The GPL doesn't allow you to use someone else's trademark. Though in this case it might be tricky for "WPEngine" to claim WordPress violated their trademark, and apparently WP has T&Cs that allow them to do it anyway.

Right but presumably you can let the AI do that hunting.

In VSCode the best answer by far is Pylance, which uses Pyright under the hood for type analysis.

Unfortunately while Pyright is open source, Pylance isn't (part of Microsoft's strategy to maintain control over VSCode), so you can't use it in Emacs.

Still, I would give the Pyright LSP server a try. I haven't used it but I would guess it will give you type error squiggles but maybe not code completion / go-to-definition.

Ruff is really a different thing - it is a linter like Pylint, so it only gives you some hints and fixits. You can maybe install it in addition to Pyright if you can be bothered.

Btw Pyright is far superior to Mypy - even with --strict. I would ditch Mypy asap.

Ah fair enough.

That is another tool you can use to reduce the risk of malicious code, but it isn't perfect, so using sandboxing doesn't mean you can forget about all other security tools.

There is no way to automatically analyze code for malice, or bugs with 100% reliability.

He wasn't asking for 100% reliability. 100% and 0% are not the only possibilities.

they’re fast enough

Strong disagree. I switched from pip to uv and it sped my install time up from 58 seconds to 7. Yeah really. If pip is i/o bound where is all that speed up coming from?

You'll always get downvotes for this from Linux apologists who didn't have the exact problems you're describing, but you're 100% right. There are loads of things you might reasonably want to do in Linux that require a command line, or just don't work well.

Profiling is an extremely useful tool for optimising the system that you have. It doesn't help if you have the wrong system entirely though.

Maybe, but I think the only app store that does vet apps is the Apple one, so that should be the default expectation.

And I think even they wouldn't manually look for something like this. They're mainly concerned about people breaking the commercial rules.

Well yeah if by "well architected" you mean "doesn't use Python".

"microservices” or “better queries"

Not everything is a web service. Most of the slow Python code I encounter is doing real work.

No there's an LGPL version still. You can't static link it for non-commercial use.

Yeah but be prepared for a lot of pain if you want to distribute your app. Python tooling/infra is abysmal.