Public

664 bookmarks
Newest
Should You Use Upper Bound Version Constraints?
Should You Use Upper Bound Version Constraints?

I don't agree with much of this, but I recognise it's a valid position. To quote from the TL;DR at the end:

"Capping dependencies has long term negative effects, especially for libraries, and should never be taken lightly. A library is not installed in isolation; it has to live with other libraries in a shared environment. Only add a cap if a dependency is known to be incompatible or there is a high (>75%) chance of it being incompatible in its next release. Do not cap by default - capping dependencies makes your software incompatible with other libraries that also have strict lower limits on dependencies, and limits future fixes. Anyone can fix a missing cap, but users cannot fix an over restrictive cap causing solver errors. It also encourages hiding issues until they become harder to fix, it does not scale to larger systems, it limits your ability to access security and bugfix updates, and some tools (Poetry) force these bad decisions on your downstream users if you make them. Never cap Python, it is fundamentally broken at the moment. Also, even packing capping has negative consequences that can produce unexpected solves."

·iscinumpy.dev·
Should You Use Upper Bound Version Constraints?
Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack
Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack
"Last week, our automated risk detection platform alerted us to some suspicious activity in dozens of newly published PyPI packages. It appears that these packages are a more sophisticated attempt to deliver the W4SP Stealer on to Python developer’s machines by hiding a malicious import . Join us here on the Phylum research team as we investigate these new and shifting tactics the attacker is using to deploy W4SP stealer in this supply-chain attack."
·blog.phylum.io·
Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack
Musings on Python Type Hints
Musings on Python Type Hints
As a huge fan of type hinting in Python, I feel this is a good article introducing the sorts of things you should think about, and the benefits you should derive from using type hints.
·samgeo.codes·
Musings on Python Type Hints
Iceberger
Iceberger
How would that iceberg really float? Lots of illustrations that show "the $FOO iceberg" show a berg floating in an orientation that's very unlikely. This site lets you draw the vague outline and see how it might really end up.
·joshdata.me·
Iceberger