The document discusses the quality of the Python ecosystem. It notes that while Python has many attractive qualities, the ecosystem faces challenges around library safety, documentation, and long-term maintainability. However, the community is the main driver of quality control. Improving tools for testing, verifying, and documenting libraries could help address issues. The responsibility of ecosystem quality ultimately lies with individual contributors collaborating openly through projects like PyPA to help evolve Python and PyPI.
4. “An ecosystem is a community of living
organisms in conjunction with the nonliving
components of their environment (things like
air, water and mineral soil), interacting as a
system”
-- Wikipedia
5. - You (and your groups)
- Communities (meetups and conferences)
- theoretical Material (books, tutorials, courses)
- Tools(systems, IDEs, platforms)
- Package library (pip, github, conda)
- Python Software Foundation
- The Language (core developers)
Ecossistema Python?
7. - Python is easy to learn.
- The community is receptive
- It has really cool events.
- It's easy to write and publish new
libraries with Python.
- You thought in something ... you
already have it in PyPI.
- It is popular and fashionable.
- Approved by Large companies.
$ pip install magic
>>> magic.run()
11. How to assure professional quality?
?Professional Python Certification!
Became a professional for only $ 9.999,99 /
year
12. How to assure the Quality of published libraries?
?Become “Python Developer Partner”
Publish your libraries
to “PyPI store” for only $ 9.999,99 / year
PY
13. New Python 3.6
Featuring exclusive `f’string`
Only $ 999/year
You need Python 3.6
Call 555 - 5555
And buy it now!
Oportunity:
First 100 customers
Will get IDLE for free...By Guido Inc.
15. ● Python has no owner, it belongs to the community.
● The community is quality control.
● The community is a certifying entity *.
* In the Python community, EVERYONE are encouraged to participate and make a
difference, collaborating with the various pillars of the community (slide 4) is of great value to
the career of the Python professional.
17. “I came for the language
but I stay for the community”
- Brett Cannon
18. "Diversity happens when different people
meet in one place"
"Inclusion happens when these people can
work together, as equals, with the same
opportunities and without prejudice to any
of them"
- Naomi Ceder (Pycon Brasil 2016)
19. How to fight the community and diversity problems?
- Code of conduct
- Adopt a mentor's position, not a judge's.
20. Open by default
- PSF (grants, membership, fellowship and board)
- Repositories
- Experiments (MyPy, Gilectomy)
- APyB
- Call 4 Papers
- PyPI/Warehouse
- Python Planet
- PEPs
- GruPys
Você pode participar
abertamente!!!
22. $ pip install magic
>>> magic.run()
- Python is easy!
- Lot of libraries available
23. >>> Traceback
Cannot do the
magic today...
- How many of the 100_000+ has
test coverage?
- Good documentation?
- How do I choose?
24. $ pip install magic
$ installing…
$ HAHA you got
hacked!!!
- Are all that libs safe?
- Anyone can publish a new lib in
PyPI in few minutes, who assure
the safety?
26. # setup.py `pip install magic`
from setuptools import setup
setup(
name="magic",
...
)
Always review source code
of the libs you are installing.
Specially `setup.py`
Don’t forget the scrollbars.
38. Warehouse is a next generation Python Package
Repository designed to replace the legacy code base that
currently powers PyPI
39. Rank: 4.5 - safe
Rank: 2.0 - outdated
Rank: 1.0 - danger
1.234 Reviews ++
1 Review --Why not making it more `social driven` to
address the library quality problem?
Example:
More maintainers
More quality
points!
40. What to do about safety ?
- Check before installing
- Install known and trusted libraries
- Use SafetyCI - pyup.io
- Create (and share) more tools to help with verification
- Report if lib is suspected
- Collaborate to the Pypa / Warehouse project
42. Every library published in PyPI comes with an invisible tag that says:
"I am aware of the responsibilities
that I must assume when I publish
this code and I promise to do my
best to keep it with quality until the
end of time!"
And I'll leave it explicit if for any reason I can not keep leaving the path clear
For anyone wanting to create a fork!
43. That “one man project” is not so cool
Maintanable:
Project that can be maintable by as
many and diverse people.
44.
45. Leftpad is ` npm`
problem, will not
happen with
Python?
46. pip install requests
● 99.9% of installations of Python environments install requests
● If the version is not specified your build may break
● Tools like Travis-Ci depend on requests and have already broken for this!
● Operating systems bring requests by default
● Until a few months ago this was a 'one man band' project, but after recent
issues with releases the creator decided to exclude himself as administrator
from the lib and elected other maintainers
● It is not the only one, there are other Python libs published with the same
risk
● Always specify your versions
● Use pyup.io or requires.io or any other solution of the type
● Use safety / IC or something
47. …..
Too many broken releases in a single day...
TravisCi broke (even if you pinned the
version) it was depending on requests itself.
And backwards incompatible code was
pushed.
So the creator assumed the responsability
and did the right thing! Thanks!!!
51. Just like we did recently, changing
our testing culture.
We need efforts to change our
documentation culture!
52. Q: Why most libraries do not have good
documentation?
A: Writing documentation is a boring process!
Q: Why is it boring?
A: Non-friendlier tools and formats (rst) drive
people away from the documentation. We need
to do as we did with the tests and adopt easier
formats (md?) and tools. (in other words we need
a `py.test` for documentation.
Q: How to encourage people to contribute
documentation?
A: First we need to define the process (as well as
in the tests) and then create a manifesto
attracting contributors, showing the importance,
providing a certain status to the documenter, and
using the events to foster that culture.
54. Conclusion
- Python is not a product!
- The ecosystem (mainly the community) already has above average quality
- We need more theoretical quality materials for beginners
- Documentation is important we need to give it more focus
- We can use tools to help in the QA of Python libraries
- We can collaborate with the evolution of PyPI
- We can collaborate with the evolution of Python
- The quality of the ecosystem is OUR responsibility
- Be responsible and publish only quality libraries in PyPI
- We need a collaborative solution to classify 100,000+ libs
- Collaborate!