Brought to you by Michael and Brian - take a Talk Python course or get Brian's pytest book

#392: The votes have been counted

Published Wed, Jul 17, 2024, recorded Wed, Jul 17, 2024
Watch this episode on YouTube
Play on YouTube
Watch the live stream replay

About the show

Sponsored by Code Comments, an original podcast from RedHat: pythonbytes.fm/code-comments

Connect with the hosts

Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesdays at 10am PT. Older video versions available there too.

Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.

Brian #1: 2024 PSF Board Election & Proposed Bylaw Change Results

  • New board members
    • Tania Allard
    • KwonHan Bae
    • Cristián Maureira-Fredes
  • Congrats to new board members
  • If you want to consider becoming a board member, there are 4 seats up for vote next year.
  • All 3 bylaw changes passed, by a wide margin.
    • Details of changes
    • Change 1: Merging Contributing and Managing member classes
    • Change 2: Simplifying the voter affirmation process by treating past voting activity as intent to continue voting
    • Change 3: Allow for removal of Fellows by a Board vote in response to Code of Conduct violations, removing the need for a vote of the membership

Michael #2: SATYRN: A modern Jupyter client for Mac

  • A Jupyter client app for macOS
  • Comes with a command palette
  • LLM assistance (local or cloud?)
  • Built in Black formatter
  • Currently in alpha
  • Business model unknown

Brian #3: Incident Report: Leaked GitHub Personal Access Token

  • Suggested by Galen Swint
  • See also JFrog blog: Binary secret scanning helped us prevent (what might have been) the worst supply chain attack you can imagine
  • A GitHub access token found it’s way into a .pyc file, then into a docker image.
  • JFrog found it through some regular scans.
  • JFrog notified PYPI security.
  • Token was destroyed within 17 minutes. (nice turnaround)
  • Followup scan revealed that no harm was done.
  • Takaways (from Ee Durbin):
    • Set aggressive expiration dates for API tokens (If you need them at all)
    • Treat .pyc files as if they were source code
    • Perform builds on automated systems from clean source only.

Michael #4: Extra extra extra

Extras

Brian:

  • A new pytest course in the works
    • Quick course focusing on
      • core pytest features + some strategy and Design for Testability concepts
    • Idea
      • everyone on the team (including managers) can take the new course.
      • 1-2 people on a team take “The Complete pytest Course” to become the teams local pytest experts.
  • Python People is on an indefinite hold
  • Python Test → back to Test & Code (probably)
    • I’m planning a series (maybe a season) on TDD which will be language agnostic.
    • Plus I still have tons of Test & Code stickers and no Python Test stickers.
    • New episodes planned for August

Joke: I need my intellisense (autocomplete)


Want to go deeper? Check our projects