Re: [openstack-dev] [PKG-Openstack-devel] Bug#755315: [Trove] Should we stop using wsgi-intercept, now that it imports from mechanize? this is really bad!
On Tue, 29 Jul 2014, Chris Dent wrote: Let me know whenever you have a new release, without mechanize as new dependency, or with it being optional. It will be soon (a day or so). https://pypi.python.org/pypi/wsgi_intercept is now at 0.8.0 All traces of mechanize removed. Have at. Enjoy. If there are issues please post them in the github issues https://github.com/cdent/python3-wsgi-intercept/issues first before the openstack-dev list... Please note that the long term plan is likely to be that _all_ the interceptors will be removed and will be packaged as their own packages with the core package only providing the faked socket and environ infrastructure for the interceptors to use. -- Chris Dent tw:@anticdent freenode:cdent https://tank.peermore.com/tanks/cdent ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [PKG-Openstack-devel] Bug#755315: [Trove] Should we stop using wsgi-intercept, now that it imports from mechanize? this is really bad!
On 07/28/2014 04:04 AM, Chris Dent wrote: On Mon, 28 Jul 2014, Thomas Goirand wrote: That's exactly the version which I've been looking at. The thing is, when I run the unit test with that version, it just bombs on me because mechanize isn't there. How would you feel about it being optionally available and for the tests for mechanize to only run for it if someone has aleady preinstalled mechanize? That is the tests will skip if import mechanize is an ImportError? While I'm not in love with mechanize, if it is a tool that _some_ people use, then I don't want wsgi-intercept to not be useful to them. Please let me know if you can release a new version of wsgi-intercept cleaned from any trace of mechanize, or if you think this can't be done. Let me know if the above idea can't work. Depending on your answer I'll either release a version as described, or go ahead and flush it. If you get back to me by tomorrow morning (UTC) I can probably get the new version out tomorrow too. Hi, Sorry, I couldn't reply earlier. Well, if at least mechanize really becomes optional, which means: no issue when running unit tests without it, and no issue when using it, then it may be ok from my point of view (eg: I wouldn't complain that much about it). However, from *your* perspective, I wouldn't advise that you keep using such a dangerous, badly maintained Python module. Saying that it's optional may look like you think mechanize is ok and you are vouching for it, when it really shouldn't be the case. Having clean, well maintained dependencies, is IMO very important for a given python module. It shows that you care no bad module gets in. Let me know whenever you have a new release, without mechanize as new dependency, or with it being optional. Cheers, Thomas Goirand (zigo) ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [PKG-Openstack-devel] Bug#755315: [Trove] Should we stop using wsgi-intercept, now that it imports from mechanize? this is really bad!
On Tue, 29 Jul 2014, Thomas Goirand wrote: Sorry, I couldn't reply earlier. No problem. However, from *your* perspective, I wouldn't advise that you keep using such a dangerous, badly maintained Python module. Saying that it's optional may look like you think mechanize is ok and you are vouching for it, when it really shouldn't be the case. Having clean, well maintained dependencies, is IMO very important for a given python module. It shows that you care no bad module gets in. I've pointed a couple of the other wsgi-intercept contributors to this thread to get their opinions on which way is the best way forward, I'd prefer not to make the decision solo. Let me know whenever you have a new release, without mechanize as new dependency, or with it being optional. It will be soon (a day or so). -- Chris Dent tw:@anticdent freenode:cdent https://tank.peermore.com/tanks/cdent ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev