At PyCon US 2026 one of the standout talks for me was Larry Hastings on testing multithreaded code via blanket. Dug deeper into the topic afterwards and wrote it up. Free-threaded Python is around the corner so will become ever more important.
Just published my notes from this year's Python Packaging Summit at PyCon US. If you've ever been curious what one of these is like from the inside: Wheel 2.0 + Zstandard, PyPI abuse vectors, conda vs pip, nab as a pip-resolver candidate.
Just published my notes from this year's Python Typing Summit at PyCon US. If you've ever been curious what one of these is like from the inside: intersection types, constraint sets in ty, tensor shapes in Pyrefly, Guido on direction.
PyTexas 2026 ran April 17–19 in Austin. Friday was tutorials, Saturday and Sunday were talks with two keynotes and two lightning-talk blocks. A few themes kept coming back across unrelated talks:
Sovereignty. The word came up in two different keynotes. Hynek Schlawack: “the domain model must be sovereign”. Design it first, translate at the edges. Dawn Wages: “sovereignty over your stack” as one of her three pillars for both model and career specialization.
Agents should write code, not decide what to write. Peter Sobot’s Seven Stages of AI Grief ended on that line. Al Sweigart argued “agentic engineering” is vibe coding with better marketing, and that almost-right is worse than wrong. Maria Silvia Mielniczuk’s MCP talk built the same idea into an architecture: models suggest, only the server executes. Adam Gordon Bell’s running coach split deterministic work (plain Python) from interpretation (LLM). The Sunday opener framed it bluntly: when AI ships a bad PR, fix the process, not the model.
Code quality is an input to AI productivity. Miguel Vargas’s framing: AI agents produce cleaner, safer code in codebases that are already clean, safe, and typed, so Ruff, ty, and uv matter more now.
The supply chain is still the attack surface. Christopher Ariza on why pip install still runs arbitrary code, with .pth files, sitecustomize.py, and setup.py as the specific places to pay attention.
CPython itself is getting faster. Jacob Coffee on PEP 810 lazy imports for startup wins; Charlie Lin on the free-threaded build and what it takes to make an extension module safe under it.
Practical guide to Python supply chain security covering the full stack: dependency pinning with hashes, vulnerability scanning in CI, SBOMs, Trusted Publishing with OIDC, package attestations via Sigstore, and delayed ingestion for organizations. Written from the perspective of both a PyPA maintainer and enterprise package infrastructure operator. Includes real attack case studies (Ultralytics, GhostAction, Shai-Hulud) and a phased roadmap for adoption.
Sadly there's no easy way to mark all those Google searches out of date... One of the big goals of this project is to spread the knowledge though, so you reading it means success.
> So much complexity for what is not such a complicated problem to solve.
As someone who actually worked weeks on their spare time, I beg to differ. This is a very complicated problem to solve. And everyone has their own opinion on how things should work, which is goverened by their narrow use case. But you see a "standard" packaging tool needs to be the opposite of narrow use case. The main reason Anacond Inc exists is because they wanted to solve this for data science. Even with them being a relatively big corporation their "solution" is not loved universally, but works ok most of the time.
It's less crazy than you think. The foundation historically never had developer employees (today has just 1 - a CPython core developer that started 3 months ago). The only way taking over a project and making it de facto standard would be to have (IMHO at least) 5 full time employees working on it. That's a big investment the foundation doesn't have and no corporation commited to support that (for at least 3-4 years). Also, there's the huge backlash the PSF would have to deal with from people who inevitable don't like the choosen standard.