• 2024 PSF Board Election & Proposed Bylaw Change Results


• SATYRN: A modern Jupyter client for Mac


• Incident Report: Leaked GitHub Personal Access Token


• Extra extra extra


• Extras


• Joke

About the show

Sponsored by Code Comments, an original podcast from RedHat: pythonbytes.fm/code-comments

Connect with the hosts

• Michael: @mkennedy@fosstodon.org


• Brian: @brianokken@fosstodon.org


• Show: @pythonbytes@fosstodon.org

Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesdays at 10am PT. Older video versions available there too.

Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.

Brian #1: 2024 PSF Board Election & Proposed Bylaw Change Results

• New board members
  
  
  
  • Tania Allard
  
  
  • KwonHan Bae
  
  
  • Cristián Maureira-Fredes
  
  


• Congrats to new board members


• If you want to consider becoming a board member, there are 4 seats up for vote next year.


• All 3 bylaw changes passed, by a wide margin.
  
  
  
  • Details of changes
  
  
  • Change 1: Merging Contributing and Managing member classes
  
  
  • Change 2: Simplifying the voter affirmation process by treating past voting activity as intent to continue voting
  
  
  • Change 3: Allow for removal of Fellows by a Board vote in response to Code of Conduct violations, removing the need for a vote of the membership
  
  

Michael #2: SATYRN: A modern Jupyter client for Mac

• A Jupyter client app for macOS


• Comes with a command palette


• LLM assistance (local or cloud?)


• Built in Black formatter


• Currently in alpha


• Business model unknown

Brian #3: Incident Report: Leaked GitHub Personal Access Token

• Suggested by Galen Swint


• See also JFrog blog: Binary secret scanning helped us prevent (what might have been) the worst supply chain attack you can imagine


• A GitHub access token found it’s way into a .pyc file, then into a docker image.


• JFrog found it through some regular scans.


• JFrog notified PYPI security.


• Token was destroyed within 17 minutes. (nice turnaround)


• Followup scan revealed that no harm was done.


• Takaways (from Ee Durbin):
  
  
  
  • Set aggressive expiration dates for API tokens (If you need them at all)
  
  
  • Treat .pyc files as if they were source code
  
  
  • Perform builds on automated systems from clean source only.
  
  

Michael #4: Extra extra extra

• Python 3.13.0 beta 3 released


• Ice got a lot better


• I Will Piledrive You If You Say AI Again | Prime Reacts Video


• Follow up actions for polyfill supply chain attack


• Developer Ecosystem Survey 2024


• Code in a Castle still has seats open

Extras

Brian:

• A new pytest course in the works
  
  
  
  • Quick course focusing on
    
    
    
    • core pytest features + some strategy and Design for Testability concepts
    
    
  
  
  • Idea
    
    
    
    • everyone on the team (including managers) can take the new course.
    
    
    • 1-2 people on a team take “The Complete pytest Course” to become the teams local pytest experts.
    
    
  
  


• Python People is on an indefinite hold


• Python Test → back to Test & Code (probably)
  
  
  
  • I’m planning a series (maybe a season) on TDD which will be language agnostic.
  
  
  • Plus I still have tons of Test & Code stickers and no Python Test stickers.
  
  
  • New episodes planned for August
  
  

Joke: I need my intellisense (autocomplete)