Tootfinder

Opt-in global Mastodon full text search. Join the index!

@veit@mastodon.social
2026-06-10 06:46:21

📆 On 13 August, all #Berlin #Python user groups – @…, @…

@frankel@mastodon.top
2026-06-11 09:09:12

Vulnerability and malware checks in #uv
#python

@hynek@mastodon.social
2026-06-09 04:53:34

for no particular reason whatsoever, I've updated my guide on how to measure #Python coverage across GitHub Action containers without an external service (*cough* Codecov *cough*)
hynek.me/articles/ditch-codeco

@michabbb@social.vivaldi.net
2026-05-10 18:14:15

🎬 Supported events include batch job completion, video generation via #Veo, and agent workflow signals. One WebhookConfig object wired directly into your generate_videos() or batch call.
🐍 The #Python SDK makes it trivial — pass a WebhookConfig with your URI and subscribed events to any long-…

@mgorny@social.treehouse.systems
2026-05-11 03:18:59

Always appreciate how people release RCs to give others opportunity to test their changes early, then release final versions before the fixes for "breaks #Portage" kind of regressions introduced in the RCs are merged.
#Gentoo #Python #CPython

@jhelberg@mastodon.social
2026-06-08 13:17:22

So virtualenv solves the issue of brutal incompatibilities between python stuff (at the cost of huge amounts of diskspace), but the minute uwsgi comes into play, it is overboard and there is hardly any way to activate plugins for old python interpreters. #pythonwoes

@frankel@mastodon.top
2026-06-09 17:05:21

Are you really expected to run five type-checkers now?
#python

@stf@chaos.social
2026-05-03 13:50:18

wtf does everytime a new v of #python is rolled out in linux distros, all virtual envs break, and i do have to rebuild them manually. we're now 13 minor versions since py v2.7 and everything became worse since then. i have a stable app, and if python would not fuck up this i would not have to touch it in a decade, but because of this, i feel like i'm in the java ecosystem where work is gener…

@emilis@social.linux.pizza
2026-07-04 16:29:05

Who thought it was a good idea to put spinners in a shell script?
`pip install` has been running for a few minutes now at 100% CPU and all progress I see is an effing spinner on the last line.
Had to look at process list to see it's not stuck.
#python #pip

@frankel@mastodon.top
2026-06-26 17:01:54

PEP 832 – Virtual environment discovery
#python

@rasterweb@mastodon.social
2026-04-17 20:57:35

I do not get how Python's math.modf works...
Why do I get all the zeros or nines?
4.4 | 4.0 | 0.40000000000000036
4.5 | 4.0 | 0.5
4.6 | 4.0 | 0.5999999999999996
I can fix it with... more math, but maybe I am doing something wrong?
#python #math

@mgorny@social.treehouse.systems
2026-07-04 04:49:14

#Python Hypothesis package now requires #RustLang. This is a scale of reverse dependencies I can't handle. I guess this means it's the end of WD40 profiles on #Gentoo, and therefore the end of support for Alpha, ARM<v6, HPPA, M68k, i486 and some other random subsets of architectures and profiles. Thanks for all the fish, etc.
github.com/HypothesisWorks/hyp

@cdonat@hostsharing.coop
2026-05-25 12:12:44

Is it only me, or has the hashtag #Python converted in to a LinkedIn-like wave of marketing bullshit? I really like Python, and use it a lot, but this is becoming unbearable.

@veit@mastodon.social
2026-06-16 21:39:22

Taking Measure spoke to Guido van Rossum to find out more about #Python, what he gets up to in his spare time, and his brief spell at #nist

@adlerweb@social.adlerweb.info
2026-04-23 09:04:15

Falls ihr das #Python "dist"-Modul oder #Ansible nutzt und bei #Gentoo plötzlich für distribution/ansible_distribution/… falsche Werte erhaltet (z.B. ClearLinux):
Gentoo quo…

@stf@chaos.social
2026-05-03 13:51:08

why can't a minor version change not be goddamn backward compatible ffs.
#python

@michabbb@social.vivaldi.net
2026-07-04 01:55:57

🧩 Rich plugin ecosystem: hundreds of plugins run tasks anywhere — local, SSH, #Docker, #Kubernetes or serverless task runners — and code in any language including #Python, Node.js, R, Go and S…

@hynek@mastodon.social
2026-05-30 12:08:13

I’d like to announce the most unlikely #Python package release:
service-identity 26.1.0, the best way to verify if a certificate is valid for a hostname, IP, or URI is out!
The main change is that we were able to switch from pyasn1 (thank you for more than a decade of great service! 🫡💛) to do everything within PyCA's cryptography.

@mgorny@social.treehouse.systems
2026-07-04 13:51:09

And the next big blocker for #Python 3.15 in #Gentoo is time-machine. Which is obviously broken. There's a patch but it's #slop and complex, and it's sitting for 3 months already with no reply. Because obviously patching CPython internals is so much a better idea than freezegun ever were. All these time-based tests need all the ricing you can get; portability doesn't matter.
github.com/adamchainz/time-mac

@frankel@mastodon.top
2026-06-09 17:05:21

Are you really expected to run five type-checkers now?
#python

@frankel@mastodon.top
2026-06-23 09:13:33

#Python 3.15 #Lazy #Imports: Faster Startup Times and the Design Behind PEP 810

@datascience@genomic.social
2026-05-15 10:00:00

Video tutorials for modern ideas and open source tools. #python

@mgorny@social.treehouse.systems
2026-06-30 13:07:57

The conclusion from a big #Python 3.15 #Gentoo porting run today: the most common kind of #NIH Python package is one providing colorful output on the terminal…

@mgorny@social.treehouse.systems
2026-06-29 12:42:29

I have a #Python favor to ask. Could someone look at Python 3.15 test failures in itsdangerous? It's blocking quite a large part of package dependency graph in #Gentoo, and the failure looks, errr, dangerous.
github.com/pallets/itsdangerou

@mgorny@social.treehouse.systems
2026-06-01 02:39:46

It's always important to have a consistent #security policy.
For example, a policy of "If somebody filed a CVE, it's an important security issue, and we will fix it as such, no matter how meaningless the fix is. If nobody did, it's just a glorified bug fix, no matter how serious the bug was."
So we've just seen a #pip security release over "installing random packages can overwrite pip's files and pip can lazy-import some of them immediately afterwards", with a fix of "pip will no longer load them until you run it again" (leaving the underlying security issue of "any #Python package can override files installed by any other Python package" as intended behavior). As Eli Schwartz beautifully put it, you are not expected to be using the virtual environment; you should create it, install packages into it (at most once!), and then frame it and put it on the wall to admire.
Now we're seeing a "bug fix" for "malicious entry point names can write outside of virtual environment". If nobody filed a CVE, it's obviously not a security issue at all. At least upstream graced us with fixing it without correcting the spec to forbid that first.
github.com/pypa/pip/issues/140

@hynek@mastodon.social
2026-04-15 04:42:31

I’m shocked I haven’t sold out PyTexas yet! What’s up Austin, I even got a fresh haircut! #Python
pretix.eu/pytexas/2026/

@mgorny@social.treehouse.systems
2026-06-01 12:39:41

The #Gentoo #Python 3.14 switch / 3.11 3.13t removal PR is green. Doing some final testing locally before merging it (one that involves 350 "merge wait" packages, what could possibly go wrong…).
codeberg.org/gentoo/gentoo/pul

@mgorny@social.treehouse.systems
2026-04-30 04:07:02

I think we should EOL #Python versions more often. This triggers not-very-active projects to finally make a release, including another batch of releases today (apparently 6 months mark). Unlike, I don't know, bug fixes.
#Gentoo

@hynek@mastodon.social
2026-04-13 17:49:06

Here’s stamina 26.1.0, my opinionated #Python retry package, that now supports more than 1024 retries for the cases when you need A LOT of stamina: github.com/hynek/stamina/relea

@mgorny@social.treehouse.systems
2026-05-30 04:06:44

0 days since we went from "we should replace `setup.py` with a bunch of standardized #PEP517 backends" to "every package must have its own local PEP517 backend".
#Python

@hynek@mastodon.social
2026-04-12 09:33:20

Maintainer friends of wheel-heavy #Python packages: do we already have some practical, standard way to automatically upload all the cibuildwheel output across all architectures? My current workflow is a) a pain in the ass and b) requires me to have one last PyPI upload token.

@mgorny@social.treehouse.systems
2026-05-28 03:38:25

> No significant changes.
Looks inside.
> Significant changes.
#Python

@tomkalei@machteburch.social
2026-04-20 11:00:24

Here is a quine in #lean
def main : IO Unit := do
let s := "\n IO.print (\"def main : IO Unit := do\\n let s := \" s.quote s)\n"
IO.print ("def main : IO Unit := do\n let s := " s.quote s)
S is code to print the preamble P, then S quoted and then S.
If you want to test it, make sure there is a newline at the end of the file because S ends in "\n".
#Python:
s = '\nprint("s = " repr(s) s)'
print("s = " repr(s) s)
2/2

@mgorny@social.treehouse.systems
2026-05-25 19:42:28

I've been sad about the upcoming removal of #PyPy from #Gentoo, but given how many regressions I've been seeing recently in a variety of #Python packages, I'm eagerly waiting for the day when I'll remove the support and be able to stop having to deal with the test failures somehow. Not that at this point any other way of dealing besides skipping them makes any sense.

@mgorny@social.treehouse.systems
2026-05-22 03:11:10

If #Python package releases continue at this rate, I'm going to have to start getting up earlier.
Or just stop doing all of them in the morning.
#Gentoo

@michabbb@social.vivaldi.net
2026-04-11 20:43:48

♿ First #opensource end-to-end PDF accessibility tool: layout analysis − auto-tagging − Tagged PDF (Apache 2.0, Q2 2026). Built with PDF Association & veraPDF devs
🔗 #LangChain integration, #Python

@mgorny@social.treehouse.systems
2026-05-21 11:06:01

> #Python Stable ABI
> makes extensions unstable (they start segfaulting)
github.com/pikepdf/pikepdf/iss

@mgorny@social.treehouse.systems
2026-05-19 05:12:35

Always appreciate #Python package developers being responsible about API stability, and… [checks notes]… raising the major version number over a "minor API tweak", then delaying the release until a security fix demanded one.
#packaging

@mgorny@social.treehouse.systems
2026-06-17 02:41:18

0 days since provenance checks protected us from [checks notes] another project starting to upload distributions via #uv.
#Python #security

@mgorny@social.treehouse.systems
2026-05-16 06:30:31

Yes, please reinvent more wheels by rewriting #Python logic in #RustLang. What could possibly go wrong?!
github.com/awolverp/cachebox/i

@mgorny@social.treehouse.systems
2026-04-20 01:58:52

How to get a package removed from #Gentoo?
1. Add a new #NIH dependency.
2. The dependency turns out to use coherent.build. Nightmare! Oh, wait, apparently coherent.build generates source distributions that use flit.core (understandable; coherent.build is unusable).
3. The dependency depends on chardet (the project famous for GPL copywashing). Okay, technically it works with the older version, and the dependency is optional with poor person's fallback, so I guess it would be fine.
4. But hey, this package is not used by anything, and the last package using it in Gentoo was removed in 2020, after not being touched for 4 years already. Also, that package is not maintained upstream since 2017, so I guess there's negligible risk of it ever coming back.
#Python

@mgorny@social.treehouse.systems
2026-06-17 14:36:12

Does anyone happen to know if #PSF is processing contributing membership applications? Mine is stuck with no reply for almost 2 months now, and I'm wondering if it's just normal delay or something went wrong.
#Python

@mgorny@social.treehouse.systems
2026-04-15 05:00:43

The state of #security these days: #Python #virtualenv package now includes SHA256 sums of their bundled wheels, declaring that it protects against "supply-chain compromise". Because obviously there are so many attack vectors that permit you to alter a .whl file but not the .py file in the same directory.
No, I'm not saying verifying checksum makes no sense, because indeed it can save some pain if fs is damaged somehow. However, calling this a "security" feature is a misnomer at best, and openly giving people false sense of security at worst.

@mgorny@social.treehouse.systems
2026-05-13 14:52:16

One of my strong suites in all the packaging work is the knowledge in my head.
"Why don't you write it down for others to benefit from, then?", you'd ask.
The thing is, this knowledge is basically "hot cache". I'm bumping hundreds of #Python packages in #Gentoo, so I remember stuff. And because of that, I can quickly notice some things or answer some questions.
If that were written down, the effort needed to find it would diminish all the gain. I mean, technically *it is* already written down, and the whole point is that I have it "cached".

@mgorny@social.treehouse.systems
2026-06-02 13:13:05

Well, we've finally packaged #Valkey (another #Redis fork) in #Gentoo, along with its #Python bindings.
Not that we wanted to, but #FakeRedis now started requiring it for tests so heavily that it was too much effort to patch it out. Just to be clear, it just requires the Python bindings, because its test suite happily runs against either Redis or Valkey, and literally doesn't support testing against both simultaneously. But to add the bindings, we needed the database to test them against. And since I've added the package too, I've put a lot of effort (and swearing) to test FakeRedis against both servers.
Should you be using Valkey? Well, let's put it like this. You shouldn't be using Redis, because it's enterprise quality shit. Valkey is roughly what happens when you fork enterprise quality shit and have no clue what you're doing. Though you are able to mostly get renaming right (one valkey-py test failed over the server calling itself "Valkey" rather than "Redis").
Disclaimer: I've only looked at the Python bindings. Maybe the maintainers are more knowledgeable with the server itself.

@mgorny@social.treehouse.systems
2026-05-05 05:25:48

#Python #cryptography library (yes, the one that criticizes everything and everyone) is now vibecoded. Our future is truly bright!
Noticed because apparently "Claude" wrote a test that OOM-ed my system. But hey, #RustLang protects against memory errors, so it's fine to vibecode your security critical components.
#security #AI #LLM #NoAI #NoLLM

@mgorny@social.treehouse.systems
2026-05-27 05:17:15

Anything great morning.
So now #Typer, the NIH #Python CLI library, decided to start bundling #Click. Why? Of course there's a lot of marketing bullshit behind it. Which ofc means they just don't want to be bothered about following the API, and take the easy way out.
Honestly, there is not a single week when I learn to hate Python even more. Slop-driven development.
EDIT: and ofc they immediately broke compatibility with vanilla click.
#Gentoo

@mgorny@social.treehouse.systems
2026-06-02 18:30:40

Fun fact: #Azure Pipelines don't support #YAML files with anchors/aliases.
Also fun fact: both #PyYAML and #RuamelYAML *insist* on emitting anchors/aliases, and at least the PyYAML authors seem pretty, errr, opinionated on emitting them.
#Python

@mgorny@social.treehouse.systems
2026-04-14 09:22:16

PSA: The annual #Gentoo #Python switch planned for 2026-06-01. CPython 3.14 becomes the default, 3.11 and #PyPy 3.11 go out. The latter fills me with sadness but keeping it is unrealistic now that projects are aggressively pushing for 3.12 .
Of course, we'll continue shipping the interpreters, so you can use venvs if you like. However, that's going to become harder to use since many projects either don't ship PyPy wheels or don't work on PyPy at all without patching.
We will revisit PyPy support if a version compatible with Python 3.12 appears in reasonable time.
public-inbox.gentoo.org/gentoo
public-inbox.gentoo.org/gentoo