[python-committers] Re: Is Tests / Ubuntu broken at the moment?

2021-03-03 Thread Christian Heimes 
On 03/03/2021 18.59, Senthil Kumaran wrote:
> On Wed, Mar 3, 2021 at 8:08 AM Christian Heimes  wrote:
> 
>> PEP 644 (not approved yet) and a soon-to-be-published PEP will hopefully
>> get rid of the problem once and for all. PEP 644 removes support for
>> OpenSSL < 1.1 and the new PEP will remove support for TLS 1.0 and 1.1
>> from stdlib.
>>
>> https://www.python.org/dev/peps/pep-0644/
> 
> Thank you for all the efforts here, Christian. The PEP provides a good
> summary on the state.
> +1 vote to it and hope we will have a much simpler system to reason with soon.
> 
> It was hard for me (guess anyone) to track Libre/Open/Boring, TLS
> versions etc, and leave alone keeping it compatible like you have been
> doing.
> The premise of PEP-0644 is extremely reasonable.

Thanks! :)

It's actually easy:

- BoringSSL is irrelevant unless you have a product that bundles/vendors
the library as an internal dependency, e.g. Chrome.
- LibreSSL is used by OpenBSD and DragonFly.
- Everyone (*) else uses OpenSSL or moved back to OpenSSL

(*) except for Windows, macOS, Android, Java, Firefox/Thunderbird,
GnuPG, embedded systems, curl, and others. curl has something like 15
different TLS backends.
___
python-committers mailing list -- python-committers@python.org
To unsubscribe send an email to python-committers-le...@python.org
https://mail.python.org/mailman3/lists/python-committers.python.org/
Message archived at 
https://mail.python.org/archives/list/python-committers@python.org/message/ZBQ6NJYJVF336CQ7Y7GIYYDWRNGVNLTL/
Code of Conduct: https://www.python.org/psf/codeofconduct/

[python-committers] Re: Is Tests / Ubuntu broken at the moment?

2021-03-03 Thread Brett Cannon 
On Wed, Mar 3, 2021 at 1:32 PM Christian Heimes 
wrote:

> On 03/03/2021 21.54, Brett Cannon wrote:
> > Has this been submitted to the SC yet? I can't find an email or anything
> > at
> >
> https://github.com/python/steering-council/issues?q=is%3Aissue+is%3Aopen+644
> > <
> https://github.com/python/steering-council/issues?q=is%3Aissue+is%3Aopen+644
> >.
>
> Err ... no. I was not aware that I have to formerly submit a PEP to the
> SC for approval. I thought that pushing the PR and announcing it on DPO
> was good enough.
>

We ask people to explicitly tell us when they are ready for a PEP to be
reviewed as we otherwise don't know when you as a PEP author think the PEP
is in a finished state and is no longer changing. Otherwise we would be
reading PEPs that are constantly changing underneath us as the conversation
happens and PEP authors update things accordingly.

The preference is opening an issue at
https://github.com/python/steering-council/issues as it's the easiest way
for us to track what we are being asked to consider and for other PEP
authors to know what our review queue looks like (currently sits at 5 PEPs).
___
python-committers mailing list -- python-committers@python.org
To unsubscribe send an email to python-committers-le...@python.org
https://mail.python.org/mailman3/lists/python-committers.python.org/
Message archived at 
https://mail.python.org/archives/list/python-committers@python.org/message/AM235PHNN5FSI4QXWTLNVETFDJU4N5OK/
Code of Conduct: https://www.python.org/psf/codeofconduct/

[python-committers] Re: Is Tests / Ubuntu broken at the moment?

2021-03-03 Thread Christian Heimes 
On 03/03/2021 21.54, Brett Cannon wrote:
> Has this been submitted to the SC yet? I can't find an email or anything
> at
> https://github.com/python/steering-council/issues?q=is%3Aissue+is%3Aopen+644
> .

Err ... no. I was not aware that I have to formerly submit a PEP to the
SC for approval. I thought that pushing the PR and announcing it on DPO
was good enough.

Christian
___
python-committers mailing list -- python-committers@python.org
To unsubscribe send an email to python-committers-le...@python.org
https://mail.python.org/mailman3/lists/python-committers.python.org/
Message archived at 
https://mail.python.org/archives/list/python-committers@python.org/message/2IQJVA7YDSAPR2QV3KCVK2G6URQFKLMD/
Code of Conduct: https://www.python.org/psf/codeofconduct/

[python-committers] Re: Is Tests / Ubuntu broken at the moment?

2021-03-03 Thread Brett Cannon 
On Wed, Mar 3, 2021 at 8:08 AM Christian Heimes 
wrote:

> On 03/03/2021 16.06, Senthil Kumaran wrote:
> > On Tue, Mar 2, 2021 at 8:29 PM Gregory P. Smith  wrote:
> >>
> >> For lack of better things to do with that...
> https://bugs.python.org/issue43382 filed to track it.
> >
> > Actually, that turned out to be useful. Thank you!
> >
> > The discussion with the default minimal level TLS, and way it is
> > configured in distributions like Ubuntu, Debian, Fedora, and it's
> > usage with Python is  bit _unsettling_ from a users perspective.
> > OpenSSL, Ubuntu, Python are heavily relied upon pieces of
> > infrastructure. I wouldn't be surprised if more projects noticed this
> > problem with the update to Ubuntu 20.02.
>
> Hi,
>
> for the record, the issue started when GitHub Actions updated
> "ubuntu-latest" was updated from 18.04 to 20.04. A user reported a
> similar issue on BPO last year in August and with Ubuntu last year in
> October. Only Ubuntu is affected. Debian, standard OpenSSL, and other
> distros use a different approach set minimum protocol version:
>
> https://bugs.python.org/issue41561
> https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1899878
> https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1917625
>
>
> PEP 644 (not approved yet)


Has this been submitted to the SC yet? I can't find an email or anything at
https://github.com/python/steering-council/issues?q=is%3Aissue+is%3Aopen+644
.

-Brett


> and a soon-to-be-published PEP will hopefully
> get rid of the problem once and for all. PEP 644 removes support for
> OpenSSL < 1.1 and the new PEP will remove support for TLS 1.0 and 1.1
> from stdlib.
>
> https://www.python.org/dev/peps/pep-0644/
>
>
> By the way, all major distributions disable TLS 1.0 and 1.1. They also
> set a higher security level to block weak RSA, DH, and signatures. You
> can find more information about Fedora crypto policies at:
>
> https://fedoraproject.org/wiki/Changes/CryptoPolicy
> https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2
>
>
> Here are some of my fixes for crypto policies, TLS 1.0/1.1 deprecation,
> and FIPS:
>
> https://bugs.python.org/issue34399
> https://bugs.python.org/issue38275
> https://bugs.python.org/issue38271
> https://bugs.python.org/issue34542
>
> Christian
> ___
> python-committers mailing list -- python-committers@python.org
> To unsubscribe send an email to python-committers-le...@python.org
> https://mail.python.org/mailman3/lists/python-committers.python.org/
> Message archived at
> https://mail.python.org/archives/list/python-committers@python.org/message/JO3PCRIIG36GW2ZBRCSWUHNBXPUURYUW/
> Code of Conduct: https://www.python.org/psf/codeofconduct/
>
___
python-committers mailing list -- python-committers@python.org
To unsubscribe send an email to python-committers-le...@python.org
https://mail.python.org/mailman3/lists/python-committers.python.org/
Message archived at 
https://mail.python.org/archives/list/python-committers@python.org/message/HMOPREK7N3J44MLTUWFUJZRJQJ62QPMU/
Code of Conduct: https://www.python.org/psf/codeofconduct/

[python-committers] Re: Python Language Summit 2021 Signups Are Now Open

2021-03-03 Thread Mariatta 
Sign up to Python Language Summit is still open for about 3 more weeks.

So far we received 32 sign ups, from 18 different regions, and 12 time
zones to work with.

We've only received 3 topics of discussions, and we definitely need more of
those.
If you have a topic to be discussed with Python core developers, please
fill in the forms linked in Łukasz's post.

I've made some infographics with these data, I will try to update it once
a day: https://mariatta.ca/language_summit_data/

We also have a page on PyCon US's website now:
https://us.pycon.org/2021/summits/language/

Thanks.

On Wed, Feb 24, 2021 at 9:54 AM Łukasz Langa  wrote:

> I’m happy to announce that we’ve opened the sign-up forms for the 2021
> Python Language Summit!
> TL;DR
>
>- When: Tuesday, May 11, 2021 (4 hours) and Wednesday, May 12, 2021 (4
>hours). Exact times TBD depending on attendee timezones.
>- Where: Online via Zoom (link will be sent via email to attendees)
>- Co-chairs: Mariatta Wijaya & Łukasz Langa
>- Blogger: Joanna Jablonski
>- Sign up to attend *and actively participate*:
>https://forms.gle/cgmGnmQMDhD2mhHY8 (closes after March 22nd, 2021 AoE)
>- Propose a topic: https://forms.gle/Jui9mxsHrB4fVvAB8 (closes after
>March 22nd, 2021 AoE)
>
> To get an idea of past Python Language Summits, you can read these blog
> posts:
>
>- 2020: Python Software Foundation News: The 2020 Python Language
>Summit
>
>- 2019:
>http://pyfound.blogspot.com/2019/05/the-2019-python-language-summit.html
>- 2018: The 2018 Python Language Summit [LWN.net]
>
>- 2017: The 2017 Python Language Summit [LWN.net]
>
>
> Do I need to sign up if I’m a Python core developer?
>
> Yes please! While in the past we have limited attendance to 50 people,
> this time, due to virtual format, we will be a bit more flexible, but will
> still keep it small and manageable. We aren’t planning to go beyond 80
> participants. Please register to reserve your space.
> Can I sign up if I’m not a Python core developer?
>
> Yes you can. In the past, we had quite a number of participants who were
> not Python core devs. Among them were maintainers and representatives from
> BeeWare, CircuitPython, PSF board member, PyCharm, PyPA, etc. Register if
> you want to participate. Note that until you hear back from us, your
> attendance is not confirmed. As explained in the question above, our
> “space” is more flexible than usual, but in the interest of maintaining a
> vigorous discussion space, we might still be unable to invite everyone who
> signs up.
> What kind of topics are covered?
>
> Python Language Summit is a special event with very specific audience:
> Python core developers. Ideally your topic is not an “announcement” or
> “project status” but rather something that will encourage further
> discussion and questions. The more controversial, the better. An open
> issue, group of issues, or a PEP that is awaiting decision are all good
> topics to propose. You can also further explain why this is better
> discussed in person instead of online.
>
> According to last year’s feedback, our audience prefer more discussions
> and shorter talks.
> Who can present a talk?
>
> Anyone, even if you’re not a Python core developer. However, please
> understand that we will have to be selective as space and time are limited.
> In particular, we are prioritizing active core contributors, as well as
> those who we believe will be able to improve the quality of the discussions
> at the event and bring a more diverse perspective to core Python
> developers. Note that your topic is not confirmed until you hear back from
> us.
> Code of Conduct
>
> PyCon’s Code of Conduct 
> applies and will be enforced.
>
> Thanks!
>
> @mariatta  & @ambv
> 
>
___
python-committers mailing list -- python-committers@python.org
To unsubscribe send an email to python-committers-le...@python.org
https://mail.python.org/mailman3/lists/python-committers.python.org/
Message archived at 
https://mail.python.org/archives/list/python-committers@python.org/message/5HBXSJ57UEADUU4HYT5CBLEBSQDTYTU5/
Code of Conduct: https://www.python.org/psf/codeofconduct/

[python-committers] Re: Is Tests / Ubuntu broken at the moment?

2021-03-03 Thread Senthil Kumaran 
On Wed, Mar 3, 2021 at 8:08 AM Christian Heimes  wrote:

> PEP 644 (not approved yet) and a soon-to-be-published PEP will hopefully
> get rid of the problem once and for all. PEP 644 removes support for
> OpenSSL < 1.1 and the new PEP will remove support for TLS 1.0 and 1.1
> from stdlib.
>
> https://www.python.org/dev/peps/pep-0644/

Thank you for all the efforts here, Christian. The PEP provides a good
summary on the state.
+1 vote to it and hope we will have a much simpler system to reason with soon.

It was hard for me (guess anyone) to track Libre/Open/Boring, TLS
versions etc, and leave alone keeping it compatible like you have been
doing.
The premise of PEP-0644 is extremely reasonable.
___
python-committers mailing list -- python-committers@python.org
To unsubscribe send an email to python-committers-le...@python.org
https://mail.python.org/mailman3/lists/python-committers.python.org/
Message archived at 
https://mail.python.org/archives/list/python-committers@python.org/message/B43I3FNJRR2ICQCLOHAFTHGSKTUPFNQX/
Code of Conduct: https://www.python.org/psf/codeofconduct/

[python-committers] Re: Is Tests / Ubuntu broken at the moment?

2021-03-03 Thread Christian Heimes 
On 03/03/2021 16.06, Senthil Kumaran wrote:
> On Tue, Mar 2, 2021 at 8:29 PM Gregory P. Smith  wrote:
>>
>> For lack of better things to do with that... 
>> https://bugs.python.org/issue43382 filed to track it.
> 
> Actually, that turned out to be useful. Thank you!
> 
> The discussion with the default minimal level TLS, and way it is
> configured in distributions like Ubuntu, Debian, Fedora, and it's
> usage with Python is  bit _unsettling_ from a users perspective.
> OpenSSL, Ubuntu, Python are heavily relied upon pieces of
> infrastructure. I wouldn't be surprised if more projects noticed this
> problem with the update to Ubuntu 20.02.

Hi,

for the record, the issue started when GitHub Actions updated
"ubuntu-latest" was updated from 18.04 to 20.04. A user reported a
similar issue on BPO last year in August and with Ubuntu last year in
October. Only Ubuntu is affected. Debian, standard OpenSSL, and other
distros use a different approach set minimum protocol version:

https://bugs.python.org/issue41561
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1899878
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1917625


PEP 644 (not approved yet) and a soon-to-be-published PEP will hopefully
get rid of the problem once and for all. PEP 644 removes support for
OpenSSL < 1.1 and the new PEP will remove support for TLS 1.0 and 1.1
from stdlib.

https://www.python.org/dev/peps/pep-0644/


By the way, all major distributions disable TLS 1.0 and 1.1. They also
set a higher security level to block weak RSA, DH, and signatures. You
can find more information about Fedora crypto policies at:

https://fedoraproject.org/wiki/Changes/CryptoPolicy
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2


Here are some of my fixes for crypto policies, TLS 1.0/1.1 deprecation,
and FIPS:

https://bugs.python.org/issue34399
https://bugs.python.org/issue38275
https://bugs.python.org/issue38271
https://bugs.python.org/issue34542

Christian
___
python-committers mailing list -- python-committers@python.org
To unsubscribe send an email to python-committers-le...@python.org
https://mail.python.org/mailman3/lists/python-committers.python.org/
Message archived at 
https://mail.python.org/archives/list/python-committers@python.org/message/JO3PCRIIG36GW2ZBRCSWUHNBXPUURYUW/
Code of Conduct: https://www.python.org/psf/codeofconduct/

[python-committers] Re: Is Tests / Ubuntu broken at the moment?

2021-03-03 Thread Senthil Kumaran 
On Tue, Mar 2, 2021 at 8:29 PM Gregory P. Smith  wrote:
>
> For lack of better things to do with that... 
> https://bugs.python.org/issue43382 filed to track it.

Actually, that turned out to be useful. Thank you!

The discussion with the default minimal level TLS, and way it is
configured in distributions like Ubuntu, Debian, Fedora, and it's
usage with Python is  bit _unsettling_ from a users perspective.
OpenSSL, Ubuntu, Python are heavily relied upon pieces of
infrastructure. I wouldn't be surprised if more projects noticed this
problem with the update to Ubuntu 20.02.

-- 
Senthil
___
python-committers mailing list -- python-committers@python.org
To unsubscribe send an email to python-committers-le...@python.org
https://mail.python.org/mailman3/lists/python-committers.python.org/
Message archived at 
https://mail.python.org/archives/list/python-committers@python.org/message/LQFEWF5QNTI7CJ2ZQLPUE3C6Y3IZW5MS/
Code of Conduct: https://www.python.org/psf/codeofconduct/