Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.

#392 The votes have been counted

July 17, 2024 00:25:44 21.83 MB Downloads: 0
Topics covered in this episode:
Watch on YouTube

About the show

Sponsored by Code Comments, an original podcast from RedHat: pythonbytes.fm/code-comments

Connect with the hosts

Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesdays at 10am PT. Older video versions available there too.

Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.

Brian #1: 2024 PSF Board Election & Proposed Bylaw Change Results

  • New board members
    • Tania Allard
    • KwonHan Bae
    • Cristián Maureira-Fredes
  • Congrats to new board members
  • If you want to consider becoming a board member, there are 4 seats up for vote next year.
  • All 3 bylaw changes passed, by a wide margin.
    • Details of changes
    • Change 1: Merging Contributing and Managing member classes
    • Change 2: Simplifying the voter affirmation process by treating past voting activity as intent to continue voting
    • Change 3: Allow for removal of Fellows by a Board vote in response to Code of Conduct violations, removing the need for a vote of the membership

Michael #2: SATYRN: A modern Jupyter client for Mac

  • A Jupyter client app for macOS
  • Comes with a command palette
  • LLM assistance (local or cloud?)
  • Built in Black formatter
  • Currently in alpha
  • Business model unknown

Brian #3: Incident Report: Leaked GitHub Personal Access Token

  • Suggested by Galen Swint
  • See also JFrog blog: Binary secret scanning helped us prevent (what might have been) the worst supply chain attack you can imagine
  • A GitHub access token found it’s way into a .pyc file, then into a docker image.
  • JFrog found it through some regular scans.
  • JFrog notified PYPI security.
  • Token was destroyed within 17 minutes. (nice turnaround)
  • Followup scan revealed that no harm was done.
  • Takaways (from Ee Durbin):
    • Set aggressive expiration dates for API tokens (If you need them at all)
    • Treat .pyc files as if they were source code
    • Perform builds on automated systems from clean source only.

Michael #4: Extra extra extra

Extras

Brian:

  • A new pytest course in the works
    • Quick course focusing on
      • core pytest features + some strategy and Design for Testability concepts
    • Idea
      • everyone on the team (including managers) can take the new course.
      • 1-2 people on a team take “The Complete pytest Course” to become the teams local pytest experts.
  • Python People is on an indefinite hold
  • Python Test → back to Test & Code (probably)
    • I’m planning a series (maybe a season) on TDD which will be language agnostic.
    • Plus I still have tons of Test & Code stickers and no Python Test stickers.
    • New episodes planned for August

Joke: I need my intellisense (autocomplete)