Tootfinder

I do not get how Python's math.modf works...
Why do I get all the zeros or nines?
4.4 | 4.0 | 0.40000000000000036
4.5 | 4.0 | 0.5
4.6 | 4.0 | 0.5999999999999996
I can fix it with... more math, but maybe I am doing something wrong?
#python #math

Taking Measure spoke to Guido van Rossum to find out more about #Python, what he gets up to in his spare time, and his brief spell at #nist

The Programming Language Named for Monty Python Evolved at NIST
The creator of the popular programming language Python worked at NIST while developing it.

Does anyone happen to know if #PSF is processing contributing membership applications? Mine is stuck with no reply for almost 2 months now, and I'm wondering if it's just normal delay or something went wrong.
#Python

I’m shocked I haven’t sold out PyTexas yet! What’s up Austin, I even got a fresh haircut! #Python
https://pretix.eu/pytexas/2026/

PyTexas 2026
April 17 – 19, 2026

Video tutorials for modern ideas and open source tools. #python

Code. Simply. Clearly. Calmly.
Short and simple video lessons that start from scratch. Tools and thoughts that might make your professional life more enjoyable.

Yes, please reinvent more wheels by rewriting #Python logic in #RustLang. What could possibly go wrong?!
https://github.com/awolverp/cachebox/issues/51

Vulnerability and malware checks in #uv
#python

for no particular reason whatsoever, I've updated my guide on how to measure #Python coverage across GitHub Action containers without an external service (*cough* Codecov *cough*)
https://hynek.me/articles/ditch-codeco

How to Ditch Codecov for Python Projects
Codecov’s unreliability breaking CI on my open source projects has been a constant source of frustration for me for years. I have found a way to enforce coverage over a whole GitHub Actions build matrix that doesn’t rely on third-party services.

0 days since provenance checks protected us from [checks notes] another project starting to upload distributions via #uv.
#Python #security

📆 On 13 August, all #Berlin #Python user groups – @…, @…

Python in Berlin BBQ @ c-base, Thu, Aug 13, 2026, 7:00 PM | Meetup
Normally we announce our talks here, but this time we are taking a short summer break and therefore invite you to a barbecue at the Spree. The BBQ is for all Berlin Python

🎬 Supported events include batch job completion, video generation via #Veo, and agent workflow signals. One WebhookConfig object wired directly into your generate_videos() or batch call.
🐍 The #Python SDK makes it trivial — pass a WebhookConfig with your URI and subscribed events to any long-…

wtf does everytime a new v of #python is rolled out in linux distros, all virtual envs break, and i do have to rebuild them manually. we're now 13 minor versions since py v2.7 and everything became worse since then. i have a stable app, and if python would not fuck up this i would not have to touch it in a decade, but because of this, i feel like i'm in the java ecosystem where work is gener…

The state of #security these days: #Python #virtualenv package now includes SHA256 sums of their bundled wheels, declaring that it protects against "supply-chain compromise". Because obviously there are so many attack vectors that permit you to alter a .whl file but not the .py file in the same directory.
No, I'm not saying verifying checksum makes no sense, because indeed it can save some pain if fs is damaged somehow. However, calling this a "security" feature is a misnomer at best, and openly giving people false sense of security at worst.

Here’s stamina 26.1.0, my opinionated #Python retry package, that now supports more than 1024 retries for the cases when you need A LOT of stamina: https://github.com/hynek/stamina/releases/tag/26…

Release 26.1.0 · hynek/stamina
Highlights stamina now allows more than 1024 retries by handling overflows and warns on a footgun. Full changelog below! Special Thanks This release would not be possible without my generous sponso...

#Steady #Klimacrew
#BahnMonitor-Projekt: 7. Zufall ist nicht gleich Zufall. 🤭
Nach der Verspätungsmeldung kommt ein Wissenshäppchen. Der

Python-Projekt mit Bahn-API: 7. JSON-Wissenshäppchen: Zufall clever gemacht
So ergänzt dein Python-Bot Mastodon-Posts mit JSON-Wissenshäppchen – zufällig ausgewählt und fair rotiert.

So virtualenv solves the issue of brutal incompatibilities between python stuff (at the cost of huge amounts of diskspace), but the minute uwsgi comes into play, it is overboard and there is hardly any way to activate plugins for old python interpreters. #pythonwoes

Are you really expected to run five type-checkers now?
#python

Maintainer friends of wheel-heavy #Python packages: do we already have some practical, standard way to automatically upload all the cibuildwheel output across all architectures? My current workflow is a) a pain in the ass and b) requires me to have one last PyPI upload token.

Is it only me, or has the hashtag #Python converted in to a LinkedIn-like wave of marketing bullshit? I really like Python, and use it a lot, but this is becoming unbearable.

Falls ihr das #Python "dist"-Modul oder #Ansible nutzt und bei #Gentoo plötzlich für distribution/ansible_distribution/… falsche Werte erhaltet (z.B. ClearLinux):
Gentoo quo…

One of my strong suites in all the packaging work is the knowledge in my head.
"Why don't you write it down for others to benefit from, then?", you'd ask.
The thing is, this knowledge is basically "hot cache". I'm bumping hundreds of #Python packages in #Gentoo, so I remember stuff. And because of that, I can quickly notice some things or answer some questions.
If that were written down, the effort needed to find it would diminish all the gain. I mean, technically *it is* already written down, and the whole point is that I have it "cached".

#Steady #Klimacrew
#BahnMonitor-Projekt: 5. Automatisierte Skripte brauchen Kontrolle – besonders bei API-Aufrufen.
Jetzt bekommt das

Python-Projekt mit Bahn-API: 5. Fehlerprotokollierung und Logfile
So richtest du Logging in deinem Python-Projekt ein: UTF-8-Logfile, CSV-Struktur, automatische Dateierstellung inklusive.

Looks like there is another supply chain attack on open source, this time the #python based #litellm package. I had a look at the #github page and I can see over a thousand open pull requests and a core t…

why can't a minor version change not be goddamn backward compatible ffs.
#python

🛠️ Code generation with diff preview, cURL builder from captured requests, one-click request replay, VS Code-style command palette (Ctrl K), built-in Swagger UI & dark/light theme with PWA offline support
🌐 Language-agnostic API (#OpenAPI 3.1) - send debug data from #Python,

Vulnerability and malware checks in #uv
#python

♿ First #opensource end-to-end PDF accessibility tool: layout analysis − auto-tagging − Tagged PDF (Apache 2.0, Q2 2026). Built with PDF Association & veraPDF devs
🔗 #LangChain integration, #Python

I’d like to announce the most unlikely #Python package release:
service-identity 26.1.0, the best way to verify if a certificate is valid for a hostname, IP, or URI is out!
The main change is that we were able to switch from pyasn1 (thank you for more than a decade of great service! 🫡💛) to do everything within PyCA's cryptography.

Release 26.1.0 · pyca/service-identity
Highlights The true highlight is that thanks to cryptography 47, we can drop two dependencies (that have served use very well for more than a decade; thank you so much pyasn1 maintainers!). Full c...

It's always important to have a consistent #security policy.
For example, a policy of "If somebody filed a CVE, it's an important security issue, and we will fix it as such, no matter how meaningless the fix is. If nobody did, it's just a glorified bug fix, no matter how serious the bug was."
So we've just seen a #pip security release over "installing random packages can overwrite pip's files and pip can lazy-import some of them immediately afterwards", with a fix of "pip will no longer load them until you run it again" (leaving the underlying security issue of "any #Python package can override files installed by any other Python package" as intended behavior). As Eli Schwartz beautifully put it, you are not expected to be using the virtual environment; you should create it, install packages into it (at most once!), and then frame it and put it on the wall to admire.
Now we're seeing a "bug fix" for "malicious entry point names can write outside of virtual environment". If nobody filed a CVE, it's obviously not a security issue at all. At least upstream graced us with fixing it without correcting the spec to forbid that first.
https://github.com/pypa/pip/issues/14000

Are you really expected to run five type-checkers now?
#python

1. Do random changes to cython-test-exception-raiser, and commit them as "initial code".
2. Move the extension module from the package directory into top-level "raiser.*.so", for no apparent reason.
3. Switch to CalVer, so that #Twisted newer upgrades to the new releases (it pins to <2).
4. I file a bug, because I'd like to finally remove the old version from #Gentoo.
#Python

The #Gentoo #Python 3.14 switch / 3.11 3.13t removal PR is green. Doing some final testing locally before merging it (one that involves 350 "merge wait" packages, what could possibly go wrong…).
https://codeberg.org/gentoo/gentoo/pulls/1031

I think we should EOL #Python versions more often. This triggers not-very-active projects to finally make a release, including another batch of releases today (apparently 6 months mark). Unlike, I don't know, bug fixes.
#Gentoo

#ZenOfAICoding: 16 theses on the future of #softwaredevelopment in the #AI era — a homage to the Zen of

0 days since we went from "we should replace `setup.py` with a bunch of standardized #PEP517 backends" to "every package must have its own local PEP517 backend".
#Python

Here is a quine in #lean
def main : IO Unit := do
let s := "\n IO.print (\"def main : IO Unit := do\\n let s := \" s.quote s)\n"
IO.print ("def main : IO Unit := do\n let s := " s.quote s)
S is code to print the preamble P, then S quoted and then S.
If you want to test it, make sure there is a newline at the end of the file because S ends in "\n".
#Python:
s = '\nprint("s = " repr(s) s)'
print("s = " repr(s) s)
2/2

> No significant changes.
Looks inside.
> Significant changes.
#Python

It's not like I'm entirely surprised by this #OpenAI. That's the kind of software that we should build as a community.
#Astral #Python #Capitalism #floss

Always appreciate how people release RCs to give others opportunity to test their changes early, then release final versions before the fixes for "breaks #Portage" kind of regressions introduced in the RCs are merged.
#Gentoo #Python #CPython

PSA: The annual #Gentoo #Python switch planned for 2026-06-01. CPython 3.14 becomes the default, 3.11 and #PyPy 3.11 go out. The latter fills me with sadness but keeping it is unrealistic now that projects are aggressively pushing for 3.12 .
Of course, we'll continue shipping the interpreters, so you can use venvs if you like. However, that's going to become harder to use since many projects either don't ship PyPy wheels or don't work on PyPy at all without patching.
We will revisit PyPy support if a version compatible with Python 3.12 appears in reasonable time.
https://public-inbox.gentoo.org/gentoo-dev/20260412164104.429630-1-mgorny@gentoo.org/T/#u
https://public-inbox.gentoo.org/gentoo-dev/58cefccb3d0758671537715f4ddb34d59c938461.camel@gentoo.org/T/#u

#Python is just doing great. We're not having impossible constraints, as some projects need old #setuptools for pkg_resources, and other projects are starting to require newer setuptools for some fancy new features. And ofc after promising to release pkg_resources standalone over a month ago, setuptools upstream didn't deliver.
#Gentoo

I've been sad about the upcoming removal of #PyPy from #Gentoo, but given how many regressions I've been seeing recently in a variety of #Python packages, I'm eagerly waiting for the day when I'll remove the support and be able to stop having to deal with the test failures somehow. Not that at this point any other way of dealing besides skipping them makes any sense.

If #Python package releases continue at this rate, I'm going to have to start getting up earlier.
Or just stop doing all of them in the morning.
#Gentoo

> #Python Stable ABI
> makes extensions unstable (they start segfaulting)
https://github.com/pikepdf/pikepdf/issues/723#issuecomment-4507472913

Always appreciate #Python package developers being responsible about API stability, and… [checks notes]… raising the major version number over a "minor API tweak", then delaying the release until a security fix demanded one.
#packaging

How to get a package removed from #Gentoo?
1. Add a new #NIH dependency.
2. The dependency turns out to use coherent.build. Nightmare! Oh, wait, apparently coherent.build generates source distributions that use flit.core (understandable; coherent.build is unusable).
3. The dependency depends on chardet (the project famous for GPL copywashing). Okay, technically it works with the older version, and the dependency is optional with poor person's fallback, so I guess it would be fine.
4. But hey, this package is not used by anything, and the last package using it in Gentoo was removed in 2020, after not being touched for 4 years already. Also, that package is not maintained upstream since 2017, so I guess there's negligible risk of it ever coming back.
#Python

Well, we've finally packaged #Valkey (another #Redis fork) in #Gentoo, along with its #Python bindings.
Not that we wanted to, but #FakeRedis now started requiring it for tests so heavily that it was too much effort to patch it out. Just to be clear, it just requires the Python bindings, because its test suite happily runs against either Redis or Valkey, and literally doesn't support testing against both simultaneously. But to add the bindings, we needed the database to test them against. And since I've added the package too, I've put a lot of effort (and swearing) to test FakeRedis against both servers.
Should you be using Valkey? Well, let's put it like this. You shouldn't be using Redis, because it's enterprise quality shit. Valkey is roughly what happens when you fork enterprise quality shit and have no clue what you're doing. Though you are able to mostly get renaming right (one valkey-py test failed over the server calling itself "Valkey" rather than "Redis").
Disclaimer: I've only looked at the Python bindings. Maybe the maintainers are more knowledgeable with the server itself.

Anything great morning.
So now #Typer, the NIH #Python CLI library, decided to start bundling #Click. Why? Of course there's a lot of marketing bullshit behind it. Which ofc means they just don't want to be bothered about following the API, and take the easy way out.
Honestly, there is not a single week when I learn to hate Python even more. Slop-driven development.
EDIT: and ofc they immediately broke compatibility with vanilla click.
#Gentoo

#Python #cryptography library (yes, the one that criticizes everything and everyone) is now vibecoded. Our future is truly bright!
Noticed because apparently "Claude" wrote a test that OOM-ed my system. But hey, #RustLang protects against memory errors, so it's fine to vibecode your security critical components.
#security #AI #LLM #NoAI #NoLLM

#orjson is another #Python package you should avoid:
> There is no open issue tracker or pull requests due to signal-to-noise ratio.
#RustLang.

Fun fact: #Azure Pipelines don't support #YAML files with anchors/aliases.
Also fun fact: both #PyYAML and #RuamelYAML *insist* on emitting anchors/aliases, and at least the PyYAML authors seem pretty, errr, opinionated on emitting them.
#Python

#PythonPoetry is yet another project that disrespectfully treats human bug reporters with #slop:
#NoAI #NoLLM

There's a new piece explaining "The Slow Collapse of #MkDocs": "How personality clashes, an absent founder, and a controversial redesign fractured one of Python's most popular projects."
#httpx?
Well, turns out no, not at all. It looks like encode has already crumbled and became immensely toxic.
httpx is not allowing bug reports anymore, apparently because of "absurdly skewed gender representation", whatever that means.
#OpenSource.
#FreeSoftware #Python

Proper #security nightmare time.
#LMDB is a database that's designed to operate on trusted input. Upstream has historically rejected all bug reports regarding problems with malformed input.
Py-LMDB project provides #Python bindings to LMDB that are normally built against bundled LMDB. Someone recently started mass-filing "untrusted input" vulnerabilities against py-lmdb, and py-lmdb started #slop - coding fixes to their bundled LMDB. Of course, nobody even bothered reporting most of these bugs upstream, and the one that I've seen reported was rejected as "don't do that".
Py-LMDB supports building against system LMDB, and #Gentoo was doing that so far. However, now we are facing a problem: system LMDB operates under the assumption that it is working on trusted input, while py-lmdb (and its bundled LMDB) operates under the assumption that it may be working with untrusted input. The guarantees no longer align.
If we continue to use system LMDB (and skip all the added slop tests that literally cause Python to crash), then Gentoo's py-lmdb package will now have different input expectations than upstream py-lmdb. And of course we can't just remove that crap because someone added exactly one package (TorchVision, i.e. part of the plagiarism machine suite) depending on it.
https://bugs.gentoo.org/971352

I'm looking at Repology, and I think most of the distributions and other downstreams have rightfully boycotted #Python #chardet #copywashing. Of course, there's the possibility that some of them are simply out-of-date, though.
So far chardet-7 is distributed by #Chromebrew, #CondaForge (not on Repology), #Homebrew, #KaOS, #OpenIndiana, #openmamba, #Ravenports, #Spack and #T2 SDE. Shame on you!
https://repology.org/project/chardet/versions
https://repology.org/project/python:chardet/versions

< mgorny> that's gunicorn
< mgorny> looks like vibecoding hard
<@sam_> sigh
<@sam_> #Python #NoAI #NoLLM #AI #LLM #OpenSource