Absolutely stellar blog post from @sethmlarson.dev and @miketheman.com about the recent LiteLLM supply chain attack, and what you can do to protect your projects!
Everyone should read this post (and sponsor their _very important_ work!)
blog.pypi.org/posts/2026-0...
This (not very) Polish girl is going to Kraków!
My talk about the very coolest feature in Python 3.14, sys.remote_exec(), got accepted at @europython.eu!
We'll be doing a deep dive on savannah.dev/posts/the-co...! Can't wait!
I just woke up from a plague-induced nap where I dreamt that my 2-year-old nephew asked me what the TypeScript types would be to represent his toy barbecue and all of the accompanying plastic meats
Truly one of the most uncomfortable travel days I’ve had in a while, but my eardrums didn’t explode, so that’s a win 😭
We do it in some of the standard library (at least in argparse) for performance reasons!
Not only will your head feel like it's going to explode, but everyone around you will give you dirty looks.
If you've never had the misfortune of flying while congested, let me recommend avoiding it at all costs.
And JYFI the Python core team has requested removal of all Python org repos.
I've also just filed an issue to remove FastAPI from the site.
github.com/entrius/gitt...
Also the idea that onboarding requires you provide them with a GitHub PAT???? I think not.
Gittensor is paying crypto for merged OSS PRs and it’s generating slop contributions to repos listed on their platform without maintainer consent.
If you maintain an open source project, it's probably worth checking if you’re listed and requesting removal: gittensor.io/repositories
He also demanded kosher dill pickles and French toast for breakfast yesterday and we obliged.
My 2-year old nephew just called my laptop a “bobot” (robot) and honestly, yeah okay
lotta clueless frustrating takes about attie
god forbid someone make it easy to make a feed for like "show me posts about tsgo / TypeScript 7" or "show me posts about Go performance", two things i acutally want but do not have the skill to make nor the desire to host
Limit candidate packages to those that were uploaded prior to the given date. Accepts RFC 3339 timestamps (e.g., 2006-12-02T02:07:43Z), local dates in the same format (e.g., 2006-12-02) resolved based on your system's configured time zone, a "friendly" duration (e.g., 24 hours, 1 week, 30 days), or an ISO 8601 duration (e.g., PT24H, P7D, P30D). Durations do not respect semantics of the local time zone and are always resolved to a fixed number of seconds assuming that a day is 24 hours (e.g., DST transitions are ignored). Calendar units such as months and years are not allowed. May also be set with the UV_EXCLUDE_NEWER environment variable.
In light of the fallout from the LiteLLM supply chain attack, I just learned that you can exclude newly published package versions when installing with uv using exclude-newer.
I've seen this proposed before but I'm not fond of this idea. Open source is already challenging to break into for newcomers. This will make it even harder.
Savannah wearing an "interpretor" shirt. The shirt has a warning diagnostic squiggle underneath.
and that's INTERPRETER to you, thank you very much!
It makes me pretty sad tbh. I see my friends burning out from having to triage all this trash.
I see repos that I used to work on where all human comments on PR reviews are LLM generated. I get folks are using AI but can we not converge toward being 12 LLMs in a trenchcoat maintaining a project?
God, I really hate what open source is becoming.
Commenting a humongous block of text as an "analysis" with a line at the end that you are an AI agent is not helpful.
Not to be dramatic but the volume of slop right now is an attack on maintainers.
github.com/python/cpyth...
I believe the general consensus is that it’s the attacker trying to stifle discussion. Very, very strange.
I’m not affected; I never used this package. If you are, rotate all your keys, etc.
Also! Tonight! I’m seeing a Scream Unseen (aka a surprise early release of a horror movie)! So fun!
Also, before anyone asks: yes, it's a lot of movies. I watch a lot of movies. I like going, it’s meditative. It’s been nice going often because it pushes me to see things I normally wouldn’t pay to see!
I mentioned to someone the other day that I go to 3-4 movies a week in theatres, and they were shocked, mainly because it’s prohibitively expensive if you pay for each one individually.
So idk if this isn’t widely known, but an AMC subscription is like $25/month and lets you see up to 4 movies a week.
If you go *twice* in a month, it pays for itself.
If the Python core team started a weekly/monthly newsletter, what would y'all want out of it? What would make you excited to see the notification in your inbox?
@emmatyping.dev and I were brainstorming a bit on this the other day, inspired a bit by @thisweekinrust.bsky.social.
I suffer from "it popped into my head and so I must build it immediately"
overengineered is me building a little web app so that I can control my office hue lights based on my plex playback, with specific scenes for each genre.
