Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork977
Conversation
read-the-docs-communitybot commentedMar 2, 2026 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
nedbat left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
A few tweaks to existing sentences, but I like it!
Co-authored-by: Ned Batchelder <ned@nedbatchelder.com>
index.rst Outdated
| ..code-block::shell | ||
| .. code-block:: shell | ||
| pre-commit install | ||
| pre-commit run --all-files |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Are we OK with the security implications of recommending this for every contributor's machine?
cc@sethmlarson
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
We're currently using tags asrev for our config, so that would allow any compromised pre-commit repo to instantly execute code by rewriting the tag on a repo. To mitigate this we could adopt using git commit SHAs instead of git tags in therev field, I believe that pre-commit supports this use-case?
It's obviously an extra support burden to upgrade and maintain these, but it removes the risk of a single compromise to a repository elsewhere from allowing RCE on all contributor machines.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
To mitigate this we could adopt using git commit SHAs instead of git tags in the rev field, I believe that pre-commit supports this use-case?
Yes, by using--freeze with either of these commands:
prek autoupdate --freezepre-commit autoupdate --freeze
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I'll remove it from here for now, and open an issue when this is merged.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Freezing the hooks inpython/cpython#140682.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
| Status of Python branches | ||
| ------------------------- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
This is a “soft redirect” for people who have#status-of-python-branches bookmarked. Can we keep it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I think ~4 years is long enough.
Thinking of the old flow:
- Click my bookmark
- Taken tohttps://devguide.python.org/#status-of-python-branches
- Click "Moved toStatus of Python versions"
- Taken tohttps://devguide.python.org/versions/#versions
If someone has still been going through all that rigmarole for 4 years and hasn't updated their bookmarks, I think removing this is a good prompt.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I agree with Hugo, I'll remove it unless you feel strongly about keeping it.
We could add a redirect, but it would be quite messy, as such I don't think its worth it.
Uh oh!
There was an error while loading.Please reload this page.
| Status of Python branches | ||
| ------------------------- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I think ~4 years is long enough.
Thinking of the old flow:
- Click my bookmark
- Taken tohttps://devguide.python.org/#status-of-python-branches
- Click "Moved toStatus of Python versions"
- Taken tohttps://devguide.python.org/versions/#versions
If someone has still been going through all that rigmarole for 4 years and hasn't updated their bookmarks, I think removing this is a good prompt.
Uh oh!
There was an error while loading.Please reload this page.
encukou left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Thank you!
684b654 intopython:mainUh oh!
There was an error while loading.Please reload this page.
This moves a few sections around to been more introductory rather than jumping straight into the quickstart, drops less important/relevant sections to the bottom (i.e. the alternative implementations), removes the version section stub (it has been there for long enough), and updates a few little things along the way.