#411: TLS Client: Hello <<guitar solo>>

Play on YouTube

Watch the live stream replay

About the show

Sponsored by us! Support our work through:

• Our courses at Talk Python Training
• The Complete pytest Course
• Patreon Supporters

Connect with the hosts

• Michael: @mkennedy@fosstodon.org / @mkennedy.codes
• Brian: @brianokken@fosstodon.org / @brianokken.bsky.social
• Show: @pythonbytes@fosstodon.org / @pythonbytes.bsky.social

Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too.

Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.

Michael #1: Talk Python rewritten in Quart

• Rewrote all of talkpython.fm in Quart (10k lines of code total, 4k changed)
• Considered
  • FastAPI
  • Litestar
  • Django
  • Hugo Static Site + Python
  • Flask
• Discussed the multistage upgrade / conversion process
• Automating tests for all 1,000 pages

Brian #2: PyPI now supports digital attestations

• Dustin Ingram
• “Attestations provide a verifiable link to an upstream source repository: By signing with the identity of the upstream source repository, such as in the case of an upload of a project built with GitHub Actions, PyPI's support for digital attestations defines a strong and verifiable association between a file on PyPI and the source repository, workflow, and even the commit hash that produced and uploaded the file. Additionally, publishing attestations to a transparency log helps mitigate against both compromise of PyPI and compromise of the projects themselves.”
• For maintainers
  • If using GH Actions and Trusted Publishing
    • make sure you use pypa/gh-action-pypi-publish, version v1.11.0 or newer
    • that’s it
  • If not
    • “Support for automatic attestation generation and publication from other Trusted Publisher environments is planned.”
    • “While not recommended, maintainers can also manually generate and publish attestations.”
• See also
  • PyPI Introduces Digital Attestations to Strengthen Python Package Security
    • by Sarah Gooding
  • Are we PEP 740 yet?

Michael #3: Django Rusty Templates

• by Lily Foote
• An experimental reimplementation of Django's templating language in Rust.
• Goals
  • 100% compatibility of rendered output.
  • Error reporting that is at least as useful as Django's errors.
  • Improved performance over Django's pure Python implementation.

Brian #4: PEP 639 is now supported by PYPI

• from Brett Cannon
• PEP 639 – Improving License Clarity with Better Package Metadata
• For project metadata, use these fields: license and license-files:

• Examples license field

  [project]
  license = "MIT"
  
  [project]
  license = "MIT AND (Apache-2.0 OR BSD-2-clause)"
  
  [project]
  license = "MIT OR GPL-2.0-or-later OR (FSFUL AND BSD-2-Clause)"
  
  [project]
  license = "LicenseRef-Proprietary"
  

• Examples of license-files:

  [project]
    license-files = ["LICEN[CS]E*", "AUTHORS*"]
  
    [project]
    license-files = ["licenses/LICENSE.MIT", "licenses/LICENSE.CC0"]
  
    [project]
    license-files = ["LICENSE.txt", "licenses/*"]
  
    [project]
    license-files = []
  

Extras

Brian:

• Playground Wisdom: Threads Beat Async/Await - interesting read from Armin Ronacher about different language abstractions around concurrency.
• PythonTest.com Discord community is now live
  • Launched last week, as of this morning we’ve got 89 members
  • Anyone already a pythontest community member has received an invite
  • Anyone can join through courses.pythontest.com
• Everything at pythontest.com is 20% off through Dec with code turkeysale2024
• “Python Testing with pytest” eBook 40% off through Dec 2, use code turkeysale2024

Michael:

• Python 3.14.0a2 released
• Starter packs:
  • Michael’s Python people: https://bsky.app/starter-pack/mkennedy.codes/3lbdnupl26e2x
  • Directory: https://blueskydirectory.com/starter-packs/all

Joke: curl - heavy metal style!