17 23:59 AoE: voting ends
- 2024-12-18: results ratification by DSF Board of Directors
- 2024-12-19: results announcement
If you’re an Individual Member of the Django Software Foundation, you’re already registered to vote. There’s nothing further for you to do. If you aren’t, consider nominating yourself for individual membership. Once approved, you will be registered to vote for this election.
Alternatively, for members of our community who want to vote in this election but don’t want to become Individual Members, you can register to vote from now until 2024-11-26 23:59 Anywhere on Earth, use our form: Django 6.x Steering Council Voter Registration.
Candidate registrationIf you’re interested, don’t wait until formal candidate registration. You can already fill in our 6.x Steering Council expression of interest form. At the end of the form, select “I would like what my submissions to this form to be used as part of my candidate registration for the elections”.
Django 6.x Steering Council elections - Expression of interest
VotingOnce voting opens, those eligible to vote in this election will receive information on how to vote via email. Please check for an email with the subject line “6.x Steering Council elections voting”. Voting will be open until 23:59 on December 17, 2024 Anywhere on Earth.
—
Any questions? Ask on our dedicated forum discussion thread, or reach out via email to foundation\@djangoproject.com.
PyPodcats: Trailer: Episode 7 With Anna Makarudze
Sneak Peek of our chat with Anna Makarudze, hosted by Mariatta Wijaya and Cheuk Ting Ho.
Since discovering Python and Django in 2015, Anna has been actively involved in the Django community. She helped organize PyCon Zimbabwe, and she has coached at Django Girls in Harare and Windhoek.
She served on the Board of Directors at Django Software Foundation for five years, and she is currently a Django Girls Foundation Trustee & Fundraising Coordinator.
Anna became aware of the lack of representation of women in tech industry, something that became more evident as she attended Django Under the Hood in 2016 where most of the attendees were white men, and only a few are women. That’s when she realized the importance of communities like Django Girls in supporting more women in the Django Community.
In this chat, Anna shared ways on how you can contribute and help support Django Girls+ Foundation.
Full episode is coming on November 27, 2024! Subscribe to our podcast now!
www-zh-cn @ Savannah: Welcome our new member - bingchuanjuzi
Hi, All:
Please join me in welcoming our new member:
User Details:
-------------
Name: Haoran Du
Login: bingchuanjuzi
Email: dududu233@outlook.com
I wish bingchuanjuzi a wonderful journey in GNU CTT.
Happy Hacking
wxie
Matt Glaman: Lenient Composer Plugin officially replaces lenient packages endpoint
Well, it's official. My Drupal Lenient Composer Plugin has allowed the lenient Composer repository endpoint on Drupal.org to be sunset and removed. I created the mglaman/composer-drupal-lenient repository two years ago at DrupalCon Portland. It is pretty wild how much it has been adopted in just two years. Not only has it allowed the Drupal Association to dismantle some infrastructure, but it is also baked into the Drupal.org GitLab CI. The package is pushing over 3,000,000 downloads from Packagist!
libtool @ Savannah: libtool-2.5.4 released [stable]
Libtoolers!
The Libtool Team is pleased to announce the release of libtool 2.5.4.
GNU Libtool hides the complexity of using shared libraries behind a
consistent, portable interface. GNU Libtool ships with GNU libltdl, which
hides the complexity of loading dynamic runtime libraries (modules)
behind a consistent, portable interface.
There have been 49 commits by 16 people in the 8 weeks since 2.5.3.
See the NEWS below for a brief summary.
Thanks to everyone who has contributed!
The following people contributed changes to this release:
Adrien Destugues (1)
Alastair McKinstry (6)
Bruno Haible (1)
Ileana Dumitrescu (27)
Jerome Duval (1)
Jonathan Nieder (2)
Joshua Root (1)
Khalid Masum (1)
Markus Mützel (1)
Martin Storsjö (1)
Richard Purdie (1)
Sergey Poznyakoff (1)
Tim Schumacher (1)
Vincent Lefevre (2)
mintsuki (1)
streaksu (1)
Ileana
[on behalf of the libtool maintainers]
==================================================================
Here is the GNU libtool home page:
https://gnu.org/s/libtool/
For a summary of changes and contributors, see:
https://git.sv.gnu.org/gitweb/?p=libtool.git;a=shortlog;h=v2.5.4
or run this command from a git-cloned libtool directory:
git shortlog v2.5.3..v2.5.4
Here are the compressed sources:
https://ftpmirror.gnu.org/libtool/libtool-2.5.4.tar.gz (2.0MB)
https://ftpmirror.gnu.org/libtool/libtool-2.5.4.tar.xz (1.1MB)
Here are the GPG detached signatures:
https://ftpmirror.gnu.org/libtool/libtool-2.5.4.tar.gz.sig
https://ftpmirror.gnu.org/libtool/libtool-2.5.4.tar.xz.sig
Use a mirror for higher download bandwidth:
https://www.gnu.org/order/ftp.html
Here are the SHA1 and SHA256 checksums:
77227188ead223ed8ba447301eda3761cb68ef57 libtool-2.5.4.tar.gz
2o67LOTc9GuQCY2vliz/po9LT2LqYPeY0O8Skp7eat8= libtool-2.5.4.tar.gz
9781a113fe6af1b150571410b29d3eee2e792516 libtool-2.5.4.tar.xz
+B9YYGZrC8fYS63e+mDRy5+m/OsjmMw7rKavqmAmZnU= libtool-2.5.4.tar.xz
Verify the base64 SHA256 checksum with cksum -a sha256 --check
from coreutils-9.2 or OpenBSD's cksum since 2007.
Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact. First, be sure to download both the .sig file
and the corresponding tarball. Then, run a command like this:
gpg --verify libtool-2.5.4.tar.gz.sig
The signature should match the fingerprint of the following key:
pub rsa4096 2021-09-23 [SC]
FA26 CA78 4BE1 8892 7F22 B99F 6570 EA01 146F 7354
uid Ileana Dumitrescu <ileanadumi95@protonmail.com>
uid Ileana Dumitrescu <ileanadumitrescu95@gmail.com>
If that command fails because you don't have the required public key,
or that public key has expired, try the following commands to retrieve
or refresh it, and then rerun the 'gpg --verify' command.
gpg --locate-external-key ileanadumi95@protonmail.com
gpg --recv-keys 6570EA01146F7354
wget -q -O- 'https://savannah.gnu.org/project/release-gpgkeys.php?group=libtool&download=1' | gpg --import -
As a last resort to find the key, you can try the official GNU
keyring:
wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg
gpg --keyring gnu-keyring.gpg --verify libtool-2.5.4.tar.gz.sig
This release was bootstrapped with the following tools:
Autoconf 2.72e
Automake 1.17
Gnulib v1.0-1108-gea58a72d4d
NEWS
- Noteworthy changes in release 2.5.4 (2024-11-20) [stable]
** New features:
- New libtool command line flag, --no-finish, to skip executing
finish_cmds that would alter the shared library cache during testing.
- New libtool command line flag, --reorder-cache=DIRS, to reorder the
shared library cache, only on OpenBSD.
** Bug fixes:
- Fix incorrect use of workarounds designed for Darwin versions that
don't have -single_module support.
- Fix errors when executing 'make distclean' and 'make maintainer-clean'.
- Fix bug where the constructed rpath omit directories, instead of
appending them to the end.
- Fix configure error for when variable 'multlib' is unset.
- Fix searching for -L in link paths being over-greedy and incorrectly
handling paths with -L in them.
- Avoid using AC_TRY_EVAL macro, "dangerous and undocumented".
- Fix linking libraries at runtime with tcc by adding run path.
- Fix path comparison by removing trailing slashes on install commands.
- Fix linking for mingw with lld by prefering response files over the
linker script.
- Fix '-Fe' usage with linking in MSVC.
- Fix '--no-warnings' flag.
- Fix handling xlc(1)-specific options.
- Fix Haiku support.
** Changes in supported systems or compilers:
- Support additional flang-based compilers, 'f18' and 'f95'.
- Support for 'netbsdelf*-gnu'.
- Support for '*-mlibc', and subsequently Ironclad and Managarm.
- Support for SerenityOS.
- Support for wasm32-emscripten.
Enjoy!
Give Your Input on the State of Open Source Survey
As we announced back in September, the OSI has partnered again with OpenLogic by Perforce to produce a comprehensive report on global, industry-wide Open Source software adoption trends. The 2025 State of Open Source Report will be based on responses to a survey of those working with Open Source software in their organizations, from developers to CTOs and everyone in between.
“This is our fourth year being involved in the State of Open Source Report, and there is never any shortage of surprises in the data,” says Stefano Maffulli, Executive Director, Open Source Initiative. “Now, however, the aim of the survey is not to determine whether or not organizations are using Open Source — we know they are — but to find out how they are handling complexities related to AI, licensing, and of course, security.”
This year, the survey includes new sections on Big Data, the impact of CentOS EOL, and security/compliance. As always, there are questions about technology usage in various categories such as infrastructure, cloud-native, frameworks, CI/CD, automation, and programming languages. Finally, a few questions toward the end look at Open Source maturity and stewardship, including sponsoring or being involved with open source foundations and organizations like OSI.
Of course, any report like this is only as valuable as its data and the more robust and high-quality the dataset, the stronger the report will be. As stewards of the Open Source community, OSI members are encouraged to take the survey so that the 2025 State of Open Source Report accurately reflects the interests, concerns, and preferences of Open Source software users around the world.
You can access the State of Open Source Survey here: https://www.research.net/r/SLQWZGF
Trey Hunner: Python Black Friday & Cyber Monday sales (2024)
Ready for some Python skill-building sales?
This is my seventh annual compilation of Python learning deals.
I’m publishing this post extra early this year, so bookmark this page and set a calendar event for yourself to check back on Friday November 29.
Currently live salesHere are Python-related sales that are live right now:
- Python Jumpstart with Python Morsels: 50% off my brand new Python course, an introduction to Python that’s very hands-on ($99 instead of $199)
- Rodrigo 50% off Rodrigo’s all books bundle with code BF24
- The Python Coding Place: 40% off The Python Coding Book and 40% off a lifetime membership to The Python Coding Place with code black2024
- Sundeep Agarwal: ~50% off Sundeep’s all book and Python bundles with code FestiveOffer
- O'Reilly Media: 40% off the first year with code CYBERWEEK24 ($299 instead of $499)
Here are sales that will be live soon:
- Data School 40% off all Kevin’s courses or get a bundle with all 5 of his courses
- Mike Driscoll: 35% off Mike’s Python books and courses with code BF24
Here are some sales I expect to see, but which haven’t been announced yet:
- Talk Python: usually holds a sale on a variety of courses
- Brian Okken: often holds a sale on his pytest course
- Reuven Lerner: usually holds a sale
- Pragmatic Bookshelf: I’m guessing they’ll hold a 40% off sale with code turkeycode2024
Also see Adam Johnson’s Django-related Deals for Black Friday 2024 for sales on Adam’s books, courses from the folks at Test Driven, Django templates, and various other Django-related deals.
And for non-Python/Django Python deals, see the Awesome Black Friday / Cyber Monday deals GitHub repository and the BlackFridayDeals.dev website.
If you know of another sale (or a likely sale) please comment below or email me.
Security advisories: Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-008
Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Remote Code Execution. It is not directly exploitable.
This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to allow an attacker to pass unsafe input to unserialize(). There are no such known exploits in Drupal core.
To help protect against this potential vulnerability, some additional checks have been added to Drupal core's database code. If you use a third-party database driver, check the release notes for additional configuration steps that may be required in certain cases.
Solution:Install the latest version:
- If you are using Drupal 7, update to Drupal 7.102.
- If you are using Drupal 10.2, update to Drupal 10.2.11.
- If you are using Drupal 10.3, update to Drupal 10.3.9.
All versions of Drupal 10 prior to 10.2 are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.)
Reported By:- Drew Webber of the Drupal Security Team
- Drew Webber of the Drupal Security Team
- Fabian Franz
- Juraj Nemec of the Drupal Security Team
- Lee Rowlands of the Drupal Security Team
- Dave Long of the Drupal Security Team
- Alex Pott of the Drupal Security Team
- Juraj Nemec of the Drupal Security Team
- Benji Fisher of the Drupal Security Team
- xjm of the Drupal Security Team