> Their infrastructure (pip) getting worse and worse Hi, I'm a pip maintainer, can you please report any issue you think is happening in recent versions of pip: https://github.com/pypa/pip/ I particularly work on…
> Running pip install lightning is all that is needed to activate FYI, pip added cooldowns in 26.1: * https://discuss.python.org/t/announcement-pip-26-1-release/107108 *…
The note at the end of the post indicates the user asked Claude to review their own chat logs. It's impossible to tell if Claude used or built a a performance harness or just wrote those numbers based on vibes.
Pip maintainer here, to do this in pip (26.0+) now you have to manually calculate the date, e.g. --uploaded-prior-to="$(date -u -d '3 days ago' '+%Y-%m-%dT%H:%M:%SZ')" In pip 26.1 (release scheduled for April 2026), it…
The threat actor was sophisticated enough to spam GitHub issues with dozens of different accounts. I imagine they could completely overwhelm PyPI with unauthenticated reports.
> I had no idea how to contact anyone related to PyPI https://pypi.org/security/: > If you've identified a security issue with a project hosted on PyPI Login to your PyPI account, then visit the project's page on PyPI.…
As a pip maintainer I don't think that's really true. The resolver in both pip and uv are fundamentally sequential and single threaded, you can't really queue up or split out jobs. What uv does is parallelize the final…
pixi offloads PyPI ecosystem stuff to uv, but pixi is conda first. The team were actually the first to build a Rust based Python package resolver (rip), but after uv was released they migrated to uv's resolver (Python…
On a widely used open source project I maintain I've been seeing PRs in the last month that are a little off (look okayish but are trivial or trying to solve problems in weird ways), and then when I look at their…
My understand is Astral's focus for ty has been on making a good experience for common issues, whereas they plan for very high compliance but difficult or rare edge cases aren't are prioritized. Compliance suite numbers…
AI is somewhat helpful but I'm not interested in a company finding a way for me to pay to do my volunteer OSS work. GitHub Copilot offers a permanent free subscription for OSS maintainers. I previously ignored a free…
I found the diagrams on the Wikipedia pages help build an intuitive understanding of each step: https://en.wikipedia.org/wiki/Conflict-driven_clause_learnin... Also, the pubgrub-rs guide I find has a gentle ramp in…
I assume lock and dependency files are in the training data, so predicting version number tokens have high probabilities associated with them.
As a pip maintainer I primarily think about resolution and resolver performance. I got involved when pip introduced it's current resolver around late 2020, and got my first PR landed in mid 2021. I recently became a…
> At one company I worked at, we had a system where each deploy got its own folder, and we'd update a symlink to point to the active one. It worked, but it was all manual, all custom, and all fragile. The first time I…
We're getting there https://pip.pypa.io/en/stable/cli/pip_lock/ ! Pip has been a flag bearer for Python packaging standards for some time now, so that alternatives can implement standards rather than copy behavior. So…
Unfortunately that was posted 1 month before the Faster CPython project was disbanded by Microsoft, so I imagine things have slowed.
Python has about 40 keywords, I say I would regularly use about 30, and irregularly use about another 5. Hardly seems like a "junkyard". Further, this lack of first class support for lazy importing has spawned multiple…
> I had been hoping someone would introduce the non-virtualenv package management solution that every single other language has where there's a dependency list and version requirements (including of the language itself)…
> You let people make the mistake and have the library throw an exception if they do that, not through type checking but just through something eventually calling a method that doesn't exist. Exceptions or crashes would…
> I wouldn't mind a codebase where numpy objects created by dependency B can't be shared directly with dependency A without me first running some kind of conversion function on them Given there's no compiler to enforce…
I agree, but as a type checker it is a subjective choice, whether to be explicit and not make assumptions or whether to infer from certain certain patterns as probably correct and not be noisy to the user. Very glad to…
I assume in your example if you update the foo declaration to the following it solves the complaint: foo: list[str] = [] If so this a type checking design choice: * What can I infer from an empty collection declaration?…
A lot of the tools you list here are composable, mypy checks type hints, black formats code, because of the purpose and design ethos of those two tools they would never think to merge. So which is it that you want, to…
> Hmm. Presumably mypy and pyrefly use the same ones, but then I don't understand why pyrefly is complaining and mypy isn't: > …where is it even puling "tuple[Any]" from… Perhaps it's a bug in pyrefly, perhaps mypy or…
> Their infrastructure (pip) getting worse and worse Hi, I'm a pip maintainer, can you please report any issue you think is happening in recent versions of pip: https://github.com/pypa/pip/ I particularly work on…
> Running pip install lightning is all that is needed to activate FYI, pip added cooldowns in 26.1: * https://discuss.python.org/t/announcement-pip-26-1-release/107108 *…
The note at the end of the post indicates the user asked Claude to review their own chat logs. It's impossible to tell if Claude used or built a a performance harness or just wrote those numbers based on vibes.
Pip maintainer here, to do this in pip (26.0+) now you have to manually calculate the date, e.g. --uploaded-prior-to="$(date -u -d '3 days ago' '+%Y-%m-%dT%H:%M:%SZ')" In pip 26.1 (release scheduled for April 2026), it…
The threat actor was sophisticated enough to spam GitHub issues with dozens of different accounts. I imagine they could completely overwhelm PyPI with unauthenticated reports.
> I had no idea how to contact anyone related to PyPI https://pypi.org/security/: > If you've identified a security issue with a project hosted on PyPI Login to your PyPI account, then visit the project's page on PyPI.…
As a pip maintainer I don't think that's really true. The resolver in both pip and uv are fundamentally sequential and single threaded, you can't really queue up or split out jobs. What uv does is parallelize the final…
pixi offloads PyPI ecosystem stuff to uv, but pixi is conda first. The team were actually the first to build a Rust based Python package resolver (rip), but after uv was released they migrated to uv's resolver (Python…
On a widely used open source project I maintain I've been seeing PRs in the last month that are a little off (look okayish but are trivial or trying to solve problems in weird ways), and then when I look at their…
My understand is Astral's focus for ty has been on making a good experience for common issues, whereas they plan for very high compliance but difficult or rare edge cases aren't are prioritized. Compliance suite numbers…
AI is somewhat helpful but I'm not interested in a company finding a way for me to pay to do my volunteer OSS work. GitHub Copilot offers a permanent free subscription for OSS maintainers. I previously ignored a free…
I found the diagrams on the Wikipedia pages help build an intuitive understanding of each step: https://en.wikipedia.org/wiki/Conflict-driven_clause_learnin... Also, the pubgrub-rs guide I find has a gentle ramp in…
I assume lock and dependency files are in the training data, so predicting version number tokens have high probabilities associated with them.
As a pip maintainer I primarily think about resolution and resolver performance. I got involved when pip introduced it's current resolver around late 2020, and got my first PR landed in mid 2021. I recently became a…
> At one company I worked at, we had a system where each deploy got its own folder, and we'd update a symlink to point to the active one. It worked, but it was all manual, all custom, and all fragile. The first time I…
We're getting there https://pip.pypa.io/en/stable/cli/pip_lock/ ! Pip has been a flag bearer for Python packaging standards for some time now, so that alternatives can implement standards rather than copy behavior. So…
Unfortunately that was posted 1 month before the Faster CPython project was disbanded by Microsoft, so I imagine things have slowed.
Python has about 40 keywords, I say I would regularly use about 30, and irregularly use about another 5. Hardly seems like a "junkyard". Further, this lack of first class support for lazy importing has spawned multiple…
> I had been hoping someone would introduce the non-virtualenv package management solution that every single other language has where there's a dependency list and version requirements (including of the language itself)…
> You let people make the mistake and have the library throw an exception if they do that, not through type checking but just through something eventually calling a method that doesn't exist. Exceptions or crashes would…
> I wouldn't mind a codebase where numpy objects created by dependency B can't be shared directly with dependency A without me first running some kind of conversion function on them Given there's no compiler to enforce…
I agree, but as a type checker it is a subjective choice, whether to be explicit and not make assumptions or whether to infer from certain certain patterns as probably correct and not be noisy to the user. Very glad to…
I assume in your example if you update the foo declaration to the following it solves the complaint: foo: list[str] = [] If so this a type checking design choice: * What can I infer from an empty collection declaration?…
A lot of the tools you list here are composable, mypy checks type hints, black formats code, because of the purpose and design ethos of those two tools they would never think to merge. So which is it that you want, to…
> Hmm. Presumably mypy and pyrefly use the same ones, but then I don't understand why pyrefly is complaining and mypy isn't: > …where is it even puling "tuple[Any]" from… Perhaps it's a bug in pyrefly, perhaps mypy or…