Tootfinder

python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…

➡️ PyPI · The Python Package Index
#bookmarks

PEP 832 – Virtual environment discovery
#python

python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…

> No significant changes.
Looks inside.
> Significant changes.
#Python

Starlette, an open-source Python framework underpinning FastAPI, has a vulnerability, called BadHost, that can allow hackers to bypass authorization (Dan Goodin/Ars Technica)
https://arstechnica.com/information-te

Millions of AI agents imperiled by critical vulnerability in open source package
BadHost" was found in Starlette, a package with 325 million weekly downloads.

I got some Python code working yesterday after being convinced I could not figure it out… but figured it out!
Realized I needed extra code today, thought it would be a pain but figured it out in no time.
Maybe I can write Python okay…

from my link log —
Someone’s been messing with Python’s floating point subnormals!
https://moyix.blogspot.com/2022/09/someones-been-messing-with-my-subnormals.html
saved 2022-09-06

Someone’s Been Messing With My Subnormals!
TL;DR: After noticing an annoying warning, I went on an absurd yak shave, and discovered that because of a tiny handful of Python packages b...

@… @… @…
An ideal is that it should not happen.
The reality might be Python-related in…

My current task for our #VFXPipeline is to accomodate Windows users in a Linux pipeline. Easiest option: give every Photoshop artist a Linux workstation for Nuke. Seems to be a common thing. But out of curiosity (and to be prudent with hardware) I‘m trying to get everything working on Windows. A constant source of sadness I have to say, worse than UTF8 strings in Python 2.

Is it only me, or has the hashtag #Python converted in to a LinkedIn-like wave of marketing bullshit? I really like Python, and use it a lot, but this is becoming unbearable.

I’m organising the next @… meet-up, featuring a talk by Sam Bail on PySpark: https://www.meetup.com/python-users-berlin-pub/events/315354198…

Python Users Berlin (PUB): PySpark, Thu, Jul 2, 2026, 7:00 PM | Meetup
📆 Agenda * 19:00 Welcome to the PUB (Python Users Berlin) – setting up * 19:15 Main talk * 20:00 Lightning talks * 20:30 Social gathering 🎙 Main talk by [Sam Bail](http

#Python 3.15 #Lazy #Imports: Faster Startup Times and the Design Behind PEP 810

Analysis: the share of entry-level hiring in India's tech sector fell to ~15% in 2025 from 28% in 2024 as companies shifted focus to AI and automation roles (Tanya Pandey/The Economic Times)
https://economictimes.i…

India’s tech sector grows with fewer freshers as AI reshapes hiring
The share of entry-level hiring in the sector has fallen to around 15% in 2025 from 28% in 2024 as companies focus more on AI, cloud, cybersecurity and automation-focused roles. Emerging technology roles account for nearly 52% of hiring demand and are expected to touch 60% by the end of 2026, signalling a broader shift away from campus-led pyramid hiring model, experts said.

heise | Grundlagen in Python: Dictionarys meistern und Daten effizient organisieren
Mit Schlüssel-Wert-Paaren lassen sich Daten clever strukturieren. Wir zeigen, wie Sie Python-Dictionarys effizient erstellen und steuern.

Grundlagen in Python: Dictionarys meistern und Daten effizient organisieren
Mit Schlüssel-Wert-Paaren lassen sich Daten clever strukturieren. Wir zeigen, wie Sie Python-Dictionarys effizient erstellen und steuern.

Nature publishes a peer-reviewed paper alleging that Microsoft's 2025 quantum breakthrough claims were based on "basic Python errors" and data cherry-picking (Thomas Claburn/The Register)
https://www.theregiste…

Boffin claims Microsoft's supposed quantum leap does not compute due to 'basic Python errors'
Nature paper argues researchers cherry-picked data. Redmond insists its work is sound

Falls ihr das #Python "dist"-Modul oder #Ansible nutzt und bei #Gentoo plötzlich für distribution/ansible_distribution/… falsche Werte erhaltet (z.B. ClearLinux):
Gentoo quo…

Discovered a segfault in #FastAPI very strange, does only happen on MacOS with Python 3.14.0 ALPHA
The reason was that I was unaware that I ran an alpha version of Python 3.14.
FastAPI segfaults with Python 3.14.0 on MacOS · fastapi/fastapi · Discussion #15819

I've been sad about the upcoming removal of #PyPy from #Gentoo, but given how many regressions I've been seeing recently in a variety of #Python packages, I'm eagerly waiting for the day when I'll remove the support and be able to stop having to deal with the test failures somehow. Not that at this point any other way of dealing besides skipping them makes any sense.

for no particular reason whatsoever, I've updated my guide on how to measure #Python coverage across GitHub Action containers without an external service (*cough* Codecov *cough*)
https://hynek.me/articles/ditch-codeco

How to Ditch Codecov for Python Projects
Codecov’s unreliability breaking CI on my open source projects has been a constant source of frustration for me for years. I have found a way to enforce coverage over a whole GitHub Actions build matrix that doesn’t rely on third-party services.

Idea: statically typed language (or Python type checker?) Where types aren't declared, but can only be assigned by providing tests/examples that use that type. Examples could provide explicit type info where necessary, but code could not.
If it's not documented with an example, it's not safe to use with those types.

Taking Measure spoke to Guido van Rossum to find out more about #Python, what he gets up to in his spare time, and his brief spell at #nist

The Programming Language Named for Monty Python Evolved at NIST
The creator of the popular programming language Python worked at NIST while developing it.

Realization that 90% of the time I'm searching "the internet" I'm actually looking for results from the same 10 websites. All of which have their own search. Like wikipedia. Or docs.python.org. And I already know which one I want to search.
Most of what I want from a unified search head can be delivered by parsing out some prefix (wp, pydoc) and redirecting the rest onward. No mouse. No UI.
Thinking a browser is unnecessary until a result url is selected - I just want https://qsapp.com.

«YubiKey Manager — Sicherheitslücke ermöglicht Ausführung untergeschobenen Codes:
Yubico warnt vor einer Suchpfad-Schwachstelle im YubiKey Manager, libfido2 und python-fido2. Updates korrigieren die Fehler.»
Eine IT-Security Meldung die wirklich sicher ist und Updates nun wirklich sofort vor dem Wochenende gemacht werden müssen.
🔐

YubiKey Manager: Sicherheitslücke ermöglicht Ausführung untergeschobenen Codes
Yubico warnt vor einer Suchpfad-Schwachstelle im YubiKey Manager, libfido2 und python-fido2. Updates korrigieren die Fehler.

funny, codex is writing perl scripts where claude probably would be writing python scripts to solve bulk find/edit issues

I was on the #teachingpython podcast! I got to talk with Kelly and Julian about Python, #CircuitPython, UF2 bootloader troubles, and #embedded systems in general. It was a lot of fun.

I was on the #teachingpython podcast! I got to talk with Kelly and Julian about Python, #CircuitPython, UF2 bootloader troubles, and #embedded systems in general. It was a lot of fun.

Bookmarked: Phillip B. Ströbel: Von der Pythia zu Python. Einführung in die Programmierung für die Geschichtsforschung #Jupyter

Polars is a lightning fast DataFrame library/in-memory query engine with parallel execution and cache efficiency. And now you can use is with the tidyverse syntax: #rstats

More Efficient Tidyverse Code, Using Polars in the Background
Polars is a cross-language tool for manipulating very large data. However, one drawback is that the R implementation has a syntax that will look odd to many R users who are not used to Python syntax. The objective of tidypolars is to improve the ease-of-use of Polars in R by providing tidyverse syntax to polars.

One last example:
The first LLM code example that really made my eyes pop was early after the release of GPT, when somebody got it to combine Breakout with Conway’s Game of Life (a truly delightful idea). It worked!
Funny thing: the Breakout code and the Life code had a •completely• different style and flavor. Red flag. In about 15 minutes of web searching, I was able to find one of the projects (can’t remember if it was the Breakout or the Life half) which it had copied wholesale, with just a few variable renames. And the other half? It was in Python, but it used dictionaries where it really should have used objects — tons of `thing["prop"]` where it should have said `thing.prop`, and lots of other un-Pythonic stuff besides. It was a machine translate of code from another language, very likely Javascript.
The entire thing was a plagiarized Breakout and a plagiarized Game of Life, one transpiled, and all stuck together in a single run loop. To be fair, figuring out how to (1) run both halves of the logic from a single loop and (2) count the Life cells as Breakout bricks is work I'd cheer on from a second-semester intro CS student! It's not, however, quite what's being sold by these companies.
6/

Warum gibt es kein Python-only LLM?
Oder gibt es eins?

Läufer knipste Python - Würgeschlange mitten in der Steiermark gesichtet #News #Nachrichten

RE: https://seattle.pink/@mxchara/116750125454729237
The fact that (so far) Python is in the lead makes me sad.
Python is unfit for system administration. You’ll only convince me otherwise when every fucking Python program doesn’t need its own bespoke …

#Steady #Klimacrew
#Datenanalyse von #Stromspeicher​n: Wieso wirken manche

Batteriespeicher: Fehlersuche mit Vibe Coding in Python
Warum deine Flächendiagramme blass aussehen – und wie du mit einem simplen Python-Parameter satte Farben bekommst.

JAX-SCM v1.0: a modern atmospheric single-column model for boundary layer research
Maximilian Pierzyna
https://arxiv.org/abs/2605.24544 https://arxiv.org/pdf/2605.24544 https://arxiv.org/html/2605.24544
arXiv:2605.24544v1 Announce Type: new
Abstract: We present JAX-SCM v1.0, an open-source atmospheric single-column model for boundary layer research, implemented in Python using the JAX computing library. The model solves for horizontal wind, potential temperature, and specific humidity, combined with prognostic turbulent kinetic energy and turbulent statistics parameterized by the Mellor-Yamada-Nakanishi-Niino level-2.5 (MYNN-2.5) turbulence closure. We verify the implementation against three well-established benchmark cases covering neutral (turbulent Ekman layer), stable (GABLS1), and convective (Wangara Day 33) conditions. Close agreement with reference solutions is demonstrated across all regimes. By building on JAX, the model benefits from just-in-time compilation and native GPU support. While JAX-SCM is not yet fully differentiable, basing it on JAX also lays the foundation for future integration with machine learning components. The model is designed for simplicity and modularity, lowering the barrier to entry for users and developers alike.
toXiv_bot_toot

➡️ Beautiful Soup - Python Screen-Scraping
#bookmarks

python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…

from my link log —
Inside SPy: language semantics for a statically-typed compiled variant of Python.
https://antocuni.eu/2026/03/25/inside-spy-part-2-language-semantics/
saved 2026-05-23

Inside SPy, part 2: Language semantics
Language semantics: phases of execution, redshifting, static typing, and metaprogramming in SPy

I run 30 Docker containers and kept forgetting what was running where. So I built Cyberboard - a self-hosted dashboard with live health checks.
- Green/red status dots for every service
- Server-side checks (HTTPS, self-signed certs, auth)
- Built-in editor, drag-and-drop, emoji picker
- Tutorials, scratchpad, search, dark/light theme
- Single JSON file, no DB
- Python stdlib Preact, no build step

Wer heute auf der #bibliocon26 noch etwas Hands-On-Erfahrung mit Python und SRU- und SPARQL-Schnittstellen im Bibliotheks- bzw. #GLAM -Sektor sammeln möchte, den könnte folgendes Hands-on Lab (Raum 14, 16:30-18:30) interessieren:

Meanwhile, on the Python/Django side of life… Over the past few evenings I’ve made numerous updates and bug fixes to my reusable, pluggable, multi-user/multi-group task assignment system for Django. Live on the demo site and installable now. Hope it’s useful!
https://django-todo.org/

Noch ein paar der zuletzt hier besonders häufig geteilten #News:
„Copy Fail“: Linux-root in allen großen Distributionen mit 732 Byte Python

„Copy Fail“: Linux-root in allen großen Distributionen mit 732 Byte Python
Die Entdecker haben die root-Lücke im Linux-Kernel „Copy Fail“ getauft. Alle größeren Distributionen seit 2017 sind betroffen.

Monty Python and the Horny Grail
#MusicalInstrumentsMoviesOrPlays
#HashTagGames

A lot of open source projects take care to preserve compatibility with the past, so that changes do not break the projects of existing users.
But then there are others. In my list of "damn the past, full speed ahead on incompatible changes!!" are my most recent encounters:
- Python (not only was the Python 2 abandonment unforgivable and cost many of us a lot of useless conversion work, but the versions of Python 3 seem to change from one to the next to the degree that…

»Hey, KI! Bestimmt erinnerst du dich noch an die 150.000 Zeilen Code, die du mir vor so sieben, acht Monaten mal in Python vibecoded hast? Der müsste jetzt bitte auf das neue API angepasst werden. Und wenn du eh schon dabei bist: portiere das doch alles auch gleich noch von Python nach Rust.« 🤡 #justthinkin

wtf does everytime a new v of #python is rolled out in linux distros, all virtual envs break, and i do have to rebuild them manually. we're now 13 minor versions since py v2.7 and everything became worse since then. i have a stable app, and if python would not fuck up this i would not have to touch it in a decade, but because of this, i feel like i'm in the java ecosystem where work is gener…

If #Python package releases continue at this rate, I'm going to have to start getting up earlier.
Or just stop doing all of them in the morning.
#Gentoo

i'm so fucking sick of it
i've got ONE extremely simple and extremely explicit contribution rule/brown m&m test: do not delete the PR checklist
since i'm busy getting structlog out, I’ve let the attrs bug tracker a bit off the leash
go & count for yourself how many PRs opened in the past month followed that instruction.
(and of course, this is not about bureaucracy; they violate many of the important items on that list)

Pull requests · python-attrs/attrs
Python Classes Without Boilerplate. Contribute to python-attrs/attrs development by creating an account on GitHub.

📆 On 13 August, all #Berlin #Python user groups – @…, @…

Python in Berlin BBQ @ c-base, Thu, Aug 13, 2026, 7:00 PM | Meetup
Normally we announce our talks here, but this time we are taking a short summer break and therefore invite you to a barbecue at the Spree. The BBQ is for all Berlin Python

Someone in another country apparently gave their students the task to reproduce one of our studies but gave them no guidance on how to do it 😬 I'm really sorry, not-my-students but I can't give you individual tutoring on experimental methods, data analysis, Python and statistics this week. Sorry your prof sucks 🙃 #academicChatter

I updated my orange pi zero to #openbsd 7.9 really easily with the sysupgrade command. Easier than debian and alpine and the other operating systems.
I am running a #tor site on it that displays the system information from a python script I made.
You can view it here:

Mir fehlte ein simples Tetris ohne Werbung, Irgendwas-Mode und Krimskrams. Geht (dank Python und der sehr praktischen pyGame-Library) auch ohne Vibecoding. Auch wenn's trivial ist: das Gefühl, selbst eine gute Lösung gefunden zu haben, wie sich etwas programmieren lässt, ist immer noch ein sehr gutes ;)

I'm exploring installing R and other stuff on Windows for planning teaching, and I found an answer to a question I didn't know I needed to ask: Don't install R, RStudio, Python, Julia etc on OneDrive
https://tclark89.github.io/quarto-blog/posts/2022-09-20-…

Har scriptat upp en oöverskådlig excelfil med hjälp av python. Alltså - att köra en mönsterigenkänning först och sedan normalisera svar gör 5 heldagars arbete möjligt att göra på 2 timmar (debugg i Lumo dock).
Nu kan jag lägga 2 timmar på att dubbelkolla att scriptet inte gjort fel - det sköna är att om fel finns är det systematiskt och då kan jag sluta söka vid ett enda fel.
Jag känner mig faktiskt cool just nu

🎬 Supported events include batch job completion, video generation via #Veo, and agent workflow signals. One WebhookConfig object wired directly into your generate_videos() or batch call.
🐍 The #Python SDK makes it trivial — pass a WebhookConfig with your URI and subscribed events to any long-…

I have just published a new bug fixes minor release for #Diaphora, version 3.4.1.
https://github.com/joxeankoret/diaphora/releases/tag/3.4.1

Release Diaphora 3.4.1 · joxeankoret/diaphora
This is a minor bug fixes release. MISC: Added requirements.txt BUG: Both quick_ratio and real_quick_ratio were wrongly checking buf1 and buf2, issue #354. BUG: Project specific Python scripts were...

I do not get how Python's math.modf works...
Why do I get all the zeros or nines?
4.4 | 4.0 | 0.40000000000000036
4.5 | 4.0 | 0.5
4.6 | 4.0 | 0.5999999999999996
I can fix it with... more math, but maybe I am doing something wrong?
#python #math

It strikes me that one of the things LLMs rob us of is the exact kind of serendipity that much of OSS relies on.
I was just looking something up on https://docs.python.org, which lead me to stumble on a line of documentation entirely irrelevant to what I was trying to do - But it caught my eye because…

The Java Geek Weekly special "pneumonia during a heatwave" 🥵🤒 edition is out.
Get it before it's too late!
https://blog.frankel.ch/java-geek-weekly/142/

Unexpected

> #Python Stable ABI
> makes extensions unstable (they start segfaulting)
https://github.com/pikepdf/pikepdf/issues/723#issuecomment-4507472913

Einige der zuletzt hier besonders häufig geteilten #News:
„Copy Fail“: Linux-root in allen großen Distributionen mit 732 Byte Python

„Copy Fail“: Linux-root in allen großen Distributionen mit 732 Byte Python
Die Entdecker haben die root-Lücke im Linux-Kernel „Copy Fail“ getauft. Alle größeren Distributionen seit 2017 sind betroffen.

> We introduce gpusnek, a fully functional Python interpreter ported to CUDA, enabling execution of arbitrary Python code directly on the GPU by running one whole interpreter on every CUDA core/thread. This is a tremendously bad idea, but for the duration of this paper we pretend that it is not
[Josef Dean in SIGBOVIK 2026]

So virtualenv solves the issue of brutal incompatibilities between python stuff (at the cost of huge amounts of diskspace), but the minute uwsgi comes into play, it is overboard and there is hardly any way to activate plugins for old python interpreters. #pythonwoes

Video tutorials for modern ideas and open source tools. #python

Code. Simply. Clearly. Calmly.
Short and simple video lessons that start from scratch. Tools and thoughts that might make your professional life more enjoyable.

Yesterday I discovered endlessh (https://github.com/skeeto/endlessh), which is a tarpit for those SSH login guessing bots. I made a little Python script that filters its logs and gives me some stats.
It's a lot of fun to see them get trapped, and I'm also having fun looking up from which count…

python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…

@… thanks!
Marimo OSS Python Notebook RCE: From Disclosure to Exploitation in Under 10 Hours | Sysdig — <https://www.

Anything great morning.
So now #Typer, the NIH #Python CLI library, decided to start bundling #Click. Why? Of course there's a lot of marketing bullshit behind it. Which ofc means they just don't want to be bothered about following the API, and take the easy way out.
Honestly, there is not a single week when I learn to hate Python even more. Slop-driven development.
EDIT: and ofc they immediately broke compatibility with vanilla click.
#Gentoo

I’m shocked I haven’t sold out PyTexas yet! What’s up Austin, I even got a fresh haircut! #Python
https://pretix.eu/pytexas/2026/

PyTexas 2026
April 17 – 19, 2026

from my link log —
Plotnine: grammar of graphics for Python.
https://plotnine.org/
saved 2026-04-20 https://dotat.at/:/96VP8.html…

Plotnine

If uv is not available in a Python environment, you can still specify the versions using pylock.toml. We have described how to do this here: https://python-basics-tutorial.readthedocs.io/en/latest/libs/install.html#of-packages

Adding more Python libraries
Although Python’ „Batteries included“ philosophy means that you can already do a lot with the default installation of Python, there will inevitably come a situation where you need functionality tha...

Vulnerability and malware checks in #uv
#python

python_dependency: Python Dependency Network
Python's package dependency networks. Nodes in the network are Python's packages registered to PyPI and edges are dependencies among packages.
This network has 58743 nodes and 108399 edges.
Tags: Technological, Software, Unweighted
https://networks.sk…

Beautiful palettes based on art for R and python: #rstats #ggplot

Here’s stamina 26.1.0, my opinionated #Python retry package, that now supports more than 1024 retries for the cases when you need A LOT of stamina: https://github.com/hynek/stamina/releases/tag/26…

Release 26.1.0 · hynek/stamina
Highlights stamina now allows more than 1024 retries by handling overflows and warns on a footgun. Full changelog below! Special Thanks This release would not be possible without my generous sponso...

#TGIQF: „Das Leben des Brian“ — Das Quiz rund zu Monty Pythons Filmklassiker
Die Komödie "Das Leben des Brian" sorgte 1979 für reichlich Gelächter und kirchliche Pikiertheit. Wir würdigen den Monty-Python-Klassiker mit einem Quiz.

#TGIQF: Das Quiz rund um „Das Leben des Brian“
Die Komödie "Das Leben des Brian" sorgte 1979 für reichlich Gelächter und kirchliche Pikiertheit. Wir würdigen den Monty-Python-Klassiker mit einem Quiz.

Yeah, life's just peachy-keen over on the California whacko site

from my link log —
Someone’s been messing with Python’s floating point subnormals!
https://moyix.blogspot.com/2022/09/someones-been-messing-with-my-subnormals.html
saved 2022-09-06

Someone’s Been Messing With My Subnormals!
TL;DR: After noticing an annoying warning, I went on an absurd yak shave, and discovered that because of a tiny handful of Python packages b...

#Steady #Klimacrew
#Datenanalyse von #Stromspeicher​n: Falsche Diagrammwerte können au…

Stromspeicher: Dublettencheck in den Analysedaten
Dubletten in Stromspeicher-Daten? So wurden sie mit gezieltem Python-Filtering in der Datenanalyse erkannt und behandelt.

For a tool I'm writing I need to do some web searches from time to time. Mostly from Python. What can I use without having to buy/get an API key? Anything as of today that still works?

Always appreciate #Python package developers being responsible about API stability, and… [checks notes]… raising the major version number over a "minor API tweak", then delaying the release until a security fix demanded one.
#packaging

Maintainer friends of wheel-heavy #Python packages: do we already have some practical, standard way to automatically upload all the cibuildwheel output across all architectures? My current workflow is a) a pain in the ass and b) requires me to have one last PyPI upload token.

from my link log —
Nornir: an automation framework in Python.
https://nornir.readthedocs.io/en/latest/
saved 2020-03-23 https://dotat.a…

How to get a package removed from #Gentoo?
1. Add a new #NIH dependency.
2. The dependency turns out to use coherent.build. Nightmare! Oh, wait, apparently coherent.build generates source distributions that use flit.core (understandable; coherent.build is unusable).
3. The dependency depends on chardet (the project famous for GPL copywashing). Okay, technically it works with the older version, and the dependency is optional with poor person's fallback, so I guess it would be fine.
4. But hey, this package is not used by anything, and the last package using it in Gentoo was removed in 2020, after not being touched for 4 years already. Also, that package is not maintained upstream since 2017, so I guess there's negligible risk of it ever coming back.
#Python

Does anyone happen to know if #PSF is processing contributing membership applications? Mine is stuck with no reply for almost 2 months now, and I'm wondering if it's just normal delay or something went wrong.
#Python

anyone out there who could look at how I'm trying to build pyemscripten wheels for argon2-cffi? at 71 million downloads per month I suspect there might be some demand for wasm wheels, but I've never used any of this so I'm just reading blog posts and guessing
https://github.com/hynek/argon2-cffi-b

Build pyemscripten wheels by hynek · Pull Request #129 · hynek/argon2-cffi-bindings
Low-level Python CFFI Bindings for Argon2. Contribute to hynek/argon2-cffi-bindings development by creating an account on GitHub.

Are you really expected to run five type-checkers now?
#python

0 days since provenance checks protected us from [checks notes] another project starting to upload distributions via #uv.
#Python #security

httpx2 has proper API docs and intersphinx 🥲
now they just need to start using it themselves in their narrative docs 😅
https://github.com/hynek/stamina/commit/63663956d99aea06b8350293c0a7b12353793d12

docs: httpx2 has intersphinx 🥲 · hynek/stamina@6366395
Production-grade retries for Python. Contribute to hynek/stamina development by creating an account on GitHub.

@… I gave this thing a try today... 😉
https://codeberg.org/jjg/paxton

paxton
A search engine in about 100 lines of Python

Yes, please reinvent more wheels by rewriting #Python logic in #RustLang. What could possibly go wrong?!
https://github.com/awolverp/cachebox/issues/51

from my link log —
A simple Daikon-style runtime invariant miner for Python.
https://rahul.gopinath.org/post/2026/05/09/simple-invariant-miner/
saved 2026-05-15

Pablo Python nailed the Tim Apple impression #PyConUS

The state of #security these days: #Python #virtualenv package now includes SHA256 sums of their bundled wheels, declaring that it protects against "supply-chain compromise". Because obviously there are so many attack vectors that permit you to alter a .whl file but not the .py file in the same directory.
No, I'm not saying verifying checksum makes no sense, because indeed it can save some pain if fs is damaged somehow. However, calling this a "security" feature is a misnomer at best, and openly giving people false sense of security at worst.

One of my strong suites in all the packaging work is the knowledge in my head.
"Why don't you write it down for others to benefit from, then?", you'd ask.
The thing is, this knowledge is basically "hot cache". I'm bumping hundreds of #Python packages in #Gentoo, so I remember stuff. And because of that, I can quickly notice some things or answer some questions.
If that were written down, the effort needed to find it would diminish all the gain. I mean, technically *it is* already written down, and the whole point is that I have it "cached".

I’d like to announce the most unlikely #Python package release:
service-identity 26.1.0, the best way to verify if a certificate is valid for a hostname, IP, or URI is out!
The main change is that we were able to switch from pyasn1 (thank you for more than a decade of great service! 🫡💛) to do everything within PyCA's cryptography.

Release 26.1.0 · pyca/service-identity
Highlights The true highlight is that thanks to cryptography 47, we can drop two dependencies (that have served use very well for more than a decade; thank you so much pyasn1 maintainers!). Full c...

It's always important to have a consistent #security policy.
For example, a policy of "If somebody filed a CVE, it's an important security issue, and we will fix it as such, no matter how meaningless the fix is. If nobody did, it's just a glorified bug fix, no matter how serious the bug was."
So we've just seen a #pip security release over "installing random packages can overwrite pip's files and pip can lazy-import some of them immediately afterwards", with a fix of "pip will no longer load them until you run it again" (leaving the underlying security issue of "any #Python package can override files installed by any other Python package" as intended behavior). As Eli Schwartz beautifully put it, you are not expected to be using the virtual environment; you should create it, install packages into it (at most once!), and then frame it and put it on the wall to admire.
Now we're seeing a "bug fix" for "malicious entry point names can write outside of virtual environment". If nobody filed a CVE, it's obviously not a security issue at all. At least upstream graced us with fixing it without correcting the spec to forbid that first.
https://github.com/pypa/pip/issues/14000

The #Gentoo #Python 3.14 switch / 3.11 3.13t removal PR is green. Doing some final testing locally before merging it (one that involves 350 "merge wait" packages, what could possibly go wrong…).
https://codeberg.org/gentoo/gentoo/pulls/1031

I think we should EOL #Python versions more often. This triggers not-very-active projects to finally make a release, including another batch of releases today (apparently 6 months mark). Unlike, I don't know, bug fixes.
#Gentoo