#392: The votes have been counted

Play on YouTube

Watch the live stream replay

About the show

Sponsored by Code Comments, an original podcast from RedHat: pythonbytes.fm/code-comments

Connect with the hosts

• Michael: @mkennedy@fosstodon.org
• Brian: @brianokken@fosstodon.org
• Show: @pythonbytes@fosstodon.org

Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesdays at 10am PT. Older video versions available there too.

Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.

Brian #1: 2024 PSF Board Election & Proposed Bylaw Change Results

• New board members
  • Tania Allard
  • KwonHan Bae
  • Cristián Maureira-Fredes
• Congrats to new board members
• If you want to consider becoming a board member, there are 4 seats up for vote next year.
• All 3 bylaw changes passed, by a wide margin.
  • Details of changes
  • Change 1: Merging Contributing and Managing member classes
  • Change 2: Simplifying the voter affirmation process by treating past voting activity as intent to continue voting
  • Change 3: Allow for removal of Fellows by a Board vote in response to Code of Conduct violations, removing the need for a vote of the membership

Michael #2: SATYRN: A modern Jupyter client for Mac

• A Jupyter client app for macOS
• Comes with a command palette
• LLM assistance (local or cloud?)
• Built in Black formatter
• Currently in alpha
• Business model unknown

Brian #3: Incident Report: Leaked GitHub Personal Access Token

• Suggested by Galen Swint
• See also JFrog blog: Binary secret scanning helped us prevent (what might have been) the worst supply chain attack you can imagine
• A GitHub access token found it’s way into a .pyc file, then into a docker image.
• JFrog found it through some regular scans.
• JFrog notified PYPI security.
• Token was destroyed within 17 minutes. (nice turnaround)
• Followup scan revealed that no harm was done.
• Takaways (from Ee Durbin):
  • Set aggressive expiration dates for API tokens (If you need them at all)
  • Treat .pyc files as if they were source code
  • Perform builds on automated systems from clean source only.

Michael #4: Extra extra extra

• Python 3.13.0 beta 3 released
• Ice got a lot better
• I Will Piledrive You If You Say AI Again | Prime Reacts Video
• Follow up actions for polyfill supply chain attack
• Developer Ecosystem Survey 2024
• Code in a Castle still has seats open

Extras

Brian:

• A new pytest course in the works
  • Quick course focusing on
    • core pytest features + some strategy and Design for Testability concepts
  • Idea
    • everyone on the team (including managers) can take the new course.
    • 1-2 people on a team take “The Complete pytest Course” to become the teams local pytest experts.
• Python People is on an indefinite hold
• Python Test → back to Test & Code (probably)
  • I’m planning a series (maybe a season) on TDD which will be language agnostic.
  • Plus I still have tons of Test & Code stickers and no Python Test stickers.
  • New episodes planned for August

Joke: I need my intellisense (autocomplete)