FLOSS Project Planets
Django Weblog: Livestream: Django Trends for 2024
Today at 3pm UTC – Discover the latest trends in the Django ecosystem, based on insights from 4,000 developers who participated in the Django Developers Survey. Join the livestream with Sarah Abdermane, a Django Software Foundation Board member, and Sarah Boyce, a Django Fellow, to reflect on insights from the Django community.
Russ Allbery: Review: Nation
Review: Nation, by Terry Pratchett
Publisher: Harper Copyright: 2008 Printing: 2009 ISBN: 0-06-143303-9 Format: Trade paperback Pages: 369Nation is a stand-alone young adult fantasy novel. It was published in the gap between Discworld novels Making Money and Unseen Academicals.
Nation starts with a plague. The Russian influenza has ravaged Britain, including the royal family. The next in line to the throne is off on a remote island and must be retrieved and crowned as soon as possible, or an obscure provision in Magna Carta will cause no end of trouble. The Cutty Wren is sent on this mission, carrying the Gentlemen of Last Resort.
Then comes the tsunami.
In the midst of fire raining from the sky and a wave like no one has ever seen, Captain Roberts tied himself to the wheel of the Sweet Judy and steered it as best he could, straight into an island. The sole survivor of the shipwreck: one Ermintrude Fanshaw, daughter of the governor of some British island possessions. Oh, and a parrot.
Mau was on the Boys' Island when the tsunami came, going through his rite of passage into manhood. He was to return to the Nation the next morning and receive his tattoos and his adult soul. He survived in a canoe. No one else in the Nation did.
Terry Pratchett considered Nation to be his best book. It is not his best book, at least in my opinion; it's firmly below the top tier of Discworld novels, let alone Night Watch. It is, however, an interesting and enjoyable book that tackles gods and religion with a sledgehammer rather than a knife.
It's also very, very dark and utterly depressing at the start, despite a few glimmers of Pratchett's humor. Mau is the main protagonist at first, and the book opens with everyone he cares about dying. This is the place where I thought Pratchett diverged the most from his Discworld style: in Discworld, I think most of that would have been off-screen, but here we follow Mau through the realization, the devastation, the disassociation, the burials at sea, the thoughts of suicide, and the complete upheaval of everything he thought he was or was about to become. I found the start of this book difficult to get through. The immediate transition into potentially tragic misunderstandings between Mau and Daphne (as Ermintrude names herself once there is no one to tell her not to) didn't help.
As I got farther into the book, though, I warmed to it. The best parts early on are Daphne's baffled but scientific attempts to understand Mau's culture and her place in it. More survivors arrive, and they start to assemble a community, anchored in large part by Mau's stubborn determination to do what's right even though he's lost all of his moorings. That community eventually re-establishes contact with the rest of the world and the opening plot about the British monarchy, but not before Daphne has been changed profoundly by being part of it.
I think Pratchett worked hard at keeping Mau's culture at the center of the story. It's notable that the community that reforms over the course of the book essentially follows the patterns of Mau's lost Nation and incorporates Daphne into it, rather than (as is so often the case) the other way around. The plot itself is fiercely anti-colonial in a way that mostly worked. Still, though, it's a quasi-Pacific-island culture written by a white British man, and I had some qualms.
Pratchett quite rightfully makes it clear in the afterward that this is an alternate world and Mau's culture is not a real Pacific island culture. However, that also means that its starkly gender-essentialist nature was a free choice, rather than one based on some specific culture, and I found that choice somewhat off-putting. The religious rituals are all gendered, the dwelling places are gendered, and one's entire life course in Mau's world seems based on binary classification as a man or a woman. Based on Pratchett's other books, I assume this was more an unfortunate default than a deliberate choice, but it's still a choice he could have avoided.
The end of this book wrestles directly with the relative worth of Mau's culture versus that of the British. I liked most of this, but the twists that Pratchett adds to avoid the colonialist results we saw in our world stumble partly into the trap of making Mau's culture valuable by British standards. (I'm being a bit vague here to avoid spoilers.) I think it is very hard to base this book on a different set of priorities and still bring the largely UK, US, and western European audience along, so I don't blame Pratchett for failing to do it, but I'm a bit sad that the world still revolved around a British axis.
This felt quite similar to Discworld to me in its overall sensibilities, but with the roles of moral philosophy and humor reversed. Discworld novels usually start with some larger-than-life characters and an absurd plot, and then the moral philosophy sneaks up behind you when you're not looking and hits you over the head. Nation starts with the moral philosophy: Mau wrestles with his gods and the problem of evil in a way that reminded me of Job, except with a far different pantheon and rather less tolerance for divine excuses on the part of the protagonist. It's the humor, instead, that sneaks up on you and makes you laugh when the plot is a bit too much. But the mix arrives at much the same place: the absurd hand-in-hand with the profound, and all seen from an angle that makes it a bit easier to understand.
I'm not sure I would recommend Nation as a good place to start with Pratchett. I felt like I benefited from having read a lot of Discworld to build up my willingness to trust where Pratchett was going. But it has the quality of writing of late Discworld without the (arguable) need to read 25 books to understand all of the backstory. Regardless, recommended, and you'll never hear Twinkle Twinkle Little Star in quite the same way again.
Rating: 8 out of 10
Capellic: How We Broke up Complex Drupal Webforms to Improve the User Experience
Berlin mega-sprint recap
For the past 8 days I’ve been in Berlin for what is technically four sprints: first a two-day KDE e.V. Board of Directors sprint, and then right afterwards, the KDE Goals mega-sprint for the Eco, Accessibility, and Automation/Systematization Goals! Both were hosted in the offices of KDE Patron MBition, a great partner to KDE which uses our software both internally and in some Mercedes cars. Thanks a lot, MBition! It’s been quite a week, but a productive one. So I thought I’d share what we did.
If you’re a KDE e.V. member, you’ve already received an email recap about the Board sprint’s discussion topics and decisions. Overall the organization is healthy and in great shape. Something substantive I can share publicly is that we posed for this wicked sick picture:
Moving onto the combined Goals sprint: this was in fact the first sprint for any of the KDE Goals, and having all three represented in one room attracted a unique cross-section of people from the KDE Eco crowd, usability-interested folks, and deeply technical core KDE developers.
Officially I’m the Goal Champion of the Automation & Systematization Goal, and a number of folks attended to work on those topics, ranging from adding and fixing tests to creating a code quality dashboards. Expect more blog posts from other participants regarding what they worked on!
Speaking personally, I changed the bug janitor bot to direct Debian users on old Plasma versions to Debian’s own Bug tracker—as in fact the Debian folks advise their own users to do. I added an autotest to validate the change, but regrettably it caused a regression anyway, which I corrected quickly. Further investigation into the reason why this went uncaught revealed that all the autotests for the version-based bug janitor actions are faulty. I worked on fixing them but unfortunately have not met with success yet. Further efforts are needed.
In the process of doing this work, I also found that the bug janitor operates on a hardcoded list of Plasma components, which has of course drifted out of sync with reality since it was originally authored. This causes the bot to miss many bugs at the moment.
Fellow sprint participant Tracey volunteered to address this, so I helped get her set up with a development environment for the bug janitor bot so she can auto-generate the list from GitLab and sysadmin repo metadata. This is in progress and proceeding nicely.
I also proposed a merge request template for the plasma-workspace git repo, modeled on the one we currently use in Elisa. The idea is to encourage people to write better merge request descriptions, and also nudge people in the direction of adding autotests for their merge requests, or at least mentioning reviewers can test the changes. If this ends up successful, I have high hopes about rolling it out more broadly.
But I was also there for the other goals too! Joseph delivered a wonderful presentation about KDE Eco topics, which introduced my new favorite cartoon, and it got me thinking about efficiency and performance. For a while I’d been experiencing high CPU usage in KDE’s NeoChat app, and with all the NeoChat developers there in the room, I took the opportunity to prod them with my pointy stick. This isn’t the first time I’d mentioned the performance issue to them, but in the past no one could reproduce it and we had to drop the investigation. Well, this time I think everyone else was also thinking eco thoughts, and they really moved heaven and earth to try to reproduce it. Eventually James was able to, and it wasn’t long before the issue was put six feet under. The result: NeoChat’s background CPU usage is now 0% for people using Intel GPUs, down from 30%. A big win for eco and laptop battery life, which I’m already appreciating as I write this blog post in an airport disconnected from AC power.
To verify the CPU usage, just for laughs I added the Catwalk widget to my panel. It’s so adorable that I haven’t had the heart to remove it, and now I notice things using CPU time when they should be idle much more than I did before. More visibility for performance issues should over time add up to more fixes for them!
Another interesting thing happens when you get a bunch of talented KDE contributors in a room: people can’t help but initiate discussions about pressing topics. The result was many conversations about release schedules, dependency policy, visual design vision, and product branding. One discussion very relevant to the sprint was the lack of systematicity in how we use units for spacing in the QtQuick-based UIs we build. This resulted in a proposal that’s already generating some spirited feedback.
All in all it was a happy and productive week, and after doing one of these I always feel super privileged to be able to work with as impressively talented and friendly a group of colleagues as this is:
Full disclosure: KDE e.V. paid for my travel and lodging expenses, but not my döner kebab expenses!
KDE e.V. board meeting
Last week was one of the regular KDE e.V. board meetings. We (the board of KDE e.V.) have a video call every week, but twice a year we try to get together and actually put in some full days, actually sit around and laugh, actually listen to Dad jokes and eat food and drink beer or Fritz cola together.
It’s a good addition to our usual workflow.
Berlin is just so much fun (for five days, anyway). I can hop on the train, walk along the Spree to a hotel, walk everywhere – Friday I did 15km – get amazing food for cheap – compared to the Netherlands anyway – and hang out with friends. Some of those friends are the board. The board is some of those friends.
The actual board work is not something to write about all that much. There were HR things and finances and projects and plans and .. you’ll see some of the results on the KDE e.V. website. We also played GeoGuesser and something with WikiData.
One of the HR things I should particularly mention: welcome to
Nicole,
our latest employee who is further involved with our
sustainable software efforts.
The regular board calls resume next week, and we will meet again in September at Akademy.
ImageX: Drupal 7 vs. Drupal 10: An Objective Visual Comparison of Some Popular Website Features
Authored by: Nadiia Nykolaichuk.
Drupal 7 was released 13 years ago, during the Jurassic period in the world of modern software. However, as of April 2024, there are 322,700+ websites officially listed on drupal.org as still running on Drupal 7, which sadly makes it the #1 installed Drupal major core version but, luckily, this number is steadily reducing.
Sumana Harihareswara - Cogito, Ergo Sumana: Model UX Research & Design Docs for Command-Line Open Source
FSF Blogs: What role community plays in free software and more -- Interview with David Wilson
What role community plays in free software and more -- Interview with David Wilson
Real Python: What's Lazy Evaluation in Python?
Being lazy is not always a bad thing. Every line of code you write has at least one expression that Python needs to evaluate. Python lazy evaluation is when Python takes the lazy option and delays working out the value returned by an expression until that value is needed.
An expression in Python is a unit of code that evaluates to a value. Examples of expressions include object names, function calls, expressions with arithmetic operators, literals that create built-in object types such as lists, and more. However, not all statements are expressions. For example, if statements and for loop statements don’t return a value.
Python needs to evaluate every expression it encounters to use its value. In this tutorial, you’ll learn about the different ways Python evaluates these expressions. You’ll understand why some expressions are evaluated immediately, while others are evaluated later in the program’s execution. So, what’s lazy evaluation in Python?
Get Your Code: Click here to download the free sample code that shows you how to use lazy evaluation in Python.
Take the Quiz: Test your knowledge with our interactive “What's Lazy Evaluation in Python?” quiz. You’ll receive a score upon completion to help you track your learning progress:
Interactive Quiz
What's Lazy Evaluation in Python?In this quiz, you'll test your understanding of the differences between lazy and eager evaluation in Python. By working through this quiz, you'll revisit how Python optimizes memory use and computational overhead by deciding when to compute values.
In Short: Python Lazy Evaluation Generates Objects Only When NeededAn expression evaluates to a value. However, you can separate the type of evaluation of expressions into two types:
- Eager evaluation
- Lazy evaluation
Eager evaluation refers to those cases when Python evaluates an expression as soon as it encounters it. Here are some examples of expressions that are evaluated eagerly:
Python 1>>> 5 + 10 215 3 4>>> import random 5>>> random.randint(1, 10) 64 7 8>>> [2, 4, 6, 8, 10] 9[2, 4, 6, 8, 10] 10>>> numbers = [2, 4, 6, 8, 10] 11>>> numbers 12[2, 4, 6, 8, 10] Copied!Interactive environments, such as the standard Python REPL used in this example, display the value of an expression when the line only contains the expression. This code section shows a few examples of statements and expressions:
- Lines 1 and 2: The first example includes the addition operator +, which Python evaluates as soon as it encounters it. The REPL shows the value 15.
- Lines 4 to 6: The second example includes two lines:
- The import statement includes the keyword import followed by the name of a module. The module name random is evaluated eagerly.
- The function call random.randint() is evaluated eagerly, and its value is returned immediately. All standard functions are evaluated eagerly. You’ll learn about generator functions later, which behave differently.
- Lines 8 to 12: The final example has three lines of code:
- The literal to create a list is an expression that’s evaluated eagerly. This expression contains several integer literals, which are themselves expressions evaluated immediately.
- The assignment statement assigns the object created by the list literal to the name numbers. This statement is not an expression and doesn’t return a value. However, it includes the list literal on the right-hand side, which is an expression that’s evaluated eagerly.
- The final line contains the name numbers, which is eagerly evaluated to return the list object.
The list you create in the final example is created in full when you define it. Python needs to allocate memory for the list and all its elements. This memory won’t be freed as long as this list exists in your program. The memory allocation in this example is small and won’t impact the program. However, larger objects require more memory, which can cause performance issues.
Lazy evaluation refers to cases when Python doesn’t work out the values of an expression immediately. Instead, the values are returned at the point when they’re required in the program. Lazy evaluation can also be referred to as call-by-need.
This delay of when the program evaluates an expression delays the use of resources to create the value, which can improve the performance of a program by spreading the time-consuming process across a longer time period. It also prevents values that will not be used in the program from being generated. This can occur when the program terminates or moves to another part of its execution before all the generated values are used.
When large datasets are created using lazily-evaluated expressions, the program doesn’t need to use memory to store the data structure’s contents. The values are only generated when they’re needed.
An example of lazy evaluation occurs within the for loop when you iterate using range():
Python for index in range(1, 1_000_001): print(f"This is iteration {index}") Copied!The built-in range() is the constructor for Python’s range object. The range object does not store all of the one million integers it represents. Instead, the for loop creates a range_iterator from the range object, which generates the next number in the sequence when it’s needed. Therefore, the program never needs to have all the values stored in memory at the same time.
Lazy evaluation also allows you to create infinite data structures, such as a live stream of audio or video data that continuously updates with new information, since the program doesn’t need to store all the values in memory at the same time. Infinite data structures are not possible with eager evaluation since they can’t be stored in memory.
There are disadvantages to deferred evaluation. Any errors raised by an expression are also deferred to a later point in the program. This delay can make debugging harder.
The lazy evaluation of the integers represented by range() in a for loop is one example of lazy evaluation. You’ll learn about more examples in the following section of this tutorial.
What Are Examples of Lazy Evaluation in Python?In the previous section, you learned about using range() in a for loop, which leads to lazy evaluation of the integers represented by the range object. There are other expressions in Python that lead to lazy evaluation. In this section, you’ll explore the main ones.
Other Built-In Data Types Read the full article at https://realpython.com/python-lazy-evaluation/ »[ Improve Your Python With 🐍 Python Tricks 💌 – Get a short & sweet Python Trick delivered to your inbox every couple of days. >> Click here to learn more and see examples ]
Tag1 Consulting: Source Site Audit - A High Level Overview
One of the most impactful things to do in preparation for any migration project is to understand the source site. The more insight you gather into how the current site was built, the better equipped you will be to perform the migration.
Read more mauricio Wed, 04/24/2024 - 06:00Programiz: Getting Started with Python
Russell Coker: Source Code With Emoji
The XKCD comic Code Quality [1] inspired me to test out emoji in source. I really should have done this years ago when that XKCD was first published.
The following code compiles in gcc and runs in the way that anyone who wants to write such code would want it to run. The hover text in the XKCD comic is correct. You could have a style guide for such programming, store error messages in the doctor and nurse emoji for example.
#include <stdio.h> int main() { int 😇 = 1, 😈 = 2; printf("😇=%d, 😈=%d\n", 😇, 😈); return 0; }To get this to display correctly in Debian you need to install the fonts-noto-color-emoji package (used by the KDE emoji picker that runs when you press Windows-. among other things) and restart programs that use emoji. The Konsole terminal emulator will probably need it’s profile settings changed to work with this if you ran Konsole before installing fonts-noto-color-emoji. The Kitty terminal emulator works if you restart it after installing fonts-noto-color-emoji.
This web page gives a list of HTML codes for emoji [2]. If I start writing real code with emoji variable names then I’ll have to update my source to HTML conversion script (which handles <>" and repeated spaces) to convert emoji.
I spent a couple of hours on this and I think it’s worth it. I have filed several Debian bug reports about improvements needed to issues related to emoji.
Related posts:
- Fat Finger Shell I’ve been trying out the Fat Finger Shell which is...
- source dump blog Inspired by Julien Goodwin‘s post I created a new blog...
- Tithing for Open Source It’s common to hear a complaint of the form “I...
Talking Drupal: Skills Upgrade #8
Welcome back to “Skills Upgrade” a Talking Drupal mini-series following the journey of a D7 developer learning D10. This is episode 8.
Topics-
Review Chad's questions
-
What is the process of creating a new issue, reviewing automated tests, and creating a merge request for review by the project maintainer?
- https://www.drupal.org/docs/develop/git/using-gitlab-to-contribute-to-drupal
- https://www.drupal.org/docs/develop/git/using-gitlab-to-contribute-to-drupal/creating-issue-forks
- My example issue: https://www.drupal.org/project/smart_date/issues/3432819
- My example merge request: https://git.drupalcode.org/project/smart_date/-/merge_requests/94
-
If we're not using Composer to pull the contrib module, how do we make sure that all dependencies are handled?
-
How can someone navigate so many complex issues without getting lost or "barking up the wrong tree"?
-
-
Tasks for the upcoming week
- Work toward getting the merge request accepted.
- Document learning bullet points for this journey.
Chad's Drupal 10 Learning Curriclum & Journal Chad's Drupal 10 Learning Notes
The Linux Foundation is offering a discount of 30% off e-learning courses, certifications and bundles with the code, all uppercase DRUPAL24 and that is good until June 5th https://training.linuxfoundation.org/certification-catalog/
HostsAmyJune Hineline - @volkswagenchick
GuestsChad Hester - chadkhester.com @chadkhest Mike Anello - DrupalEasy.com @ultimike
Talk Python to Me: #458: Serverless Python in 2024
Russell Coker: Ubuntu 24.04 and Bubblewrap
When using Bubblewrap (the bwrap command) to create a container in Ubuntu 24.04 you can expect to get one of the following error messages:
bwrap: loopback: Failed RTM_NEWADDR: Operation not permitted bwrap: setting up uid map: Permission deniedThis is due to Ubuntu developers deciding to use Apparmor to restrict the creation of user namespaces. Here is a Ubuntu blog post about it [1].
To resolve that you could upgrade to SE Linux, but the other option is to create a file named /etc/apparmor.d/bwrap with the following contents:
abi <abi/4.0>, include <tunables/global> profile bwrap /usr/bin/bwrap flags=(unconfined) { userns, # Site-specific additions and overrides. See local/README for details. include if exists <local/bwrap> }Then run “systemctl reload apparmor“.
Related posts:
- Sandboxing Phone Apps As a follow up to Wayland [1]: A difficult problem...
- Kernel issues with Debian Xen and CentOS Kernels Last time I tried using a Debian 64bit Xen kernel...
- systemd-nspawn and Private Networking Currently there’s two things I want to do with my...
Capellic: Frontend performance optimization for Drupal websites: Part 1
Test and Code: 219: Building Django Apps & SaaS Pegasus - Cory Zue
I'm starting a SaaS project using Django, and there are tons of decisions right out of the gate.
To help me navigate these decisions, I've brought on Cory Zue.
Cory is the creator of SaaS Pegasus, and has tons of experience with Django.
Some of the topics discussed:
- Building Django applications
- SaaS Pegasus
- placecard.me
- What boilerplate projects are
- Django cookiecutter
- Cookiecutter
- Which database to use, probably PostgreSQL
- Authentication choises, probably Allauth
- Docker, Docker for development, Docker for deployment
- Deployment targets / hosting services. Render, Heroku, Fly.io, for PaaS options.
- Front end frameworks. Bootstrap, Tailwind, DaisyUI, TailwindUI
- HTMX vs React vs straight Django templates
- Rockets
- Font Awesome
- and of course, SaaS Pegasus
Sponsored by Mailtrap.io
- An Email Delivery Platform that developers love.
- An email-sending solution with industry-best analytics, SMTP, and email API, SDKs for major programming languages, and 24/7 human support.
- Try for Free at MAILTRAP.IO
Sponsored by PyCharm Pro
- Use code PYTEST for 20% off PyCharm Professional at jetbrains.com/pycharm
- Now with Full Line Code Completion
- See how easy it is to run pytest from PyCharm at pythontest.com/pycharm
The Complete pytest Course
- For the fastest way to learn pytest, go to courses.pythontest.com
- Whether your new to testing or pytest, or just want to maximize your efficiency and effectiveness when testing.
Brian Perry: Drupal API Client 1.0 Release
We're extremely excited to announce the 1.0 release of the Drupal API Client. This release includes a fully functional JSON:API client and completes our commitment as a result of funding from the 'Pitch-burgh' innovation contest.
Before diving into the details of some recent updates, let's recap the state of the project now that it has reached 1.0.
What is the Drupal API Client?The Drupal API Client is a set of JavaScript packages that simplify the process of interacting with common Drupal APIs. Most commonly, developers will use our JSON:API client to interface with Drupal's JSON:API endpoints, but we also publish a base API Client package that can be extended, a client for Decoupled Router, and may support other Drupal APIs in the future.
The Drupal API Client takes great care to be framework-agnostic and universal. It can be used:
- with your JavaScript framework of choice, vanilla JavaScript, or even in Drupal itself.
- with or without TypeScript.
- on the server, or on the client.
- with a bundler, or as a script import from a CDN.
- We've completed our Pitch-burgh commitment and released JSON:API Client 1.0. Thanks to all who contributed along the way!
- We've published detailed documentation on GitLab Pages. The docs include live code examples, and is itself an example of using the API Client with Astro.
- We've opened an issue proposing that the Drupal API Client packages be promoted to the Drupal namespace on npm. We'd love your feedback and support on the issue.
- We're refining our 1.x roadmap and soliciting community feedback. One proposed priority will be TypeScript improvements and automatic type generation.
Moving forward, we hope to prioritize additional features for projects that could use our libraries as a dependency. Catch up with us at community events in May to learn more and share your use cases.
- The Drupal API Client will be featured in a session at Stanford WebCamp. Sessions are free and virtual, so this is a great way to get a more detailed overview of the project.
- We'll be holding a Birds of a Feather discussion and participating in contribution events at DrupalCon Portland. The BOF will be on Monday, May 6 in room G129 at 4PM.
Beyond these events, we're always available in the #api-client channel on Drupal Slack and monitoring our issue queue. Hope to see you there!
Seth Michael Larson: Open Source Summit North America 2024
Published 2024-04-24 by Seth Larson
Reading time: minutes
Last week I attended SOSS Community Day and OSS Summit. It was great to catch up with friends and to meet new people for the first time at a cross-ecosystem open source event.
I gave a talk "Embrace the Differences: Securing software ecosystems where they are" which funnily enough had a complementary talk about the ways software repositories can collaborate for security.
My talk focused on how security standards and tools typically want to operate across software ecosystems and differences in standards, tools, maintainers, and user expectations between ecosystems can make that difficult.
You can download my slides and the recording will be available eventually on YouTube.
OpenSSF Tabletop SessionI also participated in the first OpenSSF Tabletop Session organized and hosted by Dana Wang. I played the role of "open source maintainer" and represented how an exploited zero-day vulnerability would appear from the perspective of an open source project.
I emphasized the realities of vulnerability disclosure to open source projects like under-resourcing, most maintainers being volunteers, and stress caused during times of crisis.
Cast of the tabletop session! So many people! I also met up with many folks doing open source security, maintenance, and funding:- Met with many folks from the Alpha-Omega cohort. I'm looking forward to having more cross-functional discussions about new approaches to securing open source.
- Met with Michael Winser from Alpha-Omega to work on our PyCon US 2024 talk State of Supply Chain Security for Python.
- Met with my friend William Woodruff from Trail of Bits and discussed the system TLS proposal and build provenance for Homebrew (and what could be learned for Python).
- Met with Samuel Giddins and Martin Emde from the Ruby ecosystem to discuss shared challenges for introducing security into an ecosystem.
- Met Lauren Hanford from Tidelift to discuss supporting and funding maintainers.
- Met Mirko from Sovereign Tech Fund and discuss their program for hiring open source maintainers.
- Attended the talk by Kara Sowles from GitHub on the state of open source funding and learned about "downturn-resilient" funding.
- Many folks who asked me about security initiatives happening in the Python ecosystem.
- Participating in the pre-PEP discussion for reviving PEP 543 (system TLS).
- Created a proposal for allowing any release manager to create a CPython release.
- Created a pull request for uploading Windows SBOMs to python.org/downloads.
- Merging and backporting the upgrade to libexpat 2.6.2
- Chose which proposal(s) I would be willing to mentor for Google Summer of Code 2024 (thanks to the folks who submitted!)
- Triaged reports and fixes for the PSRT.
- I wasn't involved, but PyPI has added Trusted Publisher support for ActiveState, GitLab, and Google Cloud Build.
Note that I've been summoned for jury duty starting next week, so expect fewer updates over the next two weeks depending on how that goes.
That's all for this week! 👋 If you're interested in more you can read last week's report.
Thanks for reading! ♡ Did you find this article helpful and want more content like it?
Get notified of new posts by subscribing to the RSS feed or the email newsletter.
This work is licensed under CC BY-SA 4.0