Topics covered in this episode: Using Django Tasks in productionCo-authored with Claude?PyPI packages are increasing rapidlyhttpx2ExtrasJokeWatch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python TrainingThe Complete pytest CoursePatreon Supporters Connect with the hostsMichael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky)Brian: @brianokken@fosstodon.org / @brianokken.bsky.socialShow: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 11am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: Using Django Tasks in production Tim Schilling shares how the Djangonaut Space website has been using Django’s new tasks framework and some of the info missing from the official Django docs.Tasks require a third party package, django-tasks-db to actually run the tasks.Article walks through all changes necessary to get an email process running to notify admins of new testimonials. Cool simple example.With the db backend, you can monitor progress of tasks in the admin, to see which tasks are scheduled, completed, or have errors.Some wishes for the community to implement new tutorial in the Django docsDjango Debug toolbar panel for taskstest/mock backendGreat title for wish list: Thinks I’d like to see, but I’m too lazy to implement myself. Michael #2: Co-authored with Claude? Via Nik T.We don’t put “executed on macOS”, “edited with PyCharm”, etc. in our commits. Why Claude?Seems like a growth hack to me, that I don’t really care to participate in.Some projects that have formalized their thoughts on this: The Generative AI Policy Landscape in Open SourceAdjust to turn off in ~/.claude/settings.json see the docs. { "attribution": { "commit": "", "pr": "" } } Brian #3: PyPI packages are increasing rapidly Artem GolubinThere’s been an increase of published packages per week on PyPIA pretty big increase in the last handful of months.30% increase since 2025, clearly due to AIArtem is building hexora, a malicious Python code detector.Cool package too, it can: Audit project dependencies to catch potential supply-chain attacksDetect malicious scripts found on platforms like Pastebin, GitHub, or open directoriesAnalyze IoC files from past security incidentsAudit new packages uploaded to PyPi.Artem is using hexora to analyze recently published pypi packages and many are obviously vibecoded and trigger false positives for abuses of eval, exec, and subprocess Side note: I don’t think that’s necessarily a false positive. Not malicious, but maybe a stupid-code-detector?Lots are LLM related, Lots have bots contributing codePublishing rate is crazy, dozens to hundreds of published versions in a day is a bug, not a featureBrian’s proposal, PyPI should limit releases per day for any package to something a sane human would do, even if they make a mistake on a release, to maybe like 2-3, definitely under 10, in a day. And if the repo has obvious agent contributors listed, maybe lower to the limit to 1-2 a day? Honestly, “move fast and break things” doesn’t apply to breaking the commons. Michael #4: httpx2 More on the httpx, httpxyz, etc changes: Pydantic people started their own fork, httpx2.Michiel says “while we think httpxyz was definitely needed, we welcome httpx2 and think it should be the ‘blessed’ fork.”Kludex, who is among other things maintainer of Starlette, was considering a forkAs it stands, httpx2 is lacking the performance improvements they added to httpxyz. But it will not be long before they will add those, too.Also they already made some smart decisions: they are switching from certifi to truststorethey are switching to compression.zstd on Python 3.14+, enabling zstd compression by defaultthey merged httpcore and vendored it in their repositoryDiscussion on Hacker News Extras Brian: The Four Horsemen of the LLM Apocalypse - AnarcatDjango/JetBrains 2026 developer survey is openPyrefly 1.0 : “meaning we are confident that Pyrefly is ready for production use.” Michael:Just about ready to release Python Web Security: OWASP Top 10 with Agentic AI course. Be sure to be on the courses newsletter to get notified. Joke: Proud Parents
Mostra di più
Mostra meno
Jun 9 202629 min