Seth Larson

@sethmlarson
1.9K Followers
408 Following
971 Posts

Security and Fellow at the Python Software Foundation 🐍 Trans rights, BLM, Minnesoootan, retro gaming, he/him



Blog: https://sethmlarson.dev

Bloghttps://sethmlarson.dev
Signalsethmlarson.99
Seth Larson10h ago
Niki11h ago

I hope EU will make it illegal to advertise disk storage space in laptops/phones without accounting for OS. macOS takes up 20 Gbs? Well, it means it’s a 491 Gb disk, not 512 Gb

Might as well motivate OS manufacturers to slim down installation sizes

Seth Larson11h ago
Python Package Index14h ago
PSF Security developers have published incident reports on the LiteLLM & Telnyx #supplychain attacks. Read what happened, who's affected, and what developers & maintainers can do to prepare and protect themselves from future incidents. #security #python
https://blog.pypi.org/posts/2026-04-02-incident-report-litellm-telnyx-supply-chain-attack/
Incident Report: LiteLLM/Telnyx supply-chain attacks, with guidance - The Python Package Index Blog

Python Package Index shares insights and provides guidance following LiteLLM/Telnyx supply-chain attacks

Seth Larson14h ago

RE: https://fosstodon.org/@pypi/116335453780319113

There is a ton in this report, like how @pypi is able to respond so quickly to malware thanks to our network of trusted reporters and how to keep yourself secure both as a maintainer and user of Python packages.

Seth Larson1d ago
Hugo van Kemenade1d ago

Please welcome Stan Ulbrych @stanfromireland as the newest member of the Python core team!

https://discuss.python.org/t/vote-to-promote-stan-ulbrych/106562

https://hugovk.github.io/python-core-team/by-year.html

https://fedidevs.com/s/Mzk/
#Python #CPython #CoreTeam

Vote to promote Stan Ulbrych

I’d like to propose promoting Stan Ulbrych (@Stanfromireland) to core developer. If you’ve been active in the repo lately you probably ran into this enthusiastic triager. I’m now at the proverbial point where applying his “I’d merge this” suggestions feel like a chore – and cases where I disagree feel like nitpicking. Stan started contributing at the end of 2024, was promoted to triager in June, and accumulated 340+ commits in main. He’s active in datetime (to the point where @pganssle asked ...

Discussions on Python.org
Seth Larson1d ago
Zach Steindler1d ago

You can do a lot of things with @sigstore: sign things with workload identity, get attestations in package managers like PyPI, etc. But there's some limitations. For instance, you can't verify a Sigstore bundle in a 16-bit DOS environment.

Until today. Introducing sigstore-c, which prioritizes portability over features (and correctness!) https://blog.sigstore.dev/sigstore-c/

Introduction sigstore-c - Sigstore Blog

Seth Larson2d ago
Show threadTim Schilling2d ago
@treyhunner wait, is r"" a raw string? In my head I've always interpreted that was a regular expression "string"
Seth Larson2d ago
yossarian (1.3.6.1.4.1.55738)2d ago

I clearly need to start a wall of “trusted publishing would have prevented this” incidents

Edit: but not axios, maybe! Looks like that one may be full maintainer account compromise.

Seth Larson3d ago
PyCon US3d ago

🔐 Security Track Spotlight:
Join Hala Ali & Andrew Case at #PyConUS 2026 for "Post-Incident Runtime SBOM Generation from #Python Memory" and learn how to generate SBOMs from memory to uncover hidden dependencies and reduce false positives. #security

https://us.pycon.org/2026/schedule/presentation/104/

Seth Larson5d ago
Received the #Lego #Gameboy as a gift! My chances of doing https://buildaboy.co have suddenly increased astronomically.
Seth Larson6d ago
alexwlchan6d ago

Creating a personalised bin calendar: https://alexwlchan.net/2026/bin-calendar/

I wrote a quick post about how I create my a fridge calendar that tells me about bin day.

Python stdlib + CSS = 🚮 💚

Creating a personalised bin calendar

Every year I use Python and a bit of CSS to create a fridge calendar that tells me about bin day.