Sumana Harihareswara · @brainwane
2562 followers · 4381 posts · Server social.coop
https://github.com/pypi/warehouse/issues/5867
2FA: "trust this device for 30 days" option on PyPI.org @pypi
I opened this issue in 2019 while working on PyPI security; cool to notice folks resolving it just now!
Sumana Harihareswara · @brainwane
2522 followers · 4180 posts · Server social.coopNew blog post on user support frustration, its causes, and how we could build the "infrastructure of equanimity" in #opensource, including ideas for potential cross-project tools & practices.
Shout-outs to @davidism, Heidi Waterhouse, @offby1, @jacob, Nicole Harris, @bernard, + @georgia for work & conversations that I built on in this piece.
#maintainer #maintainership #FLOSS #UX #UserExperience #sustainability #ProjectManagement #Python #PythonPackaging #burnout
#opensource #maintainer #maintainership #floss #ux #userexperience #sustainability #projectmanagement #python #pythonpackaging #burnout
Sumana Harihareswara · @brainwane
2512 followers · 4066 posts · Server social.coop
@brettcannon Giant congrats and thanks!
A big step towards https://github.com/pypa/packaging-problems/issues/264 "Increasing pip's & PyPI's metadata strictness". What a milestone!
maybit · @maybit
33 followers · 209 posts · Server indieweb.socialVery interesting piece from Chris Warrick about #python #PythonPackaging ... might be time for me to ditch #pipenv in favor of #pdm ? https://chriswarrick.com/blog/2023/01/15/how-to-improve-python-packaging/
#PDM #pipenv #pythonpackaging #python
Seth Michael Larson · @sethmlarson
781 followers · 482 posts · Server fosstodon.orgHey look, new #PyPI data! #Python #PythonPackaging
Getting close to 200K unique accounts on PyPI 👀
https://github.com/sethmlarson/pypi-data/releases/tag/2023.03.19
#pypi #python #pythonpackaging
Seth Michael Larson · @sethmlarson
730 followers · 410 posts · Server fosstodon.orgNeed to write something about how minimum dependency versions aren't for ensuring a consumer's dependencies are free of security vulnerabilities. I feel like I would save myself at least 10 minutes a month with a URL to that.
#opensource #python #pythonpackaging
jbz · @jbzfn
255 followers · 1770 posts · Server mastodon.social「 The flexibility is great to have when you need it but, without a “default” workflow, it serves to create more user confusion than it resolves. It contributes to the bumpy ride reputation and to the perceived complexity 」
jbz · @jbzfn
255 followers · 1770 posts · Server mastodon.social「 User expectations for a “default” workflow
A class of users expect a packaging tool that provides a cohesive experience (like npm (NodeJS), cargo (Rust), gem (Ruby), pub (Dart), dotnet (C#/.NET), etc) – a single tool that provides a build system, dependency manager, publishing, running project-specific tasks/scripts, etc 」
jbz · @jbzfn
255 followers · 1770 posts · Server mastodon.social「 Brian Skinn said recently:
You can package darn near anything in Python, even though it may take figuring out a complicated three-step-and-a-hop process to get there… and I suspect that this has been part of what’s enabled Python to grow into its “second best programming language for every task” aphorism 」
jbz · @jbzfn
255 followers · 1770 posts · Server mastodon.social「 Python users are not software engineers
Many of the users who write Python code are not primarily full-time software engineers or “developers”.
They are not particularly interested in this aspect of their job. They’re using Python as a tool to get their job done.
They’re not interested in the details of how the tool works, or even how complicated things are under the hood 」
Thoughts on the Python packaging ecosystem
— pradyunsg.me
#Python #PythonPackaging
https://pradyunsg.me/blog/2023/01/21/thoughts-on-python-packaging/?utm_source=pocket_mylist
Richard Darst · @rkdarst
77 followers · 73 posts · Server fosstodon.org
https://iscinumpy.dev/post/bound-version-constraints/
In #Python libraries, should authors have a version cap on #dependencies: less than next major version? This (very long) article argues no, don't by default unless you have a specific reason: far more problems come up. Capping is not recommended by most core Python people, but is by some packaging tools.
This matches my previous thoughts, and I agree with its reasons, so I'm glad to see it written out. Anyone want me to summarize more? #RSEng #PythonPackaging
#python #dependencies #rseng #pythonpackaging
Seth Michael Larson · @sethmlarson
610 followers · 250 posts · Server fosstodon.org
Another #dataset updated for the holidays, I compile #OpenSSF Scorecard data on the top 5,000 most downloaded #Python packages on #PyPI and make it available here:
#dataset #OpenSSF #python #pypi #pythonpackaging
Seth Michael Larson · @sethmlarson
596 followers · 239 posts · Server fosstodon.org:python:📦 A new dump of #PythonPackaging data right before Christmas! This one has data on over 400K #Python packages and 180K maintainers of those packages.
https://github.com/sethmlarson/pypi-data/releases/tag/2022.12.23
If you've never seen this project, it's a snapshot in time for most packages on #PyPI with data about the package, maintainers, dependencies, URLs, #OpenSSF scorecard data, and more!
Check it out here: https://github.com/sethmlarson/pypi-data
#pythonpackaging #python #pypi #OpenSSF
Juan Luis · @astrojuanlu
1034 followers · 833 posts · Server social.juanlu.space#followfriday for my favourite #PythonPackaging folks: @pradyunsg, @henryiii, @sethmlarson, @hynek, @MissingClara, @ralfgommers, @pganssle
#python #pythonpackaging #followfriday
Manning Publications · @ManningPublications
386 followers · 26 posts · Server techhub.social
📢Now in print!🍾
In search of a comprehensive guide to the Python packaging landscape?
Publishing Python Packages by @easyaspython will teach you the ins and outs of how to package and publish python code: http://mng.bz/m2ry
#pythonpackaging #python #pythonpackage #pypi