Maxwell

@[email protected]
188 Followers
366 Following
509 Posts

Fedora developer. Member of the Python, Go, and EPEL SIGs. provenpackager and packager sponsor. Ansible Community Steering Committee member and antsibull comaintainer. Pythonista.

Fervent TV watcher. Professional Clutz. Queer 🏳️‍🌈. Broadway fan. Vegan.

       ✡️

#nobot

Websitehttps://gtmx.me
PronounsHe/Him or They/Them
Maxwell2d ago
David Lord 3d ago
company making maintainer work easier is now owned by company making that work harder https://astral.sh/blog/openai #Python
Astral to join OpenAI

Astral has entered into an agreement to join OpenAI as part of the Codex team.

MaxwellDec 27
Andrew NesbittDec 24

Package managers keep using git as a database, it never works out.

https://nesbitt.io/2025/12/24/package-managers-keep-using-git-as-a-database.html

Package managers keep using git as a database, it never works out

Git repositories seem like an elegant solution for package registry data. Pull requests for governance, version history for free, distributed by design. But as registries grow, the cracks appear.

Andrew Nesbitt
MaxwellDec 27
mav Dec 27
I still can't believe #Brave is a thing. There apparently are just people out there who are like "I'm frustrated by the corporate bullshit in Chrome, so I think I'll try this crypto scam made by a homophobe"
MaxwellDec 18
Miro Hrončok  Dec 17

So I heard you like #SBOM, so I put SBOM into the #Python wheels in #Fedora RPMs, so when you unwheel the wheels, you get the SBOM.

If your Python virtual environment was created on Fedora, your #security scanner can recognize #CVE fixes in patched pip (or setuptolos) within.

The question, however, is: What to do with this now :D

https://developers.redhat.com/articles/2025/12/15/how-reduce-false-positives-security-scans

Anyway, security scanner people, please reach out.

How to reduce false positives in security scans | Red Hat Developer

Learn about Fedora Rawhide testing a solution that embeds SBOM metadata directly into Python wheels, allowing scanners to recognize backported security fixes

Red Hat Developer
MaxwellOct 17

Me earlier today:

> I guess it would be relatively trivial to implement...

Famous last words...

Show threadMaxwellOct 3
Also — reading that the people writing the policy are feeding feedback into a LLM instead of actively engaging with contributors is kind of disappointing and hopefully not something will happen in the future
MaxwellOct 3
I spent some time writing my thoughts about the Fedora AI policy in https://discussion.fedoraproject.org/t/council-policy-proposal-policy-on-ai-assisted-contributions/165092/127
Council Policy Proposal: Policy on AI-Assisted Contributions

Personally, I don’t support a policy that’s more AI-optimist than the original policy. There are still unaddressed concerns about AI’s environmental impact and it swallowing up large amounts of art and code and other content, much of which has not been obtained through legal means and without attributing or compensating authors. And of the active open source maintainers I follow on social media — including Fedora contributors, many hold these concerns, and it seems concerns about AI have not be...

Fedora Discussion
MaxwellOct 2
StartMailOct 2
Starting next month, LinkedIn will start training its AI on the profiles, resumes, and posts of its members. The good news is that users still have time to opt out... https://www.techradar.com/pro/linkedin-set-to-start-to-train-its-ai-on-member-profiles
LinkedIn set to start to train its AI on member profiles

User data will be used for AI training by default

TechRadar
MaxwellOct 2
Another day, another unnecessary sub-menu gets added to the Gitlab UI
MaxwellSep 18, 2025
Tom "spot" Callaway Sep 18, 2025

#fedora friends, I'm putting out an advanced call for reviewers who are willing to help do package reviews for the newly split out texlive packages (moving from one unholy unmaintainable nightmare to 52 separate packages based mostly on collection groupings). This means it will be easier to update TeXLive and updates won't require every tex component to rebuild (just ones within the same collection/scheme).

Lemme know if you're interested in helping to review.