The Python Podcast.__init__

Intelligent Dependency Resolution For Optimal Compatibility And Security With Project Thoth

Listen Later
Summary

Building any software project is going to require relying on dependencies that you and your team didn’t write or maintain, and many of those will have dependencies of their own. This has led to a wide variety of potential and actual issues ranging from developer ergonomics to application security. In order to provide a higher degree of confidence in the optimal combinations of direct and transitive dependencies a team at Red Hat started Project Thoth. In this episode Fridolín Pokorný explains how the Thoth resolver uses multiple signals to find the best combination of dependency versions to ensure compatibility and avoid known security issues.

Announcements
  • Hello and welcome to Podcast.__init__, the podcast about Python’s role in data and science.
  • When you’re ready to launch your next app or want to try a project you hear about on the show, you’ll need somewhere to deploy it, so take a look at our friends over at Linode. With their managed Kubernetes platform it’s easy to get started with the next generation of deployment and scaling, powered by the battle tested Linode platform, including simple pricing, node balancers, 40Gbit networking, dedicated CPU and GPU instances, and worldwide data centers. And now you can launch a managed MySQL, Postgres, or Mongo database cluster in minutes to keep your critical data safe with automated backups and failover. Go to pythonpodcast.com/linode and get a $100 credit to try out a Kubernetes cluster of your own. And don’t forget to thank them for their continued support of this show!
  • Need to automate your Python code in the cloud? Want to avoid the hassle of setting up and maintaining infrastructure? Shipyard is the premier orchestration platform built to help you quickly launch, monitor, and share python workflows in a matter of minutes with 0 changes to your code. Shipyard provides powerful features like webhooks, error-handling, monitoring, automatic containerization, syncing with Github, and more. Plus, it comes with over 70 open-source, low-code templates to help you quickly build solutions with the tools you already use. Go to dataengineeringpodcast.com/shipyard to get started automating with a free developer plan today!
  • Your host as usual is Tobias Macey and today I’m interviewing Fridolín Pokorný about Project Thoth, a resolver service that computes the optimal combination of versions for your dependencies
    • Interview
    • Introductions
    • How did you get introduced to Python?
    • Can you describe what Project Thoth is and the story behind it?
    • What are some examples of the types of problems that can be introduced by mismanaged dependency versions?
    • The Python ecosystem has seen a number of dependency management tools introduced recently. What are the capabilities that Thoth offers that make it stand out?
      • How does it compare to e.g. pip, Poetry, pip-tools, etc.?
      • How do those other tools approach resolution of dependencies?
      • Can you describe how Thoth is implemented?
        • How have the scope and design of the project evolved since it was started?
        • What are the sources of information that it relies on for generating the possible solution space?
          • What are the algorithms that it relies on for finding an optimal combination of packages?
          • Can you describe how Thoth fits into the workflow of a developer while selecting a set of dependencies and keeping them up to date over the life of a project?
          • What are the opportunities for expanding Thoth’s application to other language ecosystems?
          • What are the interfaces available for extending or integrating with Thoth?
          • What are the most interesting, innovative, or unexpected ways that you have seen Thoth used?
          • What are the most interesting, unexpected, or challenging lessons that you have learned while working on Thoth?
          • When is Thoth the wrong choice?
          • What do you have planned for the future of Thoth?
            • Keep In Touch
            • LinkedIn
            • Website
              • Picks
              • Tobias
                • Brass Against
                • Fridolin
                  • micropipenv
                    • Links
                    • Redhat
                      • Emerging Technologies Group
                      • Project Thoth
                      • Thamos CLI
                      • PyPA Advisory Database
                      • Project2Vec
                      • Thoth Prescriptions
                      • Thoth: Egyptian God

                        • The intro and outro music is from Requiem for a Fish The Freak Fandango Orchestra / CC BY-SA

                        ...more
                        View all episodesView all episodes
                        Download on the App Store
                        The Python Podcast.__init__By Tobias Macey
                        • 4.4
                        • 4.4
                        • 4.4
                        • 4.4
                        • 4.4

                        4.4

                        100 ratings

                        More shows like The Python Podcast.__init__

                        View all
                        The Changelog: Software Development, Open Source by Changelog Media

                        The Changelog: Software Development, Open Source

                        285 Listeners

                        Data Skeptic by Kyle Polich

                        Data Skeptic

                        470 Listeners

                        Chat With Traders by Tessa Dao

                        Chat With Traders

                        1,984 Listeners

                        Talk Python To Me by Michael Kennedy

                        Talk Python To Me

                        586 Listeners

                        Software Engineering Daily by Software Engineering Daily

                        Software Engineering Daily

                        628 Listeners

                        Super Data Science: ML & AI Podcast with Jon Krohn by Jon Krohn

                        Super Data Science: ML & AI Podcast with Jon Krohn

                        296 Listeners

                        Python Bytes by Michael Kennedy and Brian Okken

                        Python Bytes

                        213 Listeners

                        Data Engineering Podcast by Tobias Macey

                        Data Engineering Podcast

                        140 Listeners

                        Machine Learning Guide by OCDevel

                        Machine Learning Guide

                        763 Listeners

                        Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

                        Syntax - Tasty Web Development Treats

                        988 Listeners

                        DataFramed by DataCamp

                        DataFramed

                        269 Listeners

                        Practical AI by Practical AI LLC

                        Practical AI

                        190 Listeners

                        The Real Python Podcast by Real Python

                        The Real Python Podcast

                        136 Listeners

                        Confident Business English by Anna Connelly

                        Confident Business English

                        136 Listeners

                        All-In with Chamath, Jason, Sacks & Friedberg by All-In Podcast, LLC

                        All-In with Chamath, Jason, Sacks & Friedberg

                        8,773 Listeners