A Python project got hacked where malicious releases were directly uploaded to PyPI. I said on Mastodon that had the project used trusted publishing with digital attestations, then people using a pylock.toml
(This is the blog post version of my keynote from EuroPython 2025 in Prague, Czechia.)
We now have a lock file format specification. That might not sound like a big deal, but for
There are a couple of things I always want to be true when I install Python packages for a project:
1. I have a virtual environment
2. Pip is up-to-date
For virtual environments,
Back in October, I released mousebender 2023.2. The biggest change was adding support for PEP 714 (which unless you're running a package index you don't need to know
Since people seemed to like my June 2023 post on the state of WASI support for CPython, I thought I would do one for another one of my other long-gestating projects: coming up
