Python Bytes: #392 The votes have been counted

<strong>Topics covered in this episode:</strong><br> <ul> <li><a href="https://pyfound.blogspot.com/2024/07/announcing-2024-psf-board-election.html"><strong>2024 PSF Board Election &amp; Proposed Bylaw Change Results</strong></a></li> <li><a href="https://satyrn.app">SATYRN: A modern Jupyter client for Mac</a></li> <li><a href="https://blog.pypi.org/posts/2024-07-08-incident-report-leaked-admin-personal-access-token/"><strong>Incident Report: Leaked GitHub Personal Access Token</strong></a></li> <li><strong>Extra extra extra</strong></li> <li><strong>Extras</strong></li> <li><strong>Joke</strong></li> </ul><a href='https://www.youtube.com/watch?v=GpZI_HqzCTc' style='font-weight: bold;'data-umami-event="Livestream-Past" data-umami-event-episode="392">Watch on YouTube</a><br> <p><strong>About the show</strong></p> <p>Sponsored by <strong>Code Comments</strong>, an original podcast from RedHat: <a href="https://pythonbytes.fm/code-comments">pythonbytes.fm/code-comments</a></p> <p><strong>Connect with the hosts</strong></p> <ul> <li>Michael: <a href="https://fosstodon.org/@mkennedy"><strong>@mkennedy@fosstodon.org</strong></a></li> <li>Brian: <a href="https://fosstodon.org/@brianokken"><strong>@brianokken@fosstodon.org</strong></a></li> <li>Show: <a href="https://fosstodon.org/@pythonbytes"><strong>@pythonbytes@fosstodon.org</strong></a></li> </ul> <p>Join us on YouTube at <a href="https://pythonbytes.fm/stream/live"><strong>pythonbytes.fm/live</strong></a> to be part of the audience. Usually Tuesdays at 10am PT. Older video versions available there too.</p> <p>Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to <a href="https://pythonbytes.fm/friends-of-the-show">our friends of the show list</a>, we'll never share it. </p> <p><strong>Brian #1:</strong> <a href="https://pyfound.blogspot.com/2024/07/announcing-2024-psf-board-election.html"><strong>2024 PSF Board Election &amp; Proposed Bylaw Change Results</strong></a></p> <ul> <li>New board members <ul> <li>Tania Allard</li> <li>KwonHan Bae</li> <li>Cristián Maureira-Fredes</li> </ul></li> <li>Congrats to new board members</li> <li>If you want to consider becoming a board member, there are 4 seats up for vote next year.</li> <li>All 3 bylaw changes passed, <a href="https://opavote.com/results/5004101476679680/1">by a wide margin</a>. <ul> <li><a href="https://pyfound.blogspot.com/2024/06/for-your-consideration-proposed-bylaws.html">Details of changes</a></li> <li>Change 1: Merging Contributing and Managing member classes</li> <li>Change 2: Simplifying the voter affirmation process by treating past voting activity as intent to continue voting</li> <li>Change 3: Allow for removal of Fellows by a Board vote in response to Code of Conduct violations, removing the need for a vote of the membership</li> </ul></li> </ul> <p><strong>Michael #2:</strong> <a href="https://satyrn.app">SATYRN: A modern Jupyter client for Mac</a></p> <ul> <li>A Jupyter client app for macOS</li> <li>Comes with a command palette</li> <li>LLM assistance (local or cloud?)</li> <li>Built in Black formatter</li> <li>Currently in alpha</li> <li>Business model unknown</li> </ul> <p><strong>Brian #3:</strong> <a href="https://blog.pypi.org/posts/2024-07-08-incident-report-leaked-admin-personal-access-token/"><strong>Incident Report: Leaked GitHub Personal Access Token</strong></a></p> <ul> <li>Suggested by Galen Swint</li> <li>See also JFrog blog: <a href="https://jfrog.com/blog/leaked-pypi-secret-token-revealed-in-binary-preventing-suppy-chain-attack/">Binary secret scanning helped us prevent</a><a href="https://jfrog.com/blog/leaked-pypi-secret-token-revealed-in-binary-preventing-suppy-chain-attack/"> </a><a href="https://jfrog.com/blog/leaked-pypi-secret-token-revealed-in-binary-preventing-suppy-chain-attack/">(what</a><a href="https://jfrog.com/blog/leaked-pypi-secret-token-revealed-in-binary-preventing-suppy-chain-attack/"> might have been) the worst supply chain attack you can imagine</a></li> <li>A GitHub access token found it’s way into a .pyc file, then into a docker image.</li> <li>JFrog found it through some regular scans.</li> <li>JFrog notified PYPI security.</li> <li>Token was destroyed within 17 minutes. (nice turnaround)</li> <li>Followup scan revealed that no harm was done.</li> <li>Takaways (from Ee Durbin): <ul> <li>Set aggressive expiration dates for API tokens (If you need them at all)</li> <li>Treat .pyc files as if they were source code</li> <li>Perform builds on automated systems from clean source only.</li> </ul></li> </ul> <p><strong>Michael #4:</strong> <strong>Extra extra extra</strong></p> <ul> <li><a href="https://blog.python.org/2024/06/python-3130-beta-3-released.html">Python 3.13.0 beta 3 released</a></li> <li><a href="https://github.com/jordanbaird/Ice/releases">Ice got a lot better</a></li> <li><a href="https://www.youtube.com/watch?v=k0XuoK132z4">I Will Piledrive You If You Say AI Again | Prime Reacts Video</a></li> <li><a href="https://fosstodon.org/@mkennedy/112797279807472603">Follow up actions for polyfill supply chain attack</a></li> <li><a href="https://surveys.jetbrains.com/s3/p-developer-ecosystem-survey-2024?utm_source=pythonbytes">Developer Ecosystem Survey 2024</a></li> <li><a href="https://talkpython.fm/castle">Code in a Castle still has seats open</a></li> </ul> <p><strong>Extras</strong> </p> <p>Brian: </p> <ul> <li>A new pytest course in the works <ul> <li>Quick course focusing on <ul> <li>core pytest features + some strategy and Design for Testability concepts</li> </ul></li> <li>Idea <ul> <li>everyone on the team (including managers) can take the new course.</li> <li>1-2 people on a team take “The Complete pytest Course” to become the teams local pytest experts.</li> </ul></li> </ul></li> <li>Python People is on an indefinite hold </li> <li>Python Test → back to Test &amp; Code (probably) <ul> <li>I’m planning a series (maybe a season) on TDD which will be language agnostic.</li> <li>Plus I still have tons of Test &amp; Code stickers and no Python Test stickers.</li> <li>New episodes planned for August</li> </ul></li> </ul> <p><strong>Joke:</strong> <a href="https://devhumor.com/media/i-need-my-intellisense">I need my intellisense</a><a href="https://devhumor.com/media/i-need-my-intellisense"> </a><a href="https://devhumor.com/media/i-need-my-intellisense">(autocomplete)</a></p>