Readit News logoReadit News
di commented on Shai-Hulud Returns: Over 300 NPM Packages Infected   helixguard.ai/blog/malici... · Posted by u/mrdosija
larusso · a month ago
The trusted publishing is rather new or? Awesome to see that they implemented it. Just saying that maven central required it already years ago.
di · a month ago
Maven Central does not currently support OIDC-based authentication (commonly called "Trusted Publishing").
di commented on PSF has withdrawn $1.5M proposal to US Government grant program   pyfound.blogspot.com/2025... · Posted by u/lumpa
di · 2 months ago
For some context on the scale of this grant, the PSF took in only $1M in "Contributions, Membership Dues, & Grants" in 2024: https://www.python.org/psf/annual-report/2024/
di commented on PSF has withdrawn $1.5M proposal to US Government grant program   pyfound.blogspot.com/2025... · Posted by u/lumpa
paloblanco · 2 months ago
Thanks! I want to bring this up as a discussion point when I get the chance at work.

I can't find a date on this letter - is it recent?

di · 2 months ago
It says "September 23, 2025" right at the top.
di commented on Python's splitlines does more than just newlines   yossarian.net/til/post/py... · Posted by u/Bogdanp
woodruffw · 3 months ago
John Yossarian is the protagonist of Joseph Heller’s Catch-22[1], which was my favorite book in high school. Like a lot of people, my handle is a slightly embarrassing memorialization of my younger self :-)

[1]: https://en.wikipedia.org/wiki/Catch-22

di · 3 months ago
Don't be embarrassed, it's a good book (and was my favorite too).
Posted by u/di 3 months ago
Strengthening NPM security: Important changes to authentication and tokensgithub.blog/changelog/202...
di commented on How I solved PyTorch's cross-platform nightmare   svana.name/2025/09/how-i-... · Posted by u/msvana
di · 4 months ago
Note that https://peps.python.org/pep-0440/#direct-references says:

> Public index servers SHOULD NOT allow the use of direct references in uploaded distributions. Direct references are intended as a tool for software integrators rather than publishers.

This means that PyPI will not accept your project metadata as you currently have it configured. See https://github.com/pypi/warehouse/issues/7136 for more details.

Posted by u/di a year ago
New in CSS: Relative Colorsstefanjudis.com/notes/new...
d

u/di

KarmaCake day1549November 30, 2011View Original