Python 300: Notebooks, Trust Stores, and Security

Celebrating Episode 300

The podcast celebrates its landmark 300th episode, highlighting the journey of the show since its inception in 2016. The hosts reflect on the evolution of Python and its community.

Packaging and Tooling

Brian discusses his recent exploration of different tools for packaging, specifically focusing on building wheels.
• Key takeaway: Tools like Flit, Hatch, and setup have grown more accessible due to pyproject.toml support.
• Tool Recommendation: Wheel Inspect is highlighted for inspecting the contents of wheels, while Check Wheel Contents acts as a valuable linter for package creators.

Solving the Jupyter Git Problem

The hosts discuss a significant update from fast.ai aimed at making Jupyter Notebooks compatible with version control.

"The Jupyter Git problem is now solved from Jeremy Howard over at fast.ai."
• Traditional issues like merge conflicts, non-deterministic cell outputs, and metadata pollution are addressed with nbdev.
• The solution introduces a new merge driver for Git and an automatic save hook for Jupyter to clean unnecessary data.

Modernizing Authentication with Trust Stores

Seth Larson explains the initiative to replace certify with native operating system trust stores.
• This helps resolve insurmountable errors when working behind corporate proxies where certificates aren't recognized by default Python environments.
• The Path Forward: PIP version 22.2 added experimental support for this via --use-feature=trust-store.

The Terminal Renaissance

Brian introduces plotext, a library that allows for generating beautiful plots directly in the command line, including subplots and live data streams, fueling the current TUI (Terminal User Interface) renaissance.

Server-Side Improvements with HTMX

The discussion moves toward locality of behavior using HTMX and Jinja2Fragments, allowing developers to render specific blocks of HTML dynamically without complex JavaScript frameworks.

Supply Chain Security and Python Vulnerabilities

• SLSA (Salsa): A standard for verifying the provenance of software artifacts to protect against malicious package injection.
• Integer Parsing Vulnerability: The hosts discuss a critical security fix in Python (3.10.7+) addressing an integer parsing issue that could lead to Denial of Service (DoS) attacks on servers.