Follow up on this thread, Requests do tag releases: https://github.com/kennethreitz/requests/releases
And we can avoid including CACERT.pem (you have to parse `verify=False` when making requests for now) . And the UUID on windows issue can be worked around fairly easily by monkey patching in a new `choose_boundary` function. https://developer.blender.org/D321#comment-15 ... not ideal but works OK for now. On Wed, Feb 19, 2014 at 9:22 AM, Thomas Dinges <[email protected]> wrote: > There is a patch for this here: https://developer.blender.org/T38364 > > Am 18.02.2014 um 22:59 schrieb Campbell Barton <[email protected]>: > >> Theres another issue thats come up, >> >> The addon is using a slightly modified version of `requests` since >> blender/python/ms-windows has a bug importing `uuid`, >> https://github.com/sketchfab/blender-exporter/commit/782d1791ba7005f92e578309b6158780957d2248 >> >> For more details on issue importing uuid, see: >> >> https://developer.blender.org/T27666 >> http://bugs.python.org/issue17213 >> >> Would be really good to resolve this, its been an issue for years now. >> >> >> On Tue, Feb 18, 2014 at 8:43 PM, Sergey Sharybin <[email protected]> >> wrote: >>> It's not so much clear how to grab sources actually. >>> >>> Home page mentions release 2.3.0, but there's no release archive on the >>> site and i don't really see tag in their repo.We could use latest master, >>> but that i feel a bit paranoid to do because wouldn't b able to test. >>> >>> Any thoughts here? >>> >>> >>> On Tue, Feb 18, 2014 at 12:08 PM, Trouble Daemon >>> <[email protected]>wrote: >>> >>>> Hey, >>>> >>>> I did a local pip install of the requests file to take a look at the >>>> cacert.pem file. It would appear that it is a copy of all the main >>>> certificate authorities for use with SSL, so it would be rather large. >>>> >>>> I was a little concerned to see other posts online ( >>>> https://mail.python.org/pipermail/python-dev/2013-October/129755.html) >>>> that >>>> mentioned things like being slightly out of date, ignoring checks for >>>> revoked certs, and what not, so they seem a little on the slow on the >>>> update end of things. >>>> >>>> I can't (won't) verify the actual authenticity of all of those certs to >>>> prove that they aren't "fake" or anything, but probably minor since only >>>> HTTPS requests using this lib would be able to be MITM'd if there were some >>>> fakes in there (unless they found a way to install into your browser >>>> storage via another script since users generally have full access to their >>>> own browser settings, for example). >>>> >>>> Personally I wish they would set this up to point at the system maintained >>>> certs, but these paths vary too much on the OS's and would require root >>>> access. If you ask me, it is a can of worms to install CA files on to a >>>> users system as that is half of the attack (getting the file on someones >>>> computer, the second being to install it in the proper place and MITM a >>>> users connection). Wouldn't it be better to leave out and tell the user >>>> that if they want SSL, they should configure the library to point at the >>>> system wide certs instead? >>>> >>>> >>>> Dan >>>> >>>> >>>> >>>> On Mon, Feb 17, 2014 at 10:35 PM, Campbell Barton <[email protected] >>>>> wrote: >>>> >>>>> This is coming a bit late in the release cycle, but I've been asked to >>>>> review an addon for Sketchfab, to see if we can include in 2.70. >>>>> >>>>> The addon its self is quite small and wont be enabled by default, >>>>> however its using a python module called `requests`. >>>>> >>>>> Most likely this can be used by other scripts too since its a popular >>>>> module. >>>>> >>>>> Bundling this isn't such a problem since this is pure python (just zip >>>>> it up and include in lib/ for OSX, MS-Windows, Linux can copy from >>>>> from Python's install dir). >>>>> >>>>> However this will take some work to update scons and cmake, and >>>>> testing it works. >>>>> >>>>> Theres the issue of incresed size, did a quick test and it bzip2's >>>>> down to 342kb, >>>>> Though much of the space is used by `cacert.pem`, without that file its >>>>> 180kb >>>>> >>>>> I did a quick check and seems that file is optional since you can use >>>>> cacerts provided by the system instead (but not totally sure at the >>>>> point). >>>>> >>>>> >>>>> So I'm proposing to include the Python module, >>>>> I'll setup SCons and CMake for Linux and Windows and upload requests >>>>> archive to lib/, but will need someone else to handle OSX or at least >>>>> test it works ok. >>>>> >>>>> >>>>> To be clear, Blender wont execute anything extra by default on >>>>> startup, this just makes a Python module available for scripts to use >>>>> if they need, and increases Blender's download size. >>>>> >>>>> --- >>>>> >>>>> Extra info. >>>>> >>>>> Addon URL if anyones interested: >>>>> https://developer.blender.org/D321 >>>>> >>>>> Requests website: >>>>> http://requests.readthedocs.org >>>>> -- >>>>> - Campbell >>>>> _______________________________________________ >>>>> Bf-committers mailing list >>>>> [email protected] >>>>> http://lists.blender.org/mailman/listinfo/bf-committers >>>>> >>>> _______________________________________________ >>>> Bf-committers mailing list >>>> [email protected] >>>> http://lists.blender.org/mailman/listinfo/bf-committers >>>> >>> >>> >>> >>> -- >>> With best regards, Sergey Sharybin >>> _______________________________________________ >>> Bf-committers mailing list >>> [email protected] >>> http://lists.blender.org/mailman/listinfo/bf-committers >> >> >> >> -- >> - Campbell >> _______________________________________________ >> Bf-committers mailing list >> [email protected] >> http://lists.blender.org/mailman/listinfo/bf-committers > > _______________________________________________ > Bf-committers mailing list > [email protected] > http://lists.blender.org/mailman/listinfo/bf-committers -- - Campbell _______________________________________________ Bf-committers mailing list [email protected] http://lists.blender.org/mailman/listinfo/bf-committers
