secretly | Simple secure secrets with AWS Parameter Store | Cloud Storage library

If you have collaborator access and a personal access token with the repo scope, you can use the API to add secrets to the repository. If you can't do that, then you'll just have to wait. Alternatively, if you already have access to an alternative secret store via the GitHub Actions secrets, then you could use that.

Note that GitHub doesn't provide secret backdoors to the repository settings because the admin is slow. That's an organizational problem.

proc "files" are not really files, they are just streams that can be read/written from, but they contain no pyhsical data in memory you can map to.

https://tldp.org/LDP/Linux-Filesystem-Hierarchy/html/proc.html

If you place your images from Photoshop in somewhere res/drawable, you should move them to res/drawable-nodpi to avoid re-scaling.

id is implemented as but not required to be the memory location of the given object. when using fork, the separate process does not get it's own memory space until it modifies something (copy on write), so the memory location does not change because it "is" the same object. When using spawn, an entire new process is created and the __main__ file is imported as a library into the local namesapce, so all your same functions, classes, and module level variables are accessable (sans any modifications from anything that results from if __name__ == "__main__":). Then python creates a connection between the processes (pipe) in which it can send which function to call, and the arguments to call it with. everything passing through this pipe must be pickle'd then unpickle'd. Locks specifically are re-created when un-pickling by asking the operating system for a lock with a specific name (which was created in the parent process when the lock was created, then this name is sent across using pickle). This is how the two locks are synchronized, because it is backed by an object the operating system controls. Python then stores this lock along with some other data (the PyObject as it were) in the memory of the new process. calling id now will get the location of this struct which is different because it was created by a different process in a different chunk of memory.

here's a quick example to convince you that a "spawn'ed" lock is still synchronized:

If you want to set a secret you should use logging command as below

A cross is technically between bins of a coverpoint, not the coverpoint itself. From the IEEE 1800-2017 SystemVerilog LRM section 19.6 Defining cross coverage:

Cross coverage of a set of N coverage points is defined as the coverage of all combinations of all bins associated with the N coverage points

So if a coverpoint bin does not get sampled because of an iff guard, the cross bin is guarded as well.

Is it a good practice for a library to do this secretly?

I may be missing the point here, but to me the point of any library is to abstract the details away from the end-user, making using it hassle-free. Of course, abstraction may somewhat limit flexibility, but I don't feel like this is the case here. Note, that I'm only addressing the 'secrecy' issue, I honestly don't know how it affects e. g. performance.

What is a better practice for library writers?

You're missing the third option here. I am generally against init() and finalize() functions, as it goes against RAII - users may simply forget to call those. However, you could design a 'token' class, created only at the 'root' of the application, that is required to make use of any other parts of the API. Consider this:

There is an error in your connection string. Type:

You need to disable scope verification in the Program class: