Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
#411 TLS Client: Hello <<guitar solo>>
- Talk Python rewritten in Quart
- PyPI now supports digital attestations
- Django Rusty Templates
- PEP 639 is now supported by PYPI
- Extras
- Joke
About the show
Sponsored by us! Support our work through:
Connect with the hosts
- Michael: @mkennedy@fosstodon.org / @mkennedy.codes
- Brian: @brianokken@fosstodon.org / @brianokken.bsky.social
- Show: @pythonbytes@fosstodon.org / @pythonbytes.bsky.social
Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too.
Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.
Michael #1: Talk Python rewritten in Quart
- Rewrote all of talkpython.fm in Quart (10k lines of code total, 4k changed)
- Considered
- FastAPI
- Litestar
- Django
- Hugo Static Site + Python
- Flask
- Discussed the multistage upgrade / conversion process
- Automating tests for all 1,000 pages
Brian #2: PyPI now supports digital attestations
- Dustin Ingram
- “Attestations provide a verifiable link to an upstream source repository: By signing with the identity of the upstream source repository, such as in the case of an upload of a project built with GitHub Actions, PyPI's support for digital attestations defines a strong and verifiable association between a file on PyPI and the source repository, workflow, and even the commit hash that produced and uploaded the file. Additionally, publishing attestations to a transparency log helps mitigate against both compromise of PyPI and compromise of the projects themselves.”
- For maintainers
- If using GH Actions and Trusted Publishing
- make sure you use pypa/gh-action-pypi-publish, version v1.11.0 or newer
- that’s it
- If not
- “Support for automatic attestation generation and publication from other Trusted Publisher environments is planned.”
- “While not recommended, maintainers can also manually generate and publish attestations.”
- If using GH Actions and Trusted Publishing
- See also
Michael #3: Django Rusty Templates
- by Lily Foote
- An experimental reimplementation of Django's templating language in Rust.
- Goals
- 100% compatibility of rendered output.
- Error reporting that is at least as useful as Django's errors.
- Improved performance over Django's pure Python implementation.
Brian #4: PEP 639 is now supported by PYPI
- from Brett Cannon
- PEP 639 – Improving License Clarity with Better Package Metadata
- For project metadata, use these fields: license and license-files:
Examples license field
[project] license = "MIT" [project] license = "MIT AND (Apache-2.0 OR BSD-2-clause)" [project] license = "MIT OR GPL-2.0-or-later OR (FSFUL AND BSD-2-Clause)" [project] license = "LicenseRef-Proprietary"
Examples of
license-files
:[project] license-files = ["LICEN[CS]E*", "AUTHORS*"] [project] license-files = ["licenses/LICENSE.MIT", "licenses/LICENSE.CC0"] [project] license-files = ["LICENSE.txt", "licenses/*"] [project] license-files = []
Extras
Brian:
- Playground Wisdom: Threads Beat Async/Await - interesting read from Armin Ronacher about different language abstractions around concurrency.
- PythonTest.com Discord community is now live
- Launched last week, as of this morning we’ve got 89 members
- Anyone already a pythontest community member has received an invite
- Anyone can join through courses.pythontest.com
- Everything at pythontest.com is 20% off through Dec with code turkeysale2024
- “Python Testing with pytest” eBook 40% off through Dec 2, use code turkeysale2024
Michael:
- Python 3.14.0a2 released
- Starter packs:
- Michael’s Python people: https://bsky.app/starter-pack/mkennedy.codes/3lbdnupl26e2x
- Directory: https://blueskydirectory.com/starter-packs/all
Joke: curl - heavy metal style!