guac
setuptools
guac | setuptools | |
---|---|---|
4 | 21 | |
1,176 | 2,322 | |
1.2% | 1.4% | |
9.8 | 9.9 | |
7 days ago | about 23 hours ago | |
Go | Python | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
guac
-
Double-Entry Bookkeeping as a Directed Graph
Interestingly I sort of went in the other direction at one point -- converting what was obviously a graph (build pipelines) into a from-to / credit-debit representation. On reflection it's just an edge list.
My main problem with adapting the representation was in the incommensurability of different kinds of asset moving through the pipeline. How does one credit source code and debit a blob store? I thought about learning more about multi-currency accounting as a source for ideas but never followed it up.
That effort inspired my thinking about a "Universal Asset Graph" for software[0] -- keeping track of not just containment but also movement and transformation of software. It's a partial but not complete inspiration for GUAC, which aims to capture software part relations for easy querying.
[0] https://theoryof.predictable.software/articles/some-requirem...
[1] https://guac.sh
-
Python 3.12.0 from a supply chain security perspective
> biggest takeaway from this article is the Supply chain Levels for Software Artifacts (SLSA) security framework
See also GUAC from Kusari, Google, Citi, and others:
“GUAC (Graph for Understanding Artifact Composition) aims to fill in the gaps by ingesting software metadata, like SBOMs, and mapping out relationships between software. When you know how one piece of software affects another, you’ll be able to fully understand your software security position and act as needed.”
https://guac.sh
https://www.kusari.dev
- Guac
- guac: Graph for Understanding Artifact Composition (GUAC) aggregates software security metadata into a high fidelity graph database—normalizing entity identities and mapping standard relationships between them
setuptools
-
My User Experience Porting Off Setup.py
To be fair, that seems to have been a 2 year warning:
https://github.com/pypa/setuptools/commit/3544de73b3662a27fa...
-
Python 3.12.0 from a supply chain security perspective
There was/is some discussion in setuptools about how to normalize the tarball (https://github.com/pypa/setuptools/issues/2133#issuecomment-...) coudl something similar be applied to Building Python itself ?
-
ERROR after python3.11 update
❯ yay -Sy python-setuptools python-jaraco.text ❯ pip show setuptools Name: setuptools Version: 67.7.0 Summary: Easily download, build, install, upgrade, and uninstall Python packages Home-page: https://github.com/pypa/setuptools Author: Python Packaging Authority Author-email: [email protected] License: Location: /usr/lib/python3.11/site-packages Requires: jaraco.text, more-itertools, ordered-set, packaging, platformdirs, tomli, validate-pyproject Required-by: Cerberus, fs, httpie, input-remapper, pecan, pycountry, python-lsp-server, reuse, setuptools-scm, zc.lockfile
- InvalidVersion Exception on Setuptools 66
-
PIP fails to install correctly in Ubuntu 20.04.Need help.
Link: https://github.com/pypa/setuptools/issues/3772
- If there’s gonna be a Python 4.0 one day, what’s a breaking change you’d like to see? Let’s explore the ideas you have that can make Python even better!
-
So how do you actually deploy code/scripts?
For example, when it comes to Python, one option is to use the same packaging system that a huge number of open-source libraries and tools are published with. You can use setuptools or Hatch to build a "packaged" version of your code, and publish it to either the public PyPi repository or an internal one that you set up. Then your users can use pip to install your package, automatically fetch its dependencies, and keep it up to date, just like any other Python module.
-
What’s the most convenient way for a non-programmer to run a Python code?
You could maybe make it a click Application, and use setuptools.
-
turbo encabulator compliant
Not sure how advisable it is to depend on setup.py given the setuptools team has very clearly stated that they are not interested in supporting any cli commands anymore including setup.py install. Relavant PR
- [BUG] There was an error checking the latest version of pip · Issue #3333 · pypa/setuptools
What are some alternatives?
slsa-verifier - Verify provenance from SLSA compliant builders
hatch - Modern, extensible Python project management
encapsule
Python-docker - Docker Official Image packaging for Python
wg-securing-software-https
bottlerocket - An operating system designed for hosting containers
python-adblock - Brave's adblock library in Python
htop - htop - an interactive process viewer
build - A simple, correct Python build frontend
hosts - 🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.
mypy - Optional static typing for Python
GORM - The fantastic ORM library for Golang, aims to be developer friendly