[issue20939] test_geturl of test_urllibnet fails with 'https://www.python.org/' != 'http://www.python.org/'
Senthil Kumaran added the comment: The suggested patch(s) looks good to me. -- nosy: +orsenthil ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20939 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue17188] Document 'from None' in raise statement doc.
Petri Lehtinen added the comment: The patch doesn't apply cleanly on 3.4 or default. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue17188 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20906] Issues in Unicode HOWTO
Marc-Andre Lemburg added the comment: Just to clarify a few things: On 20.03.2014 00:50, Graham Wideman wrote: I think part of the ambiguity problem here is that there are two subtly but importantly different ideas here: 1. Python string (capable of representing any unicode text) -- some full-fidelity and industry recognized unicode byte stream, like utf-8, or utf-32. I think this is legitimately described as an encoding of the unicode string. Right, those are Unicode transformation format (UTF) encodings which are capable of representing all Unicode code points. versus: 2. 1. Python string -- some other code system, such as ASCII, cp1250, etc. The destination code system doesn't necessarily have anything to do with unicode, and whole ranges of unicode's characters either result in an exception, or get translated as escape sequences. Ie: This is more usefully seen as a translation operation, than merely encoding. Those are encodings as well. The operation going from Unicode to one of these encodings is called encode in Python. The other way around decode. In 1, the encoding process results in data that stays within concepts defined within Unicode. In 2, encoding produces data that would be described by some code system outside of Unicode. At the moment I think Python muddles these two ideas together, and I'm not sure how to clarify this. An encoding is a mapping of characters to ordinals, nothing more or less. Unicode is such an encoding, but all others are as well. They just happen to have different ranges of ordinals. You are viewing all this from the a Unicode point of view, but please realize that Unicode is rather new in the business and the many other encodings Python supports have been around for decades. So it should say 16-bit code points instead, right? I don't think Unicode code points should ever be described as having a particular number of bits. I think this is a core concept: Unicode separates the character -- code point, and code point -- bits/bytes mappings. At most, one might want to distinguish different ranges of unicode code points. Even if there is a need to distinguish code points = 65535, I don't think this should be described as 16-bit, as it muddies the distinction between Unicode's two mappings. You have UCS-2 and UCS-4. UCS-2 representable in 16 bits, UCS-4 needs 21 bits, but is typically stored in 32-bit. Still, you're right: it's better to use the correct terms UCS-2 vs. UCS-4 rather than refer to the number of bits. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20906 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue5639] Support TLS SNI extension in ssl module
Dima Tisnek added the comment: +dstufft is absolutely right. SNI needs to be enabled on lower level than user python code. if it is, requests and most other http client libs get it for free without dependencies. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue5639 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20978] pyflakes: undefined names
Roundup Robot added the comment: New changeset 6718d00b872b by Victor Stinner in branch '3.4': Issue #20978: Remove last part of OS/2 support in distutils http://hg.python.org/cpython/rev/6718d00b872b New changeset 8de5d0809dd8 by Victor Stinner in branch '3.4': Issue #20978: pyflakes: fix undefined names http://hg.python.org/cpython/rev/8de5d0809dd8 New changeset 52404c14be07 by Victor Stinner in branch 'default': (Merge 3.4) Issue #20978: pyflakes: fix undefined names; remove last part of http://hg.python.org/cpython/rev/52404c14be07 -- nosy: +python-dev ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20978 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20990] pyflakes: undefined names, get_context() and main(), in multiprocessing
New submission from STINNER Victor: Two warnings from pyflakes: diff -r 72889bf8531d Lib/multiprocessing/spawn.py --- a/Lib/multiprocessing/spawn.py Tue Mar 18 13:21:29 2014 +0100 +++ b/Lib/multiprocessing/spawn.py Wed Mar 19 11:49:24 2014 +0100 @@ -64,6 +64,7 @@ def freeze_support(): Run code for process object if this in not the main process ''' if is_forking(sys.argv): +# FIXME: main() is undefined main() sys.exit() diff -r 72889bf8531d Lib/multiprocessing/synchronize.py --- a/Lib/multiprocessing/synchronize.pyTue Mar 18 13:21:29 2014 +0100 +++ b/Lib/multiprocessing/synchronize.pyWed Mar 19 11:50:50 2014 +0100 @@ -51,7 +51,6 @@ class SemLock(object): _rand = tempfile._RandomNameSequence() def __init__(self, kind, value, maxvalue, *, ctx): -ctx = ctx or get_context() ctx = ctx.get_context() unlink_now = sys.platform == 'win32' or ctx._name == 'fork' for i in range(100): -- messages: 214182 nosy: haypo, jnoller, sbt, serhiy.storchaka priority: normal severity: normal status: open title: pyflakes: undefined names, get_context() and main(), in multiprocessing versions: Python 3.4, Python 3.5 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20990 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20990] pyflakes: undefined names, get_context() and main(), in multiprocessing
STINNER Victor added the comment: Serhiy suggested (msg214136): Lib/multiprocessing/synchronize.py: Add at the start of the file: from . import get_context It looks like multiprocessing.get_context() exists, but I don't see how it is defined. For main(), it should maybe be replaced with _main()? -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20990 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20978] pyflakes: undefined names
STINNER Victor added the comment: I created #20990 for the undefined names in multiprocessing. -- nosy: -python-dev ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20978 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20977] pyflakes: undefined ctype in 2 except blocks in the email module
Changes by STINNER Victor victor.stin...@gmail.com: -- title: pyflakes: undefined ctype in 2 except blocks - pyflakes: undefined ctype in 2 except blocks in the email module ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20977 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20991] Issues about relative absolute import way for Portingfrom python2.4 to python2.7
New submission from Vatel: I just wrote a sample like this: testPy/ __init__.py client.py SoamFactory.c SoamFactory.so soamapi.py sample/testP.py export PYTHONPATH=$(TEST_LOCATION):$(TEST_LOCATION)/testPy Here's the source codes: __init__.py: import client client.py import soamapi class Client(soamapi.SessionCallback): def __init__(self): print class Client super(Client, self).__init__() soamapi.initialize() def create_session(self): sec_cb = soamapi.DefaultSecurityCallback() self.connection = soamapi.connect(sec_cb) soamapi.py import SoamFactory class ConnectionSecurityCallback(object): def __init__(self): print class ConnectionSecurityCallback def __del__(self): pass def test_P(self): print test_P in class ConnectionSecurityCallback class DefaultSecurityCallback(ConnectionSecurityCallback): def __init__(self): super(DefaultSecurityCallback, self).__init__() print class DefaultSecurityCallback def __del__(self): super(DefaultSecurityCallback, self).__del__() def test(self): print test in class DefaultSecurityCallback class SessionCallback(object): def __init__(self): pass def __del__(self): pass def connect(security_callback): return SoamFactory.SoamFactory_connect(security_callback) def initialize(): SoamFactory.SoamFactory_initialize() print call soamapi SoamFactory.c #include Python.h #include PythonLoop.c PyObject* SOAM_API_MODULE = NULL; PyObject* pyModule = NULL; static PyObject* SoamFactory_initialize(PyObject* self, PyObject* args){ PyEval_InitThreads(); init(); Py_RETURN_NONE; } static PyObject* SoamFactory_connect(PyObject* self, PyObject* args){ PyObject* pySecCallback = NULL; int ok = PyArg_ParseTuple(args, O, pySecCallback); if (!ok){ printf(parse tuple error!\n); Py_RETURN_NONE; } if (! PyObject_IsInstance(pySecCallback, connectSecCallback)){ printf(pySecCallback is not an instance of ConnectionSecurityCallback!\n); Py_RETURN_NONE; } printf(Successful!\n); Py_RETURN_NONE; } static PyMethodDef SoamFactory[] = { {SoamFactory_connect, SoamFactory_connect, METH_VARARGS, connection function}, {SoamFactory_initialize, SoamFactory_initialize, METH_VARARGS, SoamFactory_initialize}, {NULL, NULL} }; void initSoamFactory(){ PyEval_InitThreads(); Py_Initialize(); pyModule = Py_InitModule(SoamFactory, SoamFactory); SOAM_API_MODULE = PyImport_ImportModule(soamapi); } sample/testP.py import testPy print submitter = testPy.client.Client() submitter.create_session() print When I ran it on python2.4, it worked well, and the result was call soamapi after import soamapi--client.py class Client class ConnectionSecurityCallback class DefaultSecurityCallback Successful! But when I ran it on python2.7, it worked beyond my expectation, the result was call soamapi call soamapi class Client class ConnectionSecurityCallback class DefaultSecurityCallback pySecCallback is not an instance of ConnectionSecurityCallback! I found that soamapi was imported twice, and I investigated this is related to absoluterelative import way. PyImport_ImportModule in python2.7 uses absolute import way, it will look up sys.path to get soamapi module, and when testP.py file import testPy module, it will find local module soamapi under testPy package, and binds module's name to package, as testPy.soamapi. There are two ways to correct it for python2.7, 1) Don't use import testPy, use import client directly to avoid using relative; 2) Use from __future__ import absolute_import to enable absolute import feature. But there are two Pre-conditions: 1) Should not modify testP.py; 2) Should be ran on both python2.4 and 2.7. I don't know how to fix it. Is there any official way about how to porting this scenario or better idea? Thanks, Vatel -- components: Library (Lib) messages: 214185 nosy: Vatel.Z priority: normal severity: normal status: open title: Issues about relative absolute import way for Portingfrom python2.4 to python2.7 type: behavior versions: Python 2.7 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20991 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20978] pyflakes: undefined names
Roundup Robot added the comment: New changeset bdad874195d6 by Victor Stinner in branch '3.4': Isuse #12328, #20978: Add _winapi.WAIT_ABANDONED_0 symbol, needed by http://hg.python.org/cpython/rev/bdad874195d6 New changeset 2e4692a762d5 by Victor Stinner in branch 'default': (Merge 3.4) Issue #12328, #20978: Add _winapi.WAIT_ABANDONED_0 symbol, needed http://hg.python.org/cpython/rev/2e4692a762d5 -- nosy: +python-dev ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20978 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20976] pyflakes: remove unused imports
Roundup Robot added the comment: New changeset f6f691ff27b9 by Victor Stinner in branch '3.4': Issue #20976: pyflakes: Remove unused imports http://hg.python.org/cpython/rev/f6f691ff27b9 New changeset 714002a5c1b7 by Victor Stinner in branch 'default': (Merge 3.4) Issue #20976: pyflakes: Remove unused imports http://hg.python.org/cpython/rev/714002a5c1b7 -- nosy: +python-dev ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20976 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue12328] multiprocessing's overlapped PipeConnection on Windows
Roundup Robot added the comment: New changeset bdad874195d6 by Victor Stinner in branch '3.4': Isuse #12328, #20978: Add _winapi.WAIT_ABANDONED_0 symbol, needed by http://hg.python.org/cpython/rev/bdad874195d6 New changeset 2e4692a762d5 by Victor Stinner in branch 'default': (Merge 3.4) Issue #12328, #20978: Add _winapi.WAIT_ABANDONED_0 symbol, needed http://hg.python.org/cpython/rev/2e4692a762d5 -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue12328 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20976] pyflakes: remove unused imports
STINNER Victor added the comment: I would prefer that _qdecode be left alone. Ok, I leaved these symbols unchanged in Lib/email/utils.py even if they are not used: -- from quopri import decodestring as _qdecode from email.encoders import _bencode, _qencode -- -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20976 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20976] pyflakes: remove unused imports
Changes by STINNER Victor victor.stin...@gmail.com: -- resolution: - fixed status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20976 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20978] pyflakes: undefined names
Changes by STINNER Victor victor.stin...@gmail.com: -- resolution: - fixed status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20978 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20990] pyflakes: undefined names, get_context() and main(), in multiprocessing
Serhiy Storchaka added the comment: It looks like multiprocessing.get_context() exists, but I don't see how it is defined. It is defined by: globals().update((name, getattr(context._default_context, name)) for name in context._default_context.__all__) For main(), it should maybe be replaced with _main()? _main() has different signature. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20990 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20978] pyflakes: undefined names
Serhiy Storchaka added the comment: What about 2.7? -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20978 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20978] pyflakes: undefined names
STINNER Victor added the comment: What about 2.7? Python 2.7 is not affected. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20978 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20981] ssl doesn't build anymore with OpenSSL 0.9.7 or older
STINNER Victor added the comment: It looks like FreeBSD 6.4 includes OpenSSL 0.9.7, whereas X509_check_ca() requires OpenSSL 0.9.8 or newer. -- title: ssl doesn't build anymore with old OpenSSL versions - ssl doesn't build anymore with OpenSSL 0.9.7 or older ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20981 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20981] ssl doesn't build anymore with OpenSSL 0.9.7 or older: X509_check_ca
Changes by STINNER Victor victor.stin...@gmail.com: -- title: ssl doesn't build anymore with OpenSSL 0.9.7 or older - ssl doesn't build anymore with OpenSSL 0.9.7 or older: X509_check_ca ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20981 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue19255] Don't wipe builtins at shutdown
Changes by Serhiy Storchaka storch...@gmail.com: -- assignee: - serhiy.storchaka resolution: - fixed stage: patch review - committed/rejected status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue19255 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20148] Derby: Convert the _sre module to use Argument Clinic
Serhiy Storchaka added the comment: Here is updated patch. -- versions: +Python 3.5 -Python 3.4 Added file: http://bugs.python.org/file34529/sre_clinic_2.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20148 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20992] reading individual bytes of multiple binary files using the Python module fileinput
New submission from Tommy Carstensen: This is my first post on bugs.python.org. I hope I abide to the rules. It was suggested to me on stackoverflow.com, that I request an enhancement to the module fileinput here: http://stackoverflow.com/questions/22510123/reading-individual-bytes-of-multiple-binary-files-using-the-python-module-filein I can read the first byte of a binary file like this: with open(my_binary_file,'rb') as f: f.read(1) But when I run this code: import fileinput with fileinput.FileInput(my_binary_file,'rb') as f: f.read(1) then I get this error: AttributeError: 'FileInput' object has no attribute 'read' I would like to propose an enhancement to fileinput, which makes it possible to read binary files byte by byte. I posted this solution to my problem: def process_binary_files(list_of_binary_files): for file in list_of_binary_files: with open(file,'rb') as f: yield f.read(1) return list_of_binary_files = ['f1', 'f2'] generate_byte = process_binary_files(list_of_binary_files) byte = next(generate_byte) -- components: Library (Lib) messages: 214195 nosy: Tommy.Carstensen priority: normal severity: normal status: open title: reading individual bytes of multiple binary files using the Python module fileinput type: enhancement versions: Python 3.3, Python 3.4 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20992 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20907] behavioral differences between shutil.unpack_archive and ZipFile.extractall
Peter Santoro added the comment: It seems clear to me that the logic in shutil._unpack_zipfile that silently skips paths that start with '/' (indicates absolute path) or that contain references to the parent directory ('..') was added to prevent malicious zip files from making potential malicious/unwanted modifications to the filesystem (perhaps at a time when zipfile did not itself contain such logic). This conservative approach works, but it can have unexpected results. For example, if all entries in a zip file contain these invalid characters, then shutil._unpack_zipfile appears to do nothing (i.e. the zip file is not unpacked). This is good (except for the silent part), if the zip file is truly malicious. However, I recently had to deal with thousands of zip files created by well known software vendors where hundreds of the zip files were created incorrectly and contained these invalid characters. These files were not malicious, but they were created improperly. Note that shutil._unpack_zipfile silently fai led to unzip these files, but by using ZipFile.extractall I could unzip them. It appears that most unzipping software today either either ignores (sometimes silently) potentially malicious zip entries (e.g. Windows 7 Explorer displays an invalid zip file error) or it attempts to filter out/replace known bad characters so that the zip entries can be extracted (e.g. WinZip, gnu unzip). I created this issue because the Python library uses both approaches, which may need rethinking. The newer logic in ZipFile._extract_member, which is used by ZipFile.extractall, takes a different approach. Instead of silently ignoring potentially malicious zip entries, it attempts to filter out or replace known invalid characters before extracting the zip entries. From the Python zipfile docs: --- If a member filename is an absolute path, a drive/UNC sharepoint and leading (back)slashes will be stripped, e.g.: ///foo/bar becomes foo/bar on Unix, and C:\foo\bar becomes foo\bar on Windows. And all .. components in a member filename will be removed, e.g.: ../../foo../../ba..r becomes foo../ba..r. On Windows illegal characters (:, , , |, , ?, and *) replaced by underscore (_). --- As ZipFile._extract_member filters out/replaces more invalid characters than shutil._unpack_zipfile handles, one could argue that the (apparent older) approach used by shutil._unpack_zipfile is less safe. The approaches used by shutil._unpack_zipfile and ZipFile.extractall to deal with potentially malicious zip file entries are different. This issue could be closed if not deemed important by the Python core developers or it could be handled by documentation and/or coding changes. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20907 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20985] Add new style formatting to logging.config.fileConfig
Changes by Vinay Sajip vinay_sa...@yahoo.co.uk: -- status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20985 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20906] Issues in Unicode HOWTO
Graham Wideman added the comment: Marc-Andre: Thanks for commenting: 2. 1. Python string -- some other code system, such as ASCII, cp1250, etc. The destination code system doesn't necessarily have anything to do with unicode, and whole ranges of unicode's characters either result in an exception, or get translated as escape sequences. Ie: This is more usefully seen as a translation operation, than merely encoding. Those are encodings as well. The operation going from Unicode to one of these encodings is called encode in Python. Yes I am certainly aware that in Python parlance these are also called encode (and achieved with encode()), which, I am arguing, is one reason we have confusion. These are not encoding into a recognized Unicode-defined byte stream, they entail translation and filtering into the allowed character set of a different code system and encoding into that code system's byte representation (encoding). In 1, the encoding process results in data that stays within concepts defined within Unicode. In 2, encoding produces data that would be described by some code system outside of Unicode. At the moment I think Python muddles these two ideas together, and I'm not sure how to clarify this. An encoding is a mapping of characters to ordinals, nothing more or less. In unicode, the mapping from characters to ordinals (code points) is not the encoding. It's the mapping from code points to bytes that's the encoding. While I wish this was a distinction reserved for pedants, unfortunately it's an aspect that's important for users of unicode to understand in order to make sense of how it works, and what the literature and the web says (correct and otherwise). You are viewing all this from the a Unicode point of view, but please realize that Unicode is rather new in the business and the many other encodings Python supports have been around for decades. I'm advocating that the concepts be clear enough to understand that Unicode (UTF-whatever) works differently (two mappings) than non-Unicode systems (single mapping), so that users have some hope of understanding what happens in moving from one to the other. So it should say 16-bit code points instead, right? I don't think Unicode code points should ever be described as having a particular number of bits. I think this is a core concept: Unicode separates the character -- code point, and code point -- bits/bytes mappings. You have UCS-2 and UCS-4. UCS-2 representable in 16 bits, UCS-4 needs 21 bits, but is typically stored in 32-bit. Still, you're right: it's better to use the correct terms UCS-2 vs. UCS-4 rather than refer to the number of bits. I think mixing in UCS just adds confusion here. Unicode consortium has declared UCS obsolete, and even wants people to stop using that term: http://www.unicode.org/faq/utf_bom.html UCS-2 is obsolete terminology... the term should now be avoided. (That's a somewhat silly position -- we must still use the term to talk about legacy stuff. But probably not necessary here.) So my point wasn't about UCS. It was about referring to code points as having a particular bit width. Fundamentally, code points are numbers, without regard to some particular computer number format. It is a separate matter that they can be encoded in 8, 16 or 32 bit encoding schemes (utf-8, 16, 32), and that is independent of the magnitude of the code point number. It _is_ the case that some code points are large enough integers that when encoded they _require_, say, 3 bytes in utf-8, or two 16-bit words in utf-16 and so on. But the number of bits used in the encoding does not necessarily correspond to the number of bits that would be required to represent the integer code point number in plain binary. (Only in UTF-32 is the encoded value simply the binary version of the code point value.) -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20906 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20985] Add new style formatting to logging.config.fileConfig
Vinay Sajip added the comment: Though not deprecated, fileConfig() will not be receiving any enhancements (just bug-fixes). It is recommended that users who need more functionality migrate to using dictConfig(), which offers more configuration functionality than fileConfig() - e.g. configuring filters - and dictConfig() does support alternate formatting styles. -- resolution: - wont fix ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20985 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue5639] Support TLS SNI extension in ssl module
Antoine Pitrou added the comment: Nick: rather than direct users to use requests, we should direct them to use Python 3, which has had SNI support for 3+ years now. If client programs choose to remain on Python 2, it's *their* fault, not Python's. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue5639 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20988] Recommend ssl.create_default_context() in Security considerations
Antoine Pitrou added the comment: Duplicate of issue 20913. -- resolution: - duplicate status: open - closed superseder: - Standard Library documentation needs SSL security best practices doc. ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20988 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue5639] Support TLS SNI extension in ssl module
Dima Tisnek added the comment: Antoine, was Python 2.x a mistake? I don't think so. SNI is not a language feature, it's not even a python extension feature. It's a feature of and existing protocol and the underlying library. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue5639 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue5639] Support TLS SNI extension in ssl module
Antoine Pitrou added the comment: Antoine, was Python 2.x a mistake? Really, can you stop arguing about this? If you want to know what Python considers features and bug fixes, then get acquainted with the development process instead of bickering. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue5639 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20993] Quicklink to PEPs is wrong.
New submission from Auke Willem Oosterhoff: Quicklink[1] to PEPs points to the old page which doesn't exists anymore. Patch provided with correct link. [1]:http://docs.python.org/devguide/#quick-links -- components: Devguide files: index.patch keywords: patch messages: 214202 nosy: OrangeTux, ezio.melotti priority: normal severity: normal status: open title: Quicklink to PEPs is wrong. versions: Python 3.5 Added file: http://bugs.python.org/file34530/index.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20993 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue6331] Add unicode script info to the unicode database
Martin v. Löwis added the comment: Pander: In what way would this extend or improve the current patch? -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue6331 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20906] Issues in Unicode HOWTO
Marc-Andre Lemburg added the comment: On 20.03.2014 11:49, Graham Wideman wrote: An encoding is a mapping of characters to ordinals, nothing more or less. In unicode, the mapping from characters to ordinals (code points) is not the encoding. It's the mapping from code points to bytes that's the encoding. While I wish this was a distinction reserved for pedants, unfortunately it's an aspect that's important for users of unicode to understand in order to make sense of how it works, and what the literature and the web says (correct and otherwise). I know that Unicode terminology provides all kinds of ways to name things and we can be arbitrarily pedantic about any of them and the fact that the Unicode consortium changes its mind every few years isn't helpful either :-) We could also have called encodings: character set, code page, character encoding, transformation, etc. In Python keep it simple: you have Unicode (code points) and 8-bit strings or bytes (code units). Whenever you go from Unicode to bytes, you encode Unicode into some encoding. Going back, you decode the encoding back into Unicode. This operation is defined by the codec implementing the encoding and it's *not* guaranteed to be lossless. See here for how we ended up having Unicode support in Python: http://www.egenix.com/library/presentations/#PythonAndUnicode -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20906 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue8743] set() operators don't work with collections.Set instances
Raymond Hettinger added the comment: Thanks for the patch update. I will look at it shortly. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue8743 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue18931] new selectors module should support devpoll on Solaris
Giampaolo Rodola' added the comment: hg import http://bugs.python.org/file34522/devpoll3.patch; applies cleanly for me. Not sure what else to do. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue18931 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14373] C implementation of functools.lru_cache
Serhiy Storchaka added the comment: Could you please make a review Raymond? -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14373 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14373] C implementation of functools.lru_cache
Raymond Hettinger added the comment: Could you please make a review Raymond? Yes, I will take a look. I looking a making other changes to the lru_cache and don't want the C implementation to go it first. There are still some open questions about re-entrancy that still need to be addressed before a C implementation gets added to the mix. -- priority: high - low ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14373 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue12384] difflib.SequenceMatcher and Match: code and doc bugs
Changes by Raymond Hettinger raymond.hettin...@gmail.com: -- nosy: +tim.peters ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue12384 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue19640] Drop _source attribute of namedtuple (waste memory)
Changes by Raymond Hettinger raymond.hettin...@gmail.com: -- assignee: - rhettinger ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue19640 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20986] test_startup_imports fails in test_site when executed inside venv
Vinay Sajip added the comment: It looks like the venv checking machinery in site.py was changed in 3.4 to import re conditionally if in a venv (in 3.3, it was an unconditional import). This doesn't seem wrong, so ISTM the test needs changing (it already contains exceptions for particular cases, e.g. OS X, because _osx_support uses re - this seems to be an analogous case). -- nosy: +christian.heimes ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20986 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue19640] Drop _source attribute of namedtuple (waste memory)
Changes by Raymond Hettinger raymond.hettin...@gmail.com: -- versions: -Python 3.4 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue19640 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue5639] Support TLS SNI extension in ssl module
Nick Coghlan added the comment: I'm currently discussing some options with Donald and Christian. While it's annoying that a developer from a certain large corporate user of Python (a director of the PSF, no less) is whining at volunteers on the internet instead of actually helping by encouraging their employer or the board to help fund the creation and publication of an up to date TLS module for Python 2, griping about the endemic problem of corporate users taking community developed software for granted won't make the underlying problem go away: an unfortunate amount of Python code is currently improperly secured because it is using outdated SSL support, and there isn't currently a good alternative available for users that aren't in a position to immediately migrate to Python 3. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue5639 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue19640] Drop _source attribute of namedtuple (waste memory)
Raymond Hettinger added the comment: FWIW, the verbose option is mentioned as outdated because the _source attribute was added. Also, there are real use cases, people are using the _source as writing it to a .py file so that the dynamic namedtuple generation step can be skipped on subsequent imports. This is useful when people want to avoid the use of eval or want to run cython on the code. The attribute can be dropped. It is part of the API. Sorry, the memory use bugs you. It is bigger than typical docstrings but is not a significant memory consumer in most applications. I like the idea of dynamically generating the source upon lookup, but want to think about whether there are any unintended consequences to that space saving hack. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue19640 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue19640] Dynamically generate the _source attribute of namedtuple to save memory)
Changes by Raymond Hettinger raymond.hettin...@gmail.com: -- priority: normal - low title: Drop _source attribute of namedtuple (waste memory) - Dynamically generate the _source attribute of namedtuple to save memory) ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue19640 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10141] SocketCan support
Roundup Robot added the comment: New changeset df427bf067d7 by Vinay Sajip in branch '3.4': Issue #10141: updated new usages of AF_CAN to be in #ifdef AF_CAN rather than #ifdef HAVE_LINUX_CAN_H to allow compilation on older Linuxes. http://hg.python.org/cpython/rev/df427bf067d7 -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue10141 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20907] behavioral differences between shutil.unpack_archive and ZipFile.extractall
R. David Murray added the comment: Note that unix unzip does exactly the same thing as zipfile extractall (except that it does issue warnings), and I believe this is considered best practice these days for extraction tools: strip out absolute/relative path components and extract to the destination directory. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20907 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue5639] Support TLS SNI extension in ssl module
Antoine Pitrou added the comment: I'm missing some context to appreciate your message, Nick, but please note that SNI is not in itself a security feature. It just enables interoperability with TLS virtual hosts (aka. hosting several TLS-enabled domains behind a single IP and port). -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue5639 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20989] XML File I/O Misbehavior with open() when the flag is 'r+'
R. David Murray added the comment: Your example doesn't seem to have anything to do with XML, nor is it sufficient to reproduce the problem. Can you provide a simple program including sample data that reproduces the behavior you are concerned with? We'll also need to know what platform you are on. Is it possible you are missing a line end character at the end of your file? -- nosy: +r.david.murray ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20989 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue5639] Support TLS SNI extension in ssl module
Donald Stufft added the comment: It's somewhat of a grey area of security feature. It's not directly a security feature but if you don't have SNI and you hit a site that requires it then your error message is going to be something like what people run into with PyPI[1] which is Cannot verify pypi.python.org, does not match hostname *.a.ssl.fastly.net. At this point most people go What? and assume the site is at fault and disable verification. Even more frustrating is this is going to work fine in their browser. The answer of how to actually verify this is without SNI is (once you even figure out the problem is SNI, which is non obvious) verify against what's actually in the CN of the cert, and send a Host header for what site you actually want. So while it is not strictly a security feature, it is fairly important for reasonably securely connecting to a site that requires SNI for the lay person. [1] PyPI's problem is no SNI but that some clients don't support SAN certificates, but the error message is exactly the same. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue5639 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20686] Confusing statement
Daniel U. Thibault added the comment: The default encoding is normally set to ASCII [...]. When a Unicode string is printed, written to a file, or converted with str(), conversion takes place using this default encoding. uäöü u'\xe4\xf6\xfc' Printing a Unicode string uses ASCII encoding: false (the characters are not converted to their ASCII equivalents) (compare with str(), below) str(uäöü) Traceback (most recent call last): File stdin, line 1, in module UnicodeEncodeError: 'ascii' codec can't encode characters in position 0-2: ordinal not in range(128) Converting a Unicode string with str() uses ASCII encoding: true (if print (see above) behaved like str(), you'd get an error too) f = open('workfile', 'w') f.write('This is a «test»\n') f.close() Writing a Unicode string to a file uses ASCII encoding: false (examination of the file reveals UTF-8 characters (hex dump: 54 68 69 73 20 69 73 20 61 20 C2 AB 74 65 73 74 C2 BB 0A)) -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20686 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13936] RFE: change bool(datetime.time(0, 0, 0)) to evaluate as True
Changes by lilydjwg lilyd...@gmail.com: -- nosy: +lilydjwg ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13936 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue19640] Dynamically generate the _source attribute of namedtuple to save memory)
Raymond Hettinger added the comment: The size of the _source attribute is about 2k per namedtuple class: from collections import namedtuple Response = namedtuple('Response', ['code', 'msg', 'compressed', 'written']) len(Response._source) 2174 -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue19640 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20558] ECONNRESET value in logging.config is valid with Linux [distros]; not valid with *BSD
Roundup Robot added the comment: New changeset 9c27c9844be2 by Vinay Sajip in branch 'default': Closes #20558: Improved implementation of error handling. http://hg.python.org/cpython/rev/9c27c9844be2 -- resolution: - fixed stage: - committed/rejected status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20558 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20558] ECONNRESET value in logging.config is valid with Linux [distros]; not valid with *BSD
Roundup Robot added the comment: New changeset 46fe23e000a1 by Vinay Sajip in branch '3.4': Issue #20558: Improved implementation of error handling. http://hg.python.org/cpython/rev/46fe23e000a1 -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20558 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue5639] Support TLS SNI extension in ssl module
Antoine Pitrou added the comment: Understood, but that's no different from trying to connect with an old Windows or MSIE version (which I'm sure will also fail on some websites). Client-side SNI support has been added in Python 3.2, and 3.4 is now out. People who migrated their code to Python 3 have been enjoying SNI support for years now, and they're gradually getting more TLS features at every new feature release. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue5639 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20686] Confusing statement about unicode strings in tutorial introduction
R. David Murray added the comment: re: file. You forgot the 'u' in front of the string: f.write(u'This is a «test»\n') Traceback (most recent call last): File stdin, line 1, in module UnicodeEncodeError: 'ascii' codec can't encode character u'\xab' in position 10: ordinal not in range(128) So you were actually writing binary in your console encoding, which must have been utf-8. (This kind of confusion is the main reason python3 exists). -- title: Confusing statement - Confusing statement about unicode strings in tutorial introduction ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20686 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue5639] Support TLS SNI extension in ssl module
STINNER Victor added the comment: Please discuss the Python 2 documentation in a new issue, this one is now closed and so hidden from the list of bugs. -- nosy: +haypo ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue5639 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20444] Reduce logging.config.Converting duplication of code
Roundup Robot added the comment: New changeset f27f594a96c3 by Vinay Sajip in branch '3.4': Issue #20444: Reduced code duplication. http://hg.python.org/cpython/rev/f27f594a96c3 New changeset 135aa1c4349d by Vinay Sajip in branch 'default': Closes #20444: Merged fix from 3.4. http://hg.python.org/cpython/rev/135aa1c4349d -- resolution: - fixed stage: - committed/rejected status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20444 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20991] Issues about relative absolute import way for Portingfrom python2.4 to python2.7
Brett Cannon added the comment: This isn't a bug so closing as invalid. As suggested on python-dev, ask on python-list or python-help for assistance. -- nosy: +brett.cannon resolution: - invalid status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20991 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20976] pyflakes: remove unused imports
Barry A. Warsaw added the comment: On Mar 20, 2014, at 08:29 AM, STINNER Victor wrote: from quopri import decodestring as _qdecode from email.encoders import _bencode, _qencode AFAICT, _qdecode is only used in email/messages.py, so perhaps it's better to import it there and remove it from utils.py? _bencode and _qencode are imported/defined and used in encoders.py. It doesn't seem like utils.py or any other code uses them. They're all non-public so why not clean it up? -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20976 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20218] Add methods to `pathlib.Path`: `write_text`, `read_text`, `write_bytes`, `read_bytes`
Ram Rachum added the comment: I understand Antoine. At this point, while I could easily implement the changes you ask for in your review, I'm concerned that we are spending our time adding a feature to Python that nobody really loves. What I'd really love is a pair of methods `read` and `write`. (Less typing than the method names you asked for, and less methods added to the API.) And I'd love for these methods to be able to use append and exclusive. I understand that a feature like that is not acceptable to you, which I accept, since this is an open-source projects that needs to satisfy many people and not just myself. So the current way you want to implement this is not something I'm excited about and not something I'll be happy to use. The question is, are *you* excited about this feature the way you want to implement it? (With four methods and no append or exclusive.) Is this something you'd love to use? Do you think other people feel the same? If so, I'll be happy to finish editing this patch so this feature could go into Python. Otherwise, if we find no one who actually loves this feature, I think that the most beneficial action we could do for the Python community is to drop this issue right here, rather than add a command to the API that we'll have to support for decades despite the fact nobody really likes it. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20218 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20993] Quicklink to PEPs is wrong.
Roundup Robot added the comment: New changeset 0d9f428f28ce by Zachary Ware in branch 'default': Issue #20993: Fix link to PEPs http://hg.python.org/devguide/rev/0d9f428f28ce -- nosy: +python-dev ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20993 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20976] pyflakes: remove unused imports
R. David Murray added the comment: Well, one reason is I was afraid mailman might be using them. So if you are cool with it, that removes that objection. The other reason was that it seemed they were being used from utils on purpose, as a design thing. I did not take the time to do a full analysis, since Victor wanted to get his patch in. So, if you've taken a look and you think there's no reason to keep them the way they are, then I'm fine with it. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20976 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20993] Quicklink to PEPs is wrong.
Zachary Ware added the comment: It turns out that adding a slash to the end of the existing address was enough to get the right redirect, so I went with that instead of your patch. Either way, thanks for the report! -- assignee: - zach.ware nosy: +zach.ware resolution: - fixed stage: - committed/rejected status: open - closed type: - behavior versions: -Python 3.5 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20993 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20976] pyflakes: remove unused imports
STINNER Victor added the comment: Barry, David: It's up to you. I'm done with this issue, but you can drop more unused import if you want. Since I don't know well the email module, I don't want to be responsible of breaking it :-) -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20976 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20976] pyflakes: remove unused imports
Barry A. Warsaw added the comment: On Mar 20, 2014, at 01:32 PM, R. David Murray wrote: Well, one reason is I was afraid mailman might be using them. So if you are cool with it, that removes that objection. Nope, neither the 2.1 or 3.0 code uses those methods AFAICT. The other reason was that it seemed they were being used from utils on purpose, as a design thing. I did not take the time to do a full analysis, since Victor wanted to get his patch in. I suspect it's just left over cruft from the early days of the email/mimelib code. So, if you've taken a look and you think there's no reason to keep them the way they are, then I'm fine with it. Do you want the honors? :) -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20976 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20994] Disable TLS Compression
New submission from Donald Stufft: Since Python 3.3 the ssl module has supported the ability to opt in to disabling TLS Compression [1]. However TLS Compression has the problem that it typically leaks data through an attack known as CRIME. CRIME is specific to HTTP but the type of attack it employs is not. I believe that CPython should just flat out disable TLS Compression and it should do so in all currently active branches (2.7, 3.2+). The patch is fairly minor however there is the question of how that should be handled in 3.3+ where there would be a now useless flag and method on SSLContext. The likelhood for breakage is fairly low and all modern browsers have already permanently disabled it. [1] http://bugs.python.org/issue13634 -- messages: 214234 nosy: christian.heimes, dstufft, ncoghlan, pitrou priority: normal severity: normal status: open title: Disable TLS Compression versions: Python 2.7, Python 3.2, Python 3.3, Python 3.4, Python 3.5 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20994 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20986] test_startup_imports fails in test_site when executed inside venv
Changes by Brett Cannon br...@python.org: -- nosy: +brett.cannon ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20986 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20994] Disable TLS Compression
Antoine Pitrou added the comment: It would probably be sufficient to add OP_NO_COMPRESSION to OP_ALL. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20994 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20976] pyflakes: remove unused imports
R. David Murray added the comment: Sure. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20976 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20994] Disable TLS Compression
Donald Stufft added the comment: Ah, I hadn't noticed the OP_ALL thing, in 3.3+ adding OP_NO_COMPRESSION to OP_ALL would be reasonable. That would disable TLS Compression by default, still provide people the ability to disable TLS Compression if they don't use OP_ALL, and provide a way to enable it if they want it. Do you think it'd be OK to just disable TLS Compression in 2.7 and 3.2 without the option to turn it back on? I think that would be fine personally. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20994 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20994] Disable TLS Compression
Antoine Pitrou added the comment: Do you think it'd be OK to just disable TLS Compression in 2.7 and 3.2 without the option to turn it back on? I think that would be fine personally. I'm not enough of a TLS expert, but it sounds ok. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20994 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20994] Disable TLS Compression
Changes by Alex Gaynor alex.gay...@gmail.com: -- nosy: +alex ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20994 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20995] Use Better Default Ciphers for the SSL Module
New submission from Donald Stufft: As of right now the default cipher list for the ssl module is DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2, additionally on Python 3.4 when you use create_default_context() then you also additionally get HIGH:!aNULL:!RC4:!DSS. I think we should change this to the cipher string: ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS This will: * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE) * prefer ECDHE over DHE for better performance * prefer any AES-GCM over any AES-CBC for better performance and security * use 3DES as fallback which is secure but slow * disable NULL authentication, MD5 MACs and DSS for security reasons This cipher string is taken from urllib3 where it was compiled through the resources of: * https://www.ssllabs.com/projects/best-practices/index.html * https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ The compatibility of this is pretty good. The only time this should cause a connection to *fail* is if a server is using an insecure cipher and in that case you can re-enable it by simply passing the original cipher list through the ssl.wrap_socket ciphers function. -- messages: 214239 nosy: benjamin.peterson, christian.heimes, dstufft, ezio.melotti, haypo, lemburg, ncoghlan, pitrou priority: normal severity: normal status: open title: Use Better Default Ciphers for the SSL Module versions: Python 2.7, Python 3.2, Python 3.3, Python 3.4, Python 3.5 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20995 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20995] Use Better Default Ciphers for the SSL Module
Changes by Alex Gaynor alex.gay...@gmail.com: -- nosy: +alex ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20995 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20995] Use Better Default Ciphers for the SSL Module
Antoine Pitrou added the comment: I really don't think hardcoding specific ciphers is a good idea. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20995 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20996] Backport TLS 1.1 and 1.2 support for ssl_version
New submission from Donald Stufft: Python 3.4 has constants and code to enable forcing the ssl_version to TLS 1.1 or 1.2. As it stands now Python 2.7, 3.2, and 3.3 can successfully connect and will use a TLS 1.1 or 1.2 connection if it's available (new enough OpenSSL) but cannot _force_ a connection to use TLS 1.1 or 1.2. It would be good to backport this from 3.4, it would involve adding constants to ssl.py, and minimal code to _ssl.c to handle actually forcing the TLS method. -- messages: 214241 nosy: alex, christian.heimes, dstufft, ncoghlan, pitrou priority: normal severity: normal status: open title: Backport TLS 1.1 and 1.2 support for ssl_version versions: Python 2.7, Python 3.2, Python 3.3 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20996 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20996] Backport TLS 1.1 and 1.2 support for ssl_version
Antoine Pitrou added the comment: Two questions: - does it fix a bug in Python? - does it fix a security issue in Python? -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20996 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20995] Use Better Default Ciphers for the SSL Module
Marc-Andre Lemburg added the comment: On 20.03.2014 15:11, Donald Stufft wrote: The compatibility of this is pretty good. The only time this should cause a connection to *fail* is if a server is using an insecure cipher and in that case you can re-enable it by simply passing the original cipher list through the ssl.wrap_socket ciphers function. Depends on who you is :-) Most of the time this will be the user of some script or application with no clue as to how to change this or what a cipher string is. I think we should leave this decision to the OpenSSL lib vendors and developers. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20995 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20995] Use Better Default Ciphers for the SSL Module
R. David Murray added the comment: create_default_context is about best practices, though, so it seems to me it wouldn't be crazy to do it there. -- nosy: +r.david.murray ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20995 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20997] Wrong URL fragment identifier in search result
New submission from Baptiste Mispelon: When doing a search for PYTHONDONTWRITEBYTECODE on the 2.7 docs (http://docs.python.org/2/search.html?q=PYTHONDONTWRITEBYTECODE), the first (and only) search result is the following link: http://docs.python.org/2/using/cmdline.html?highlight=pythondontwritebytecode#PYTHONDONTWRITEBYTECODE (note the `#PYTHONDONTWRITEBYTECODE` at the end) Clicking this link takes you to the right page but the browser doesn't scroll to the correct position on the page as expected. This is because there's no element with an `id` of `PYTHONDONTWRITEBYTECODE`. The correct id is `envvar-PYTHONDONTWRITEBYTECODE`. Things work as expected when searching on version 3 docs (http://docs.python.org/3/search.html?q=PYTHONDONTWRITEBYTECODE), where the correct fragment identifier is generated in the search results. -- assignee: docs@python components: Documentation messages: 214245 nosy: bmispelon, docs@python priority: normal severity: normal status: open title: Wrong URL fragment identifier in search result type: behavior versions: Python 2.7 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20997 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20994] Disable TLS Compression
Alex Stapleton added the comment: CRIME is not universally applicable to all TLS connections and it requires some cooperation from the application to work. In fact for a Python TLS client it seems quite unlikely for an application to be vulnerable. The attack in the paper leverages an insecure website to inject JavaScript to issue crafted requests to a secure one. i.e. It requires both compression and some degree of remote code execution to work. Perhaps there are ways to extend the attack to apply to more common Python TLS client usage though? Also some users will absolutely want to manually re-enable compression, please don't disable it entirely. -- nosy: +Alex.Stapleton ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20994 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20980] In multiprocessing.pool, ExceptionWithTraceback should derive from Exception
Steven Myint added the comment: This bug was introduced in #13831. -- versions: +Python 3.5 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20980 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20994] Disable TLS Compression
Donald Stufft added the comment: To be specific it doesn't require any remote code execution to work, it just requires you to be able to influence the content of the responses that the client is receiving. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20994 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20995] Use Better Default Ciphers for the SSL Module
Antoine Pitrou added the comment: create_default_context is about best practices, though, so it seems to me it wouldn't be crazy to do it there. Agreed, but the real problem here is maintenance. Hardcoding a list of specific ciphers means someone must follow closely the introduction of new ciphers in OpenSSL, and choose whether or not to include them in the list. I'd prefer an open-ended cipher string. Here is a proposal: 'ECDH:EDH:AESGCM:HIGH:!eNULL:!aNULL:!DSS' It prioritizes Diffie-Hellman key exchange (for perfect forward secrecy), and AESGCM for the symmetric cipher; it also lets OpenSSL append other possible ciphers. BTW, apparently removing RC4 prevents ECDHE in SSv23 mode: $ ./python -c 'import ssl, socket; ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23); ctx.set_ciphers(EECDH:EDH:AESGCM:HIGH:!eNULL:!aNULL); s = ctx.wrap_socket(socket.socket()); s.connect((linuxfr.org, 443)); print(s.cipher()); s.close()' ('ECDHE-RSA-RC4-SHA', 'TLSv1/SSLv3', 128) $ ./python -c 'import ssl, socket; ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23); ctx.set_ciphers(EECDH:EDH:AESGCM:HIGH:!eNULL:!aNULL:!RC4); s = ctx.wrap_socket(socket.socket()); s.connect((linuxfr.org, 443)); print(s.cipher()); s.close()' ('DHE-RSA-AES256-SHA', 'TLSv1/SSLv3', 256) -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20995 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20636] Better repr for tkinter widgets
Serhiy Storchaka added the comment: Are there any questions or objections? -- assignee: - serhiy.storchaka ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20636 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20995] Use Better Default Ciphers for the SSL Module
Alex Gaynor added the comment: That's because of the set of ciphersuites offered by the server (see https://www.ssllabs.com/ssltest/analyze.html?d=linuxfr.org), it's not an inevitable property of TLS. For example jenkins.cryptography.io (see https://www.ssllabs.com/ssltest/analyze.html?d=jenkins.cryptography.io) offers ECDHE suites without any RC4 at all. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20995 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20887] stdlib compatibility with pypy, test_zipfile.py
mattip added the comment: As far as I know, cpython3 dropped the assumption that garbage collection closes files, so python3's version of this test should already handle the issue, no? -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20887 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20995] Use Better Default Ciphers for the SSL Module
Donald Stufft added the comment: Yea I noticed that, so I was doing some more testing, here's what I think we should be using (It Adds back in RC4): ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:ECDH+RC4:DH+RC4:RSA+RC4!aNULL:!MD5:!DSS This gives us everything that DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2 does except for the ciphers list here https://gist.github.com/dstufft/251dbeb8962e2182e668 on my OpenSSL 1.0.1f install. Antoine, your cipher string priortizes ECDHE RC4 over DHE AES or even just plain AES. The string I'm proposing has been carefully crafted in order to get the ciphers in a very particular order. That order is basically - 1) Security of the cipher itself 2) PFS 3) Performance while also maintaining compatibility both forwards and backwards. RC4 is in a precarious condition and it's use should be heavily discouraged. It is still required in some cases which is why my revised default cipher suggestion includes it, but at the end as a last fall back. At that point if RC4 gets selected it's the servers fault and the client did everything it could except refuse. I still do believe that this should be the default ciphers while my original string should be the restricted ciphers that create_default_context() uses. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20995 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20994] Disable TLS Compression
Donald Stufft added the comment: This is a simple patch, it simple disables TLS Compression by default. If a user wants to add it back they can create their own SSLContext and do ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23) ctx.options = ~ssl.OP_NO_COMPRESSION This should be able to apply against 3.2+ although it would only be 3.3+ that ssl.OP_NO_COMPRESSION is available to disable it, although a user could still hard code the constant in themselves. This still leaves 2.7 out in the open here, what I'd like to do is just disable it and if someone really *needs* TLS Compression they can use pyopenssl to get that back. This is a reversal of the current situation where in order to get the safer value you have to use pyopenssl. -- keywords: +patch Added file: http://bugs.python.org/file34531/disable-ssl-compression-default.diff ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20994 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20994] Disable TLS Compression
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com: -- nosy: +Arfrever ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20994 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20995] Use Better Default Ciphers for the SSL Module
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com: -- nosy: +Arfrever ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20995 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20887] stdlib compatibility with pypy, test_zipfile.py
Arfrever Frehtes Taifersar Arahesis added the comment: Garbage collection still closes files, but Python =3.2 might print ResourceWarnings. -- nosy: +Arfrever ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20887 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20996] Backport TLS 1.1 and 1.2 support for ssl_version
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com: -- nosy: +Arfrever ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20996 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue19861] Update What's New for Python 3.4
Zachary Ware added the comment: Thanks for the #3158 addition, David :) We've been a week with no more major changes; is this issue done? -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue19861 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20998] fullmatch isn't matching correctly under re.IGNORECASE
New submission from Nathan West: I have the following regular expression: In [2]: regex = re.compile(ME IS \w+, re.I) For some reason, when using `fullmatch`, it doesn't match substrings longer than 1 for the '\w+': In [3]: regex.fullmatch(ME IS L) Out[3]: _sre.SRE_Match object; span=(0, 7), match='ME IS L' In [4]: regex.fullmatch(me is l) Out[4]: _sre.SRE_Match object; span=(0, 7), match='me is l' In [5]: regex.fullmatch(ME IS Lucretiel) In [6]: regex.fullmatch(me is lucretiel) I have no idea why this is happening. Using `match` works fine: In [7]: regex.match(ME IS L) Out[7]: _sre.SRE_Match object; span=(0, 7), match='ME IS L' In [8]: regex.match(ME IS Lucretiel) Out[8]: _sre.SRE_Match object; span=(0, 15), match='ME IS Lucretiel' In [9]: regex.match(me is lucretiel) Out[9]: _sre.SRE_Match object; span=(0, 15), match='me is lucretiel' Additionally, using `fullmatch` WITHOUT using the `re.I` flag causes it to work: In [10]: regex = re.compile(ME IS \w+) In [11]: regex.fullmatch(ME IS L) Out[11]: _sre.SRE_Match object; span=(0, 7), match='ME IS L' In [12]: regex.fullmatch(ME IS Lucretiel) Out[12]: _sre.SRE_Match object; span=(0, 15), match='ME IS Lucretiel' My platform is Ubuntu 12.04, using Python 3.4 installed from Felix Krull's deadsnakes PPA (https://launchpad.net/~fkrull/+archive/deadsnakes). -- components: Regular Expressions messages: 214257 nosy: Lucretiel, ezio.melotti, mrabarnett priority: normal severity: normal status: open title: fullmatch isn't matching correctly under re.IGNORECASE versions: Python 3.4 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20998 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20994] Disable TLS Compression
Donald Stufft added the comment: Here's the same patch for Python 2.7, it's basically the same thing just at a different location. -- Added file: http://bugs.python.org/file34532/disable-ssl-compression-2.7.diff ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20994 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue20998] fullmatch isn't matching correctly under re.IGNORECASE
Changes by Nathan West lucret...@gmail.com: -- type: - behavior ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue20998 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com