@sysosmaster @0x40k

Trusted Publishing gives provenance of which repo the files were uploaded from, the workflow file, and commit. For example:

https://pypi.org/project/urllib3/2.3.0/#urllib3-2.3.0-py3-none-any.whl

Downstream verification for installers such as pip is the next step:

https://blog.trailofbits.com/2024/11/14/attestations-a-new-generation-of-signatures-on-pypi/

#python #PEP740 #PyPI #TrustedPublishing

Just released! Python Docs Sphinx Theme 2024.10 🚀

https://pypi.org/project/python-docs-theme/2024.10/

📚 Add support for Python 3.13

📚 Drop support for Python 3.8

📚 Add script for handling translations

📚 Generate digital attestations for PyPI (PEP 740)

This is the theme used by docs sites such https://docs.python.org and https://typing.readthedocs.io

#Python #docs #Sphinx #PythonDocsTheme #PythonDocsSphinxTheme #PEP740

Just released: blurb 1.3.0 🚀

blurb is the CLI we use for managing CPython's news/changelog entries.

🗞️ Add support for Python 3.13

🗞️ Drop support for Python 3.8

🗞️ Generate digital attestations for PyPI (PEP 740)

🗞️ Allow running blurb test from blurb-* directories by

🗞️ Add version subcommand

🗞️ Generate __version__ at build to avoid slow importlib.metadata

https://pypi.org/project/blurb/1.3.0/

#Python #CPython #blurb #release #CLI #changelog #news #PEP740 #Python313 #Python38

Just released: pepotron 1.3.0 🚀

🔩 Generate digital attestations for PyPI (PEP 740)

🔩 Drop support for Python 3.8

🔩 Generate __version__ at build to avoid slow importlib.metadata

🔩 Test on CI with uv

https://pypi.org/project/pepotron/1.3.0/

Pepotron is a CLI for opening PEPs in your browser. For example, try:

$ pep 8

$ pep 3.14

$ pep dead batteries

$ pep calendar

#Python #release #pepotron #PEP #CLI #PEP740 #Python38

Just released: pypistats 1.7.0 🚀

📈 Generate digital attestations for PyPI (PEP 740)

📉 Drop support for EOL Python 3.8

📈 Generate __version__ at build to avoid slow importlib.metadata

https://pypi.org/project/pypistats/1.7.0/

#Python #release #pypistats #CLI #PEP740 #Python38

Just released: #cherry_picker 2.3.0 🚀

This tool creates backports for CPython when the Miss Islington bot can't, usually due to a merge conflict.

🍒 Add support for #Python 3.13, drop EOL 3.8
🍒 Resolve usernames when remote ends with a trailing slash
🍒 Optimize validate_sha() with --max-count=1
🍒 Remove multiple commit prefixes
🍒 Handle whitespace when calculating usernames
🍒 Publish to PyPI using #TrustedPublishers
🍒 Generate #PEP740 attestations
🍒 And more!

https://pypi.org/project/cherry-picker/2.3.0/

#release

Just released: termcolor 2.5.0: ANSI colour formatting for terminal output
🚀🖥️🎨

🖥️ Added `strike` attribute
🖥️ Now generates and uploads #PEP740 attestations to PyPI
🖥️ Dropped support for oh-so-very-nearly-EOL Python 3.8

https://pypi.org/project/termcolor/2.5.0/

#Python #termcolor #release

🐍🏃‍➡️🏃‍➡️🏃‍➡️🏃‍➡️🏃‍➡️ Heading home soon after a hugely productive #Python #CoreDevSprint. Huge shout out to Itamar Oren & Meta for organising!

Friday:

🎙️ I was on the #core.py podcast with @ambv & Pablo! Expect a special edition soon featuring many sprinters

🧑‍🎓 Discussed ideas for docs tooling to refresh the tutorial with @mariatta, Jelle Zijlstra, Petr Viktorin and @freakboy3742

📖 Made demo using PyData Theme for the docs

* Created 6 PRs (including adding #PEP740 attestations to PyPI packages), reviewed 11