#392 The votes have been counted

Topics covered in this episode:


2024 PSF Board Election & Proposed Bylaw Change Results
SATYRN: A modern Jupyter client for Mac
Incident Report: Leaked GitHub Personal Access Token
Extra extra extra
Extras
Joke

Watch on YouTube

About the show

Sponsored by Code Comments, an original podcast from RedHat: pythonbytes.fm/code-comments

Connect with the hosts


Michael: @mkennedy@fosstodon.org
Brian: @brianokken@fosstodon.org
Show: @pythonbytes@fosstodon.org


Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesdays at 10am PT. Older video versions available there too.

Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.

Brian #1: 2024 PSF Board Election & Proposed Bylaw Change Results


New board members

Tania Allard
KwonHan Bae
Cristián Maureira-Fredes

Congrats to new board members
If you want to consider becoming a board member, there are 4 seats up for vote next year.
All 3 bylaw changes passed, by a wide margin.

Details of changes
Change 1: Merging Contributing and Managing member classes
Change 2: Simplifying the voter affirmation process by treating past voting activity as intent to continue voting
Change 3: Allow for removal of Fellows by a Board vote in response to Code of Conduct violations, removing the need for a vote of the membership



Michael #2: SATYRN: A modern Jupyter client for Mac


A Jupyter client app for macOS
Comes with a command palette
LLM assistance (local or cloud?)
Built in Black formatter
Currently in alpha
Business model unknown


Brian #3: Incident Report: Leaked GitHub Personal Access Token


Suggested by Galen Swint
See also JFrog blog: Binary secret scanning helped us prevent (what might have been) the worst supply chain attack you can imagine
A GitHub access token found it’s way into a .pyc file, then into a docker image.
JFrog found it through some regular scans.
JFrog notified PYPI security.
Token was destroyed within 17 minutes. (nice turnaround)
Followup scan revealed that no harm was done.
Takaways (from Ee Durbin):

Set aggressive expiration dates for API tokens (If you need them at all)
Treat .pyc files as if they were source code
Perform builds on automated systems from clean source only.



Michael #4: Extra extra extra


Python 3.13.0 beta 3 released
Ice got a lot better
I Will Piledrive You If You Say AI Again | Prime Reacts Video
Follow up actions for polyfill supply chain attack
Developer Ecosystem Survey 2024
Code in a Castle still has seats open


Extras

Brian:


A new pytest course in the works

Quick course focusing on

core pytest features + some strategy and Design for Testability concepts

Idea

everyone on the team (including managers) can take the new course.
1-2 people on a team take “The Complete pytest Course” to become the teams local pytest experts.


Python People is on an indefinite hold
Python Test → back to Test & Code (probably)

I’m planning a series (maybe a season) on TDD which will be language agnostic.
Plus I still have tons of Test & Code stickers and no Python Test stickers.
New episodes planned for August



Joke: I need my intellisense (autocomplete)