Topics covered in this episode: Talk Python rewritten in QuartPyPI now supports digital attestationsDjango Rusty TemplatesPEP 639 is now supported by PYPIExtrasJokeWatch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python TrainingThe Complete pytest CoursePatreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codesBrian: @brianokken@fosstodon.org / @brianokken.bsky.socialShow: @pythonbytes@fosstodon.org / @pythonbytes.bsky.social Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: Talk Python rewritten in Quart Rewrote all of talkpython.fm in Quart (10k lines of code total, 4k changed)Considered FastAPILitestarDjangoHugo Static Site + PythonFlaskDiscussed the multistage upgrade / conversion processAutomating tests for all 1,000 pages Brian #2: PyPI now supports digital attestations Dustin Ingram“Attestations provide a verifiable link to an upstream source repository: By signing with the identity of the upstream source repository, such as in the case of an upload of a project built with GitHub Actions, PyPI's support for digital attestations defines a strong and verifiable association between a file on PyPI and the source repository, workflow, and even the commit hash that produced and uploaded the file. Additionally, publishing attestations to a transparency log helps mitigate against both compromise of PyPI and compromise of the projects themselves.”For maintainers If using GH Actions and Trusted Publishing make sure you use pypa/gh-action-pypi-publish, version v1.11.0 or newerthat’s itIf not “Support for automatic attestation generation and publication from other Trusted Publisher environments is planned.”“While not recommended, maintainers can also manually generate and publish attestations.”See also PyPI Introduces Digital Attestations to Strengthen Python Package Security by Sarah GoodingAre we PEP 740 yet? Michael #3: Django Rusty Templates by Lily FooteAn experimental reimplementation of Django's templating language in Rust.Goals 100% compatibility of rendered output.Error reporting that is at least as useful as Django's errors.Improved performance over Django's pure Python implementation. Brian #4: PEP 639 is now supported by PYPI from Brett CannonPEP 639 – Improving License Clarity with Better Package MetadataFor project metadata, use these fields: license and license-files:Examples license field [project] license = "MIT" [project] license = "MIT AND (Apache-2.0 OR BSD-2-clause)" [project] license = "MIT OR GPL-2.0-or-later OR (FSFUL AND BSD-2-Clause)" [project] license = "LicenseRef-Proprietary" Examples of license-files: [project] license-files = ["LICEN[CS]E*", "AUTHORS*"] [project] license-files = ["licenses/LICENSE.MIT", "licenses/LICENSE.CC0"] [project] license-files = ["LICENSE.txt", "licenses/*"] [project] license-files = [] Extras Brian: Playground Wisdom: Threads Beat Async/Await - interesting read from Armin Ronacher about different language abstractions around concurrency.PythonTest.com Discord community is now live Launched last week, as of this morning we’ve got 89 membersAnyone already a pythontest community member has received an inviteAnyone can join through courses.pythontest.comEverything at pythontest.com is 20% off through Dec with code turkeysale2024“Python Testing with pytest” eBook 40% off through Dec 2, use code turkeysale2024 Michael: Python 3.14.0a2 releasedStarter packs: Michael’s Python people: https://bsky.app/starter-pack/mkennedy.codes/3lbdnupl26e2x Directory: https://blueskydirectory.com/starter-packs/all Joke: curl - heavy metal style!
