this post was submitted on 12 Jul 2024
370 points (97.4% liked)
Programmer Humor
19564 readers
607 users here now
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
Rules
- Keep content in english
- No advertisements
- Posts must be related to programming or programmer topics
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I also personally ask myself how a PyPI Admin & Director of Infrastructure can miss out on so many basic coding and security relevant aspects:
On the other hand what went well:
Isn’t that what Python is all about?
I feel seen.
Yes kids, the only stuff in ANY repo (public or otherwise) should be source code.
If it is compiled, built, or otherwise modified by any process outside of you the developer typing in your source code editor, it needs to be excluded/ignored from being committed. No excuses. None. Nope, not even that one.
No. 👏 Excuses. 👏
Two choices: Either the production software isn’t in the exact state the repo was when the software was built. Or I can’t get build timestamps in the software.
Isn't this why Docker exists? It's "works on my machine"-as-a-service.
I don't understand; I can push to GitHub using https creds or an ssh key without creating access tokens.
To err is to be human... right?
To be honest, this doesn't instill me with much confidence, but who am I? If someone looked at my OpSec, probably they'd be horrified.
Anti Commercial-AI license