This week was quietly useful. Small releases that make teams faster, platform defaults that remove footguns, and one security reminder worth five minutes in stand-up.
Packaging first. Astral shipped uv 0.8.22 on Tuesday. If you are trialling uv in place of pip and pip-tools, pin this tag on one service and time your CI before and after. On the platform side, Heroku updated its Python buildpacks to Poetry 2.2.1 and uv 0.8.20. That is your cue to align local tooling with deploy settings so lockfiles and deploys agree. Fewer surprises, fewer “works on my laptop” stories. Poetry had a tidy bugfix release at the weekend which is worth taking if you already moved.
Day to day developer experience also got a nudge. Ruff 0.13.2 landed midweek. If your pre-commit still points at an older minor, refresh the hooks so everyone has the same rules and formatter. Gate any new checks as warnings for one sprint, then flip them to errors once the noise settles.
Frameworks moved. FastAPI 0.118.0 adds a cleaner story for FastAPI Cloud. Install fastapi[standard] and you get the cloud CLI with a simple fastapi deploy. If you keep an internal service template, add this and test on a weekday, not a Friday.
Security to round it out. The PyPI team posted a phishing advisory about a look-alike domain targeting maintainers. No platform compromise, but it is a good time to do the boring work. Turn on 2FA for PyPI, prefer Trusted Publishing, rotate any tokens you even slightly distrust, and scan recent GitHub Actions changes for anything unexpected.
Two quick ops wins to bank now. Pick one packaging workflow for the team, either uv with pip-tools or Poetry, and write it in the README so no one guesses. Add pre-commit so config drift is caught locally. Keep your take-home to 60 to 90 minutes with a scoring rubric you actually share. Both changes cut cycle time and raise signal.
Hiring a Python dev soon? Use this interview framework
If you want a process that is fair, fast and actually gives you signal, run this play.
What you are testing: real work. Problem solving, code quality, tradeoffs, and how someone communicates while they build.
Simple structure that fits in a week:
Calibrate internally in 10 minutes. Write a short scorecard so everyone is scoring the same things.
Short take-home 60 to 90 minutes. Based on your product. Allow libraries and internet. Optional for seniors.
Live review 20 minutes. Walk through the solution together. Ask what they would change with another hour.
System chat 25 to 30 minutes. Small service design, data model, failure paths, and rollout plan.
Code reading 10 minutes. Spot a bug, rename a couple of things, outline the test they would add.
How to score quickly: 1 to 3 on technical accuracy, code quality, problem solving, communication. Two interviewers score independently, then a short debrief. Same prompts for everyone.
Level tweaks: mid uses the take-home, senior can swap it for a focused live change plus a deeper system chat, staff spends more time on ownership stories and migration design.
If you need references for stakeholders, point them to the right places on the site:
Salary Guide and methodology: https://snakesignals.com/#salary-guide
Interview questions and grading: https://snakesignals.com/#interview-prep
Hiring playbooks you can run: https://snakesignals.com/#hiring-playbooks
Archive of previous episodes: https://snakesignals.com/#archive
If the website has helped already or might help in the future, share it with someone who builds or hires in Python. New readers can join at snakesignals.com.
Hiring? Contact:
Josh Smith
LinkedIn: https://www.linkedin.com/in/python-recruitment/
Email: [email protected]
Phone: 01727 225 552