The Python Podcast.__init__

Intelligent Dependency Resolution For Optimal Compatibility And Security With Project Thoth

Listen Later
Summary

Building any software project is going to require relying on dependencies that you and your team didn’t write or maintain, and many of those will have dependencies of their own. This has led to a wide variety of potential and actual issues ranging from developer ergonomics to application security. In order to provide a higher degree of confidence in the optimal combinations of direct and transitive dependencies a team at Red Hat started Project Thoth. In this episode Fridolín Pokorný explains how the Thoth resolver uses multiple signals to find the best combination of dependency versions to ensure compatibility and avoid known security issues.

Announcements
  • Hello and welcome to Podcast.__init__, the podcast about Python’s role in data and science.
  • When you’re ready to launch your next app or want to try a project you hear about on the show, you’ll need somewhere to deploy it, so take a look at our friends over at Linode. With their managed Kubernetes platform it’s easy to get started with the next generation of deployment and scaling, powered by the battle tested Linode platform, including simple pricing, node balancers, 40Gbit networking, dedicated CPU and GPU instances, and worldwide data centers. And now you can launch a managed MySQL, Postgres, or Mongo database cluster in minutes to keep your critical data safe with automated backups and failover. Go to pythonpodcast.com/linode and get a $100 credit to try out a Kubernetes cluster of your own. And don’t forget to thank them for their continued support of this show!
  • Need to automate your Python code in the cloud? Want to avoid the hassle of setting up and maintaining infrastructure? Shipyard is the premier orchestration platform built to help you quickly launch, monitor, and share python workflows in a matter of minutes with 0 changes to your code. Shipyard provides powerful features like webhooks, error-handling, monitoring, automatic containerization, syncing with Github, and more. Plus, it comes with over 70 open-source, low-code templates to help you quickly build solutions with the tools you already use. Go to dataengineeringpodcast.com/shipyard to get started automating with a free developer plan today!
  • Your host as usual is Tobias Macey and today I’m interviewing Fridolín Pokorný about Project Thoth, a resolver service that computes the optimal combination of versions for your dependencies
    • Interview
    • Introductions
    • How did you get introduced to Python?
    • Can you describe what Project Thoth is and the story behind it?
    • What are some examples of the types of problems that can be introduced by mismanaged dependency versions?
    • The Python ecosystem has seen a number of dependency management tools introduced recently. What are the capabilities that Thoth offers that make it stand out?
      • How does it compare to e.g. pip, Poetry, pip-tools, etc.?
      • How do those other tools approach resolution of dependencies?
      • Can you describe how Thoth is implemented?
        • How have the scope and design of the project evolved since it was started?
        • What are the sources of information that it relies on for generating the possible solution space?
          • What are the algorithms that it relies on for finding an optimal combination of packages?
          • Can you describe how Thoth fits into the workflow of a developer while selecting a set of dependencies and keeping them up to date over the life of a project?
          • What are the opportunities for expanding Thoth’s application to other language ecosystems?
          • What are the interfaces available for extending or integrating with Thoth?
          • What are the most interesting, innovative, or unexpected ways that you have seen Thoth used?
          • What are the most interesting, unexpected, or challenging lessons that you have learned while working on Thoth?
          • When is Thoth the wrong choice?
          • What do you have planned for the future of Thoth?
            • Keep In Touch
            • LinkedIn
            • Website
              • Picks
              • Tobias
                • Brass Against
                • Fridolin
                  • micropipenv
                    • Links
                    • Redhat
                      • Emerging Technologies Group
                      • Project Thoth
                      • Thamos CLI
                      • PyPA Advisory Database
                      • Project2Vec
                      • Thoth Prescriptions
                      • Thoth: Egyptian God

                        • The intro and outro music is from Requiem for a Fish The Freak Fandango Orchestra / CC BY-SA

                        ...more
                        View all episodesView all episodes
                        Download on the App Store
                        The Python Podcast.__init__By Tobias Macey
                        • 4.4
                        • 4.4
                        • 4.4
                        • 4.4
                        • 4.4

                        4.4

                        100 ratings

                        More shows like The Python Podcast.__init__

                        View all
                        Freakonomics Radio by Freakonomics Radio + Stitcher

                        Freakonomics Radio

                        32,135 Listeners

                        Odd Lots by Bloomberg

                        Odd Lots

                        1,957 Listeners

                        The Changelog: Software Development, Open Source by Changelog Media

                        The Changelog: Software Development, Open Source

                        288 Listeners

                        Data Skeptic by Kyle Polich

                        Data Skeptic

                        479 Listeners

                        Software Engineering Daily by Software Engineering Daily

                        Software Engineering Daily

                        625 Listeners

                        Talk Python To Me by Michael Kennedy

                        Talk Python To Me

                        580 Listeners

                        Super Data Science: ML & AI Podcast with Jon Krohn by Jon Krohn

                        Super Data Science: ML & AI Podcast with Jon Krohn

                        303 Listeners

                        Python Bytes by Michael Kennedy and Brian Okken

                        Python Bytes

                        214 Listeners

                        Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

                        Syntax - Tasty Web Development Treats

                        989 Listeners

                        DataFramed by DataCamp

                        DataFramed

                        267 Listeners

                        Practical AI by Practical AI LLC

                        Practical AI

                        203 Listeners

                        The Intelligence from The Economist by The Economist

                        The Intelligence from The Economist

                        2,552 Listeners

                        The Real Python Podcast by Real Python

                        The Real Python Podcast

                        141 Listeners

                        声动早咖啡 by 声动活泼

                        声动早咖啡

                        291 Listeners

                        The Foreign Affairs Interview by Foreign Affairs Magazine

                        The Foreign Affairs Interview

                        464 Listeners