cryptography
Poetry
Our great sponsors
cryptography | Poetry | |
---|---|---|
70 | 375 | |
6,189 | 29,170 | |
2.5% | 2.9% | |
9.9 | 9.6 | |
7 days ago | about 11 hours ago | |
Python | Python | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cryptography
-
We build X.509 chains so you don't have to
Congratulations to the authors, this was a feature that was dearly missing from pyca/cryptography. It took a long time to get right.
For the history: https://github.com/pyca/cryptography/issues/2381
-
βOur paying customers need X, when will you fix it?β
Some context:
- The cryptography dependency used by the current release of mitmproxy has a CVE related to an OpenSSL vulnerability (https://github.com/pyca/cryptography/security/advisories/GHS...)
- The main branch of mitmproxy has already upgraded to the latest version of the cryptography package
- The author of the package does not believe the CVE impacts users of mitmproxy so a release including this commit has not been made
-
Microservice memory profiling
first, I did see a correlation between an endpoint being heavily hit in a given time window, and an increase of memory usage that didn't went down afterwards. The endpoint didn't do much so I went through every instruction - is a global variable appended indefinitely ? Is a cache decorator growing without a limit set ? Do I use a 3rd party that has a known issue ? Turns out, it was using cryptography, so I looked up known issues. Saw an issue about a leak when using load_pem_x509_certificate https://github.com/pyca/cryptography/issues/4833 - which I used ! I could fortunately just upgrade the library
-
I love building a startup in Rust. I wouldn't pick it again
> A big problem with Rust, long-term, is that the kind of programs that really need it are somewhat out of today's mainstream. It's not that useful for webcrap. It's not that useful for phone apps. The AI people use Jupyter notebooks and Python to drive code on GPUs.
One thing this is missing is that Rust is useful for libraries callable by many different languages. You may or may not want to use it to build an actual Web app (I personally think it's a solid choice, but reasonable people can disagree). But for building, say, the Python cryptography library [1], which is used as a part of "webcrap" and Jupyter notebooks, Rust is clearly an excellent option. Nobody is going to build core Python infrastructure in Go or Node, and there will always be a need for plumbing libraries.
-
Azure CTO: βIt's time to halt starting any new projects in C/C++ β
> I am curious. Could you give some more context?
Probably talking about this: https://github.com/pyca/cryptography/issues/5771
- Zig, the Small Language
-
Using a src directory for a Python package
As for an example, cryptography is the general example I recommend here: https://github.com/pyca/cryptography
-
Difference between ruby 2 and ruby 3?
Wasn't entirely serious, just this crap https://github.com/pyca/cryptography/issues/5771
-
OpenSSL Security Advisory [5 July 2022]
The modes of operation aren't the main reason people use OpenSSL; it's the support for all the gnarly (and less gnarly) protocols and wire formats that show up when doing applied cryptography.
Progress is being made on replacing OpenSSL in a lot of contexts (specifically, the RustCrypto[1] folks are doing excellent work and so is cryptography[2]), but there are still plenty of areas where OpenSSL is needed to compose the mostly algebraic cryptography with the right wire format.
-
Help with basic steps in an application design
2) Which cryptographic library would be recommended for this purpose? I've seen people using PyCrypto (https://github.com/pycrypto/pycrypto) which seems simple enough, but that one seems not maintained anymore. I've also seen keyring.cryptfile (https://github.com/frispete/keyrings.cryptfile) and pyca/cryptography (https://github.com/pyca/cryptography) but I'm not really sure if any of those should actually be used for my purpose?
Poetry
-
How to Enhance Content with Semantify
The Semantify repository provides an example Astro.js project. Ensure you have poetry installed, then build the project from the root of the repository:
-
Uv: Python Packaging in Rust
Has anyone else been paying attention to how hilariously hard it is to package PyTorch in poetry?
-
Boring Python: dependency management (2022)
Based on this comment 5 days ago[0], it's working? I'm not sure didn't dig in too far but based on that comment it seems fair to say that it's not fully Poetry's fault because torch removed hashes (which poetry needs to be effective) for a while only recently adding it back in.
Not sure where I would stand if I fully investigated it tho.
[0] https://github.com/python-poetry/poetry/issues/6409#issuecom...
-
Fun with Avatars: Crafting the core engine | Part. 1
We will be running this project in Python 3.10 on Mac/Linux, and we will use Poetry to manage our dependencies. Later, we will bundle our app into a container using docker for deployment.
-
Python Packaging, One Year Later: A Look Back at 2023 in Python Packaging
Here are the two main packaging issues I run into, specifically when using Poetry:
1) Lack of support for building extension modules (as mentioned by the article). There is a workaround using an undocumented feature [0], which I've tried, but ultimately decided it was not the right approach. I still use Poetry, but build the extension as a separate step in CI, rather than kludging it into Poetry.
2) Lack of support for offline installs [1], e.g. being able to download the dependencies, copy them to another machine, and perform the install from the downloaded dependencies (similar to using "pip --no-index --find-links=."). Again, you can work around this (by using "poetry export --with-credentials" and "pip download" for fetching the dependencies, then firing up pypiserver [2] to run a local PyPI server on the offline machine), but ideally this would all be a first class feature of Poetry, similar to how it is in pip.
I don't have the capacity to create Pull Requests for addressing these issues with Poetry, and I'm very grateful for the maintainers and those who do contribute. Instead, on the linked issues I share my notes on the matter, in the hope that it may at least help others and potentially get us closer to a solution.
Regardless, I'm sticking with Poetry for now. Though to be fair, the only other Python packaging tools I've used extensively are Pipenv and pip/setuptools. It's time consuming to thoroughly try out these other packaging tools, and is generally lower priority than developing features/fixing bugs, so it's helpful to read about the author's experience with these other tools, such as PDM and Hatch.
[0] https://github.com/python-poetry/poetry/issues/2740
-
Introducing Flama for Robust Machine Learning APIs
We believe that poetry is currently the best tool for this purpose, besides of being the most popular one at the moment. This is why we will use poetry to manage the dependencies of our project throughout this series of posts. Poetry allows you to declare the libraries your project depends on, and it will manage (install/update) them for you. Poetry also allows you to package your project into a distributable format and publish it to a repository, such as PyPI. We strongly recommend you to learn more about this tool by reading the official documentation.
-
Poetry VS instld - a user suggested alternative
2 projects | 9 Dec 2023
-
Navigating the Release Journey of txtToWeb
For the release of txtToWeb, I opted for Poetry as my release tool and TestPyPI as the package registry. Poetry's simplicity and TestPyPI's environment for testing releases were crucial factors in my decision.
-
π RepoList - A tool to generate wordlists based on GitHub repositories
I've used Python with Poetry to create Repolist. Poetry is fairly new to me and It was a great experience using it. Easy setup and dependency management. With few commands, I was able to create the project and publish it to PyPI. I will definitely use it for my future projects.
-
My first Software Release using GitHub Release
There were various approaches recommended depending on our language and ecosystem. My classmates who developed using Node.js were recommended npm, and PyPI or poetry for Python. Since my program is written in C++, I was recommended to look into one of vcpkg or conan, but I ultimately did not use either package manager.
What are some alternatives?
Pipenv - Python Development Workflow for Humans.
PDM - A modern Python package and dependency manager supporting the latest PEP standards
PyCrypto - The Python Cryptography Toolkit
hatch - Modern, extensible Python project management
pyenv - Simple Python version management
pycryptodome - A self-contained cryptographic library for Python
pip-tools - A set of tools to keep your pinned Python dependencies fresh.
virtualenv - Virtual Python Environment builder
pyOpenSSL -- A Python wrapper around the OpenSSL library - A Python wrapper around the OpenSSL library
conda - A system-level, binary package and environment manager running on all major operating systems and platforms.
pipx - Install and Run Python Applications in Isolated Environments
flit - Simplified packaging of Python modules