#392: The votes have been counted
Published Wed, Jul 17, 2024,
recorded Wed, Jul 17, 2024
About the show
Sponsored by Code Comments, an original podcast from RedHat: pythonbytes.fm/code-comments
Connect with the hosts
- Michael: @mkennedy@fosstodon.org
- Brian: @brianokken@fosstodon.org
- Show: @pythonbytes@fosstodon.org
Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesdays at 10am PT. Older video versions available there too.
Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.
Brian #1: 2024 PSF Board Election & Proposed Bylaw Change Results
- New board members
- Tania Allard
- KwonHan Bae
- Cristián Maureira-Fredes
- Congrats to new board members
- If you want to consider becoming a board member, there are 4 seats up for vote next year.
- All 3 bylaw changes passed, by a wide margin.
- Details of changes
- Change 1: Merging Contributing and Managing member classes
- Change 2: Simplifying the voter affirmation process by treating past voting activity as intent to continue voting
- Change 3: Allow for removal of Fellows by a Board vote in response to Code of Conduct violations, removing the need for a vote of the membership
Michael #2: SATYRN: A modern Jupyter client for Mac
- A Jupyter client app for macOS
- Comes with a command palette
- LLM assistance (local or cloud?)
- Built in Black formatter
- Currently in alpha
- Business model unknown
Brian #3: Incident Report: Leaked GitHub Personal Access Token
- Suggested by Galen Swint
- See also JFrog blog: Binary secret scanning helped us prevent (what might have been) the worst supply chain attack you can imagine
- A GitHub access token found it’s way into a .pyc file, then into a docker image.
- JFrog found it through some regular scans.
- JFrog notified PYPI security.
- Token was destroyed within 17 minutes. (nice turnaround)
- Followup scan revealed that no harm was done.
- Takaways (from Ee Durbin):
- Set aggressive expiration dates for API tokens (If you need them at all)
- Treat .pyc files as if they were source code
- Perform builds on automated systems from clean source only.
Michael #4: Extra extra extra
- Python 3.13.0 beta 3 released
- Ice got a lot better
- I Will Piledrive You If You Say AI Again | Prime Reacts Video
- Follow up actions for polyfill supply chain attack
- Developer Ecosystem Survey 2024
- Code in a Castle still has seats open
Extras
Brian:
- A new pytest course in the works
- Quick course focusing on
- core pytest features + some strategy and Design for Testability concepts
- Idea
- everyone on the team (including managers) can take the new course.
- 1-2 people on a team take “The Complete pytest Course” to become the teams local pytest experts.
- Quick course focusing on
- Python People is on an indefinite hold
- Python Test → back to Test & Code (probably)
- I’m planning a series (maybe a season) on TDD which will be language agnostic.
- Plus I still have tons of Test & Code stickers and no Python Test stickers.
- New episodes planned for August