Modernizing Python Web Apps and PyPI Security Updates

Web Framework Migration and Modernization

Michael discusses his recent project: migrating his websites from Pyramid to Quart. The main driver for this shift was the lack of active updates for Pyramid, which made supporting modern async programming and type checking difficult.

Key Considerations of the Migration

• Framework Choice: He evaluated FastAPI, Lightstar, Django, and static site generators like Hugo. He ultimately chose Quart because it is under the same organization as Flask, offering a clear upgrade path and familiarity.
• Performance Gains: The transition to async resulted in performance improvements of approximately five times faster than the previous synchronous implementation.
• Testing Strategies: He used Python scripts to crawl his entire sitemap, ensuring all pages were functional after the move to avoid 404 or 500 errors.

"I want a super popular framework. I want one where if you say, hey, I wrote my website in this, there's a real good chance somebody says, me too."

PyPI Supply Chain Security

Significant updates to the Python Package Index (PyPI) are enhancing the security of the software supply chain.

• Digital Attestations: PyPI now supports signed digital attestations, allowing maintainers to verify that a package was built from a specific source repository, reducing the risk of tampering.
• Trusted Publishing: Using GitHub Actions alongside trusted publishing is now the recommended, seamless path for maintainers to sign their releases.
• Future Licensing: PEP 639 is being implemented, allowing the use of SPDX expressions to easily define package licenses, replacing the older, less intuitive Trove classifiers.

Community Corner and Future Topics

• Django Rusty Templates: A new, early-stage project that reimplements Django templates in Rust for potential performance optimization.
• Blue Sky Starter Packs: Michael highlights these as a highly effective "growth hack" for community building, allowing users to follow curated interest groups in a single click.
• Python Async Philosophy: Armin Ronacher recently discussed the complexities of async/await in programming, prompting a debate about whether concurrency should be invisible or easier to orchestrate in Python.