#gpl-v3

#gpl-v3

The following people continue to do amazing things for the Python community: Bill Deegan, El-karece Asiedu, (James) Kanin Kearpimy, Jonas Obrist, Kristen McIntyre, Lucie Anglade, Philippe Gagnon, Sarah Kuchinsky, Simon Charette, Sony Valdez, Stan Ulbrych, and Steve Yonkeu.

In a blog published this week, Manifold Security showed how an AI-powered code reviewer built on Claude accepted changes that appeared to come from a legitimate maintainer. By setting a fake author name and email in Git, the team made a commit appear to originate from a trusted source, then passed it through an automated review flow where the model approved it.

Contracts are a means of setting preconditions and postconditions on function declarations, and adding assertion statements within functions. The feature is intended to help make C++ code safer and more reliable.

Gentoo's official migration from Microsoft-owned GitHub to Codeberg is underway, as the Linux distribution fulfills a pledge to ditch the code shack due to "continuous attempts to force Copilot usage for our repositories." The decision was made public last month, when Gentoo confirmed it intended to migrate repository mirrors and pull request contributions to the new home. On February 16, the organization revealed it now had a presence on Codeberg, where contributions could be submitted.

A few months ago, I decided to breathe new life into a 2019 Dell XPS 15 that had been collecting dust for a couple of years. Despite its (at the time) high-end Core i7 CPU and 32GB of RAM, Windows was frustratingly slow on it. The fan was constantly at full throttle even when the machine was idle, and it regularly failed to install updates.

If you've been programming for any number of years, you've pretty much lived through a bunch of hype cycles. Whether it's a new development environment, a new language, a new plugin, or some new online service with an oh-so-powerful time-saving API, it's all "revolutionary" and "world-changing," at least according to the PR reps hawking The Big New Thing. And then there's agentic AI coding. When a tool can help you do four years of product development in four days, the impact is world-changing.

While AI tools are lowering the barrier to development, the gap between speed and manageability is growing. In just over a year and a half, AI code assistants have grown from an experiment to an integral part of modern development environments. They are driving strong productivity growth, but organizations are not keeping up with the associated security and governance issues.

The important shift is that software contribution itself is becoming programmable,

GitHub engineers recently traced user reports of unexpected "Too Many Requests" errors to abuse-mitigation rules that had accidentally remained active long after the incidents that prompted them. According to GitHub, the affected users were not generating high-volume traffic; they were "making a handful of normal requests" that still tripped protections. The investigation found that older incident rules were based on traffic patterns that were strongly associated with abuse at the time, but later began matching some legitimate, logged-out requests.

Dependabot sounded the alarm on a large scale. Thousands of repositories automatically received pull requests and warnings, including a high vulnerability score and signals about possible compatibility issues. According to Valsorda, this shows that the tool mainly checks whether a dependency is present, without analyzing whether the vulnerable code is actually accessible within a project.

The reason for this is Snap - a Linux application packaging format - creates a local Trash folder for each VS Code version, one that's separate from the system-managed Trash, according to a VS Code bug report dating back to November 11, 2024. Not only that, but Snap keeps older versions of VS Code after updates, potentially multiplying the number of local Trash folders and the trashed-but-not-deleted files therein. Emptying the system Trash folder doesn't affect the local instances.

A study from Dimensional Research shows that 92 percent of the 2,000 respondents reported being concerned about Oracle Java pricing, up from 82 percent in the same survey last year. Those stating they were very concerned about the changes leapt from 19 percent in 2025 to 29 percent this year. In 2023, Oracle changed its Java SE subscription model, shifting from a per-user or per-processor basis to per-employee.

AI coding tools have caused as many problems as they have solved, according to industry experts. The easy-to-use and accessible nature of AI coding tools has enabled a flood of bad code that threatens to overwhelm projects. Building new features is easier than ever, but maintaining them is just as hard and threatens to further fragment software ecosystems. The result is a more complicated story than simple software abundance.

GitHub is exploring what already seems like a controversial idea that would allow maintainers of repositories or projects to delete pull requests (PRs) or turn off the ability to receive pull requests as a way to address an influx of low-quality, often AI-generated contributions that many open-source projects are struggling to manage.

Generative AI exponentially brings down the cost of building solutions. It lets people build exactly what they need to solve an exact problem in an exact moment. It lets people own their own solutions. This is great for a lot of specific problems that need specific solutions that wouldn't normally get solved easily. This has been the evergreen promise of computers and programming and hacking. But there's a difference between solving your specific problem, and owning a problem domain.

Open-source AI coding tool OpenCode features a native terminal-based UI, multi-session support, and compatibility with over 75 models, including Claude, OpenAI, Gemini, and local models. In addition to its CLI tool, OpenCode is also available as a desktop app and and an IDE extension for VS Code, Cursor, and other tools. OpenCode allows developers to use their existing subscriptions to paid services such as ChatGPT Plus/Pro, GitHub Copilot. Additionally, it includes a set of free models that can be used locally through LM Studio.