Christian Heimes christian at python.org writes:
I'm planing to add the feature to Python 3.4, too.
http://bugs.python.org/issue17134
You can download the code from
https://bitbucket.org/tiran/wincertstore
This is nice, but can you follow up on the bug tracker? It would be much
more
Hello,
It seems the PyPI search engine is quite crude and doesn't try to make the
results relevant at all.
For example, if I'm trying to search agi in the hope of finding modules
relevant to the Asterisk Gateway Interface (nicknamed AGI), I get the
following results:
Yuval Greenfield ubershmekel at gmail.com writes:
https://crate.io/?has_releases=onq=agi
No results found.
Thanks for the answers.
Yes, crate.io is at least missing pyst2 which does mention AGI in its
description:
https://crate.io/packages/pyst2/
(pyst2 is rather unmaintained, but that
Donald Stufft donald.stufft at gmail.com writes:
The reason I believe we should reset is because there is a high likelyhood
that
people used the same login/password on PyPI as they did on wiki.python.org and
thus even if we migrate to a stronger hash many accounts may be already
Richard Jones richard at python.org writes:
3. send email to all registered users indicating that all users must
change their password and a forced reset will take place in a week's
time for users who have not done so, and
What about users who've already changed their password?
Regards
Jesse Noller jnoller at gmail.com writes:
On Feb 13, 2013, at 7:13 AM, Antoine Pitrou solipsis at pitrou.net wrote:
Richard Jones richard at python.org writes:
3. send email to all registered users indicating that all users must
change their password and a forced reset will take place
Donald Stufft donald.stufft at gmail.com writes:
There's no way to determine if users have changed their password. The passlib
branch will be deployed with automatic migration upon logging in turned off.
So why is the automatic migration turned off? Why not migrate everything
at once as
Donald Stufft donald.stufft at gmail.com writes:
The midterm at once is still possible, it just bcrypt's the existing sha1
passwords.
This is better then unsalted sha1's but it's *worse* than just plain bcrypt.
Why is it worse? SHA1 isn't terribly broken AFAIK.
So yes for that week if the
Donald Stufft donald.stufft at gmail.com writes:
Why is it worse? SHA1 isn't terribly broken AFAIK.
Because you lower the available entropy, birthday paradox.
How so? Collisions are highly unlikely on a non-broken 160-bit hash function.
I don't understand how the birthday paradox is a
Donald Stufft donald.stufft at gmail.com writes:
However I think a better approach would be to not automatically upgrade and
instead
have the upgrade occur when a user changes their password. Then we should set
a date (A month from now? 2?) where any user who has not reset/changed their
M.-A. Lemburg mal at egenix.com writes:
Let's please not get paranoid over all this. As long as the parameters
remain configurable, we can approach these things in small steps and
don't need to get all tied up in discussions about how to turn
PyPI into Fort Knox
Fort Knox is in the US,
Jesse Noller jnoller at gmail.com writes:
See points marked Python Core Devs / PSRT for things we feel need to be
addressed in core.
Hostname matching is backported in
http://pypi.python.org/pypi/backports.ssl_match_hostname/
Regards
Antoine.
$ curl -I
http://pypi.python.org/packages/source/z/zope.interface/zope.interface-4.0.3.tar.gz
HTTP/1.1 200 OK
Server: nginx/1.1.19
Date: Sun, 10 Feb 2013 16:59:29 GMT
Content-Type: application/octet-stream
Content-Length: 140124
Last-Modified: Mon, 31 Dec 2012 18:23:12 GMT
Connection: keep-alive
Hello,
Vinay Sajip vinay_sajip at yahoo.co.uk writes:
I've contacted the FSF about the licensing implications of including gpg with
Python programs. This is primarily for Windows - Posix users are better off
installing through their distro package manager or equivalent of the
M.-A. Lemburg mal at egenix.com writes:
On 10.02.2013 18:00, Antoine Pitrou wrote:
$ curl -I
http://pypi.python.org/packages/source/z/zope.interface/zope.interface-4.0.3.tar.gz
HTTP/1.1 200 OK
Server: nginx/1.1.19
Date: Sun, 10 Feb 2013 16:59:29 GMT
Content-Type: application/octet
Giovanni Bajo rasky at develer.com writes:
There is an open discussion whether to use TUF or GPG. If we go with GPG,
then we wlll discuss what to do, given that:
TUF? What's that?
If there's a discussion, shouldn't it be happening publicly somewhere?
Regards
Antoine.
Jesse Noller jnoller at gmail.com writes:
That conversation has been happening on this list.
Oh, right, apparently I've been missing a lot of context. Sorry for that.
Regards
Antoine.
___
Catalog-SIG mailing list
Catalog-SIG@python.org
Hello Jannis,
So, I've made multiple attempts to fix the d mirror: I've been running
the pep381client script manually and monitored it for 3 consecutive days.
The simple problem seems to be a degraded connection to pypi.python.org.
With a simple wget one of the bigger files (e.g.
Hello,
M.-A. Lemburg mal at egenix.com writes:
If pip used the user site packages by default (when running as anyone
other than root), that dangerous UI flow wouldn't happen. Even when
pip was run outside a virtualenv, it would just work from the users
perspective. It also has the
Hello,
Two HTTPS bugs I've just noticed:
* the download link at the end of a HTTPS page points to a HTTP URL; it kinds of
defeat the point (see e.g. https://pypi.python.org/pypi/pathlib/ )
* the CSS is different (outdated?), which is a bit flabbergasting. Again,
compare
Le Tue, 13 Nov 2012 16:10:30 +0100,
Ronald Oussoren ronaldousso...@mac.com a écrit :
On 13 Nov, 2012, at 16:00, Daniel Holth dho...@gmail.com wrote:
I want to remove distutils from the standard library.
Why? Distutils may not be perfect, but is usable for basic packages.
It could even
Donald Stufft donald.stufft at gmail.com writes:
I don't even understand why people are having this discussion. PyPI is not a
packaging *authority*. It's not Debian or Fedora or anything like that. It's
just a place for people to publish files and metadata. You can't trust it any
more than you
Almir Karic almir at almirkaric.com writes:
i would like to help out with the move.
is anyone actually opposed to moving to GAE (either moving the current
code base or re-write, whichever seems more appropriate)?
As I already said, I don't think it's reasonable to do it without first
Noah Kantrowitz noah at coderanger.net writes:
GAE provides a professionally managed, infinitely scalable (or at least a
heck of a lot more scalable
than any other single server is likely to be, still not a substitute for
mirrors), battle tested platform.
Infinite scalability is the new
Martin v. Löwis martin at v.loewis.de writes:
As a maintainer of the PyPI project, it makes your workflow simpler,
- contributors can clone the repo, change the code and ask you for a pull
- you can pull changes by direct hg commands, and merge them
After using Mercurial in one
Tarek Ziadé ziade.tarek at gmail.com writes:
And we happen to have this network already: lots of people
will host a PyPI mirror as soon as it's easy to set one imho.
You must be careful that the mirrors are properly managed and administered,
though. Having stale/dysfunctioning mirrors is
M.-A. Lemburg mal at egenix.com writes:
Setting up some Zenoss or Nagios monitoring system to take
care of monitoring the PyPI server (and our other servers)
would be a separate project.
Just for the record, I would mention that someone started a rewrite of the
Nagios software in Python:
Le mercredi 16 juin 2010 à 20:40 +0200, Martin v. Löwis a écrit :
Am 16.06.2010 13:44, schrieb Antoine Pitrou:
Martin v. Löwismartinat v.loewis.de writes:
As a maintainer of the PyPI project, it makes your workflow simpler,
- contributors can clone the repo, change the code and ask
Martin v. Löwis martin at v.loewis.de writes:
I don't really want to sell the code base, but just for the record:
It's written in WSGI, Zope Page Templates, and Postgres. These are
all things that are well-understood in the Python web community.
[...]
It would be really up to Richard
Tres Seaver tseaver at palladion.com writes:
I'm saying this from (far) outside the playground and am not intending to
contribute, so just take this as a suggestion, but: if it has to be
rewritten
,
how about doing in Python 3?
Such a choice would be contrary to the goal of keeping
30 matches
Mail list logo
