david db.pub.m...@gmail.com added the comment:
On 21 November 2010 09:27, Antoine Pitrou rep...@bugs.python.org wrote:
Antoine Pitrou pit...@free.fr added the comment:
Martin,
You misunderstood. I was not proposing that scripts provide a CA
list, but that users might deploy a CA list
david db.pub.m...@gmail.com added the comment:
Back to the main issue here :
So for python3 is it possible to make attempting to use capath(some
common ones OR the openssl location capath if this is ok for use) the
default(with failure to find a valid capath result in an exception
being raised
david db.pub.m...@gmail.com added the comment:
On 21 November 2010 20:50, Martin v. Löwis rep...@bugs.python.org wrote:
Martin v. Löwis mar...@v.loewis.de added the comment:
So for python3 is it possible to make attempting to use capath(some
common ones OR the openssl location capath
david db.pub.m...@gmail.com added the comment:
Fine.
So if not in the ssl module what about for urllib etc.?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10441
david db.pub.m...@gmail.com added the comment:
So please close this bug.
Apparently making things secure by default is to much to ask.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10441
Changes by david db.pub.m...@gmail.com:
--
resolution: - rejected
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10441
New submission from David mapstonsis...@yahoo.com:
Hello,
Python version 2.7.1 x64
Mac OS X 10.6.5 x86_64
Tk/Tcl version 8.5/4
Python will crash when saving/running/checking a module, i tried googling for a
few hours to come up to NOTHING for a solution. Hopefully we can both get this
fixed
david db.pub.m...@gmail.com added the comment:
Thank you @loewis. However, I don't see where set_default_verify_path - is
defined in the patch you have provided.
It would also be nice to do something like this:
import ssl
...
ssl._FORCE_VERIFICATION = True
and even better would
david db.pub.m...@gmail.com added the comment:
and what does it do ?
--
title: some stdlib modules need to be updated to handle SSL certificate
validation - some stdlib modules need to be updated to handle SSL certificate
validation
___
Python
david db.pub.m...@gmail.com added the comment:
Cool yeah. The documentation is good I asked the question because I
wasn't sure if it was in a pending patch elsewhere in the bug tracker
or was accepted. I guess I should have googled for it.
Thank you
david db.pub.m...@gmail.com added the comment:
This may be stupid but...
shouldn't the example be:
lynx http://localhost:8000/../../../../../etc/passwd
... which does _not_ work.
--
nosy: +db
___
Python tracker rep...@bugs.python.org
http
New submission from David w004...@xsmail.com:
I tried to download and install the latest Python tarball (2.7.1) and use
Python 2.6 to execute setup.py.
I got the error No module named sysconfig when running setup.py. sysconfig
was introduced with Python 3.2 (per
http://docs.python.org/dev
New submission from david db.pub.m...@gmail.com:
Please replace the use of pickle in multiprocessing with json.
--
messages: 129742
nosy: db
priority: normal
severity: normal
status: open
title: Please replace the use of pickle in multiprocessing with json
New submission from David toxicd...@gmail.com:
The following code produces a type error, but from what I can tell it does
comply with PEP333. This issue appeared using Python 3.1.1 and 3.1.2 on both
Windows and Ubuntu. I have only tried the 32 bit versions. Works fine in Python
2.6.5.12 but I
New submission from david db.pub.m...@gmail.com:
Python violates most users expectations via the modification differences of
immutable and mutable objects in methods.
def foo(bar):
bar = bar + bar
def listy(bar):
bar = [1]
def dicty(bar):
bar['1'] = '1'
if __name__ == __main__
david db.pub.m...@gmail.com added the comment:
I strongly suggest you reconsider as *most* programmers will not think about it
this way.
No you failed to understand my bug report apparently. I understand the
behaviour. However, you failed to understand the problem.
*PLEASE* read and think
Changes by david db.pub.m...@gmail.com:
--
resolution: wont fix - later
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue9702
___
___
Python-bugs
Changes by david db.pub.m...@gmail.com:
--
status: closed - open
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue9702
___
___
Python-bugs-list
david db.pub.m...@gmail.com added the comment:
def list_again(foo):
foo.append(bar)
def list_again_again(foo):
foo = foo + [1]
if __name__ == __main__:
bar = []
list_again(bar)
print bar
list_again_again(bar)
print bar
Ok so let me
Changes by david db.pub.m...@gmail.com:
--
status: closed - open
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue9702
___
___
Python-bugs-list
david db.pub.m...@gmail.com added the comment:
In c pointers are *explicit*, ditto in c++, in java everything is a pointer.
In asm, well that is asm.
This behaviour in python, makes python code *really* hard to read and *hard* to
understand.
Can you python devs / people stop calling a bug
Changes by david db.pub.m...@gmail.com:
--
status: closed - open
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue9702
___
___
Python-bugs-list
Changes by david db.pub.m...@gmail.com:
--
resolution: invalid - later
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue9702
___
___
Python-bugs-list
david db.pub.m...@gmail.com added the comment:
If you like I can look for this new security bugs in existing python projects
and show you why this is a *very* bad idea.
Please stop this python isolated mentality and autistic behaviour and consider
the possibility of being wrong
david db.pub.m...@gmail.com added the comment:
Excuse me for reporting weird and not expected behaviour on behalf of *most*
coders.
Here https://bugs.edge.launchpad.net/ubuntu/+source/checkbox/+bug/625076
I understand python fine. If I have to find security bugs in *lots* more python
projects
Changes by david db.pub.m...@gmail.com:
--
resolution: invalid - later
status: closed - open
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue9702
Changes by david db.pub.m...@gmail.com:
--
type: - behavior
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue9702
___
___
Python-bugs-list mailing
david db.pub.m...@gmail.com added the comment:
Please stop this python isolated mentality and autistic behaviour and consider
the possibility of being wrong.
... No I didn't, did you read what I said?
Also, repeatedly closing this bug isn't going to make it go away.
You are kidding your self
david db.pub.m...@gmail.com added the comment:
To quote the zen of python:
Readability counts.
Special cases aren't special enough to break the rules.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue9702
david db.pub.m...@gmail.com added the comment:
Just to clarify that last comment.
By exhibiting this behaviour python, introduces the potential for a lot more
errors in code that seems to be correct to most people.
Remember this bug is about the differences in behaviour for 'mutable
david db.pub.m...@gmail.com added the comment:
On 28 August 2010 09:10, Theo Julienne rep...@bugs.python.org wrote:
Theo Julienne theo.julie...@gmail.com added the comment:
def list_again(foo):
foo.append(bar)
def list_again_again(foo):
foo = foo + [1]
The part that can
david db.pub.m...@gmail.com added the comment:
On 28 August 2010 22:34, R. David Murray rep...@bugs.python.org wrote:
R. David Murray rdmur...@bitdance.com added the comment:
This is not an appropriate discussion for the bug tracker. Please take it to
the Python mailing list.
Fair enough
david db.pub.m...@gmail.com added the comment:
On 28 August 2010 22:41, david rep...@bugs.python.org wrote:
david db.pub.m...@gmail.com added the comment:
On 28 August 2010 22:34, R. David Murray rep...@bugs.python.org wrote:
R. David Murray rdmur...@bitdance.com added the comment
New submission from david db.pub.m...@gmail.com:
please add a large NOTE explaining that urllib does not perform any ssl
validation.
--
assignee: d...@python
components: Documentation
messages: 117596
nosy: db, d...@python
priority: normal
severity: normal
status: open
title: please
david db.pub.m...@gmail.com added the comment:
-- (out of the box)
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue9983
___
___
Python-bugs-list
david db.pub.m...@gmail.com added the comment:
This is issue is in respect to https connections :)
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue9983
david db.pub.m...@gmail.com added the comment:
Hi pitrou, that bug you linked to is really long can state a summary of any
changes made to python and their impact - alternatively the lack of (changes)
and their impact.
--
___
Python tracker rep
New submission from david db.pub.m...@gmail.com:
please add a large NOTE explaining that urllib2 does not perform any ssl (for
https connection) validation out of the box.
Also see 9983 for urrlib.
--
messages: 117601
nosy: db
priority: normal
severity: normal
status: open
title
Changes by david db.pub.m...@gmail.com:
--
assignee: - d...@python
components: +Documentation
nosy: +d...@python
versions: +Python 2.7
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue9984
david db.pub.m...@gmail.com added the comment:
thank you :)
--
resolution: fixed -
status: closed - open
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue9983
david db.pub.m...@gmail.com added the comment:
@pitrou you should also put an example of how to ACTUALLY establish a
connection that can't be MITMed. Because lots of people are getting this
wrong
--
___
Python tracker rep...@bugs.python.org
david db.pub.m...@gmail.com added the comment:
Yes totally imho these modules should get fixed to actually do ssl checking.
This means that most users of these methods, even if they think they
are doing it properly as per the ssl module page, are still vulnerable
to attack.
I will add
david db.pub.m...@gmail.com added the comment:
Welcome to 2010.
SSL shouldn't be difficult to use anymore or support in python applications.
But yet, until the changes in http://bugs.python.org/issue9983 was fixed python
devs were using modules without any warning of the security implications
david db.pub.m...@gmail.com added the comment:
imho it would be nice to be 'secure by default' in say the next python stable
releases... (or perhaps only 3.X ? ).
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue1589
david db.pub.m...@gmail.com added the comment:
@loewis yes.. that is assumed imho.
This ticket is closed, is this a real issue?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue9983
New submission from David wizza...@gmail.com:
Hi, I mentioned this on the mailing list over here:
http://mail.python.org/pipermail/python-list/2010-September/1256407.html
I think it's a Python bug, so reposting it here:
-
Hi there, I have a strange situation.
If I do this:
1
david db.pub.m...@gmail.com added the comment:
So I know the current patch doesn't support IP addresses but I thought I would
link to what mozilla considered a security problem(just for future reference):
CVE-2010-3170: http://www.mozilla.org/security/announce/2010/mfsa2010-70.html
Security
New submission from david db.pub.m...@gmail.com:
imaplib should provide a means to validate a remote server ssl certificate(s).
So currently imaplib allows you to do the following:
import imaplib
conn = imaplib.IMAP4_SSL(imap.gmail.com)
#the following should fail
conn = imaplib.IMAP4_SSL
david db.pub.m...@gmail.com added the comment:
On 11 November 2010 23:31, Antoine Pitrou rep...@bugs.python.org wrote:
Antoine Pitrou pit...@free.fr added the comment:
Should we escalate this issue to CVA for Python 2.x?
It's more of a missing feature than a security issue in itself
New submission from david db.pub.m...@gmail.com:
(socket.gethostbyname doesn't return an ipv6 address)
So just to start with I know the documentation says [0] and getaddrinfo()
should be used instead for IPv4/v6 dual stack support.
However, the getaddrinfo() method provides more information
New submission from david db.pub.m...@gmail.com:
Please by default enforce ssl certificate checking in modules that can have
user's which *depend* on the security of the ssl connection.
See https://bugs.launchpad.net/ubuntu/+source/offlineimap/+bug/675120
http://bugs.python.org/issue10274
http
New submission from david db.pub.m...@gmail.com:
Please by default enforce ssl certificate checking in modules that can have
user's which *depend* on the security of the ssl connection.
See https://bugs.launchpad.net/ubuntu/+source/offlineimap/+bug/675120
http://bugs.python.org/issue10274
http
david db.pub.m...@gmail.com added the comment:
Sorry, I don't remember seeing the change-set /commit showing that is now on by
default. (for those modules).
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10441
david db.pub.m...@gmail.com added the comment:
Are you referring to
http://code.python.org/hg/branches/py3k/rev/86f97255bfc8
where there is now
2.29 + .. warning::
2.30 + If neither *cafile* nor *capath* is specified, an HTTPS request
2.31 + will not do any
david db.pub.m...@gmail.com added the comment:
Interesting but you may want to ask the openssl developers about this first.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10441
david db.pub.m...@gmail.com added the comment:
On 19 November 2010 03:18, Martin v. Löwis rep...@bugs.python.org wrote:
Martin v. Löwis mar...@v.loewis.de added the comment:
The best that could be done is to provide a configuration option (e.g.
global variable) that should be treated
david db.pub.m...@gmail.com added the comment:
On 19 November 2010 03:48, Antoine Pitrou rep...@bugs.python.org wrote:
Antoine Pitrou pit...@free.fr added the comment:
This may not be satisfying to users. For example, our Windows
distribution doesn't ship with any certicates (AFAIK); I
david db.pub.m...@gmail.com added the comment:
On 19 November 2010 04:40, Martin v. Löwis rep...@bugs.python.org wrote:
Martin v. Löwis mar...@v.loewis.de added the comment:
This may not be satisfying to users. For example, our Windows
distribution doesn't ship with any certicates (AFAIK
David [EMAIL PROTECTED] added the comment:
I will take this one on. I'll download 3.x this weekend and begin.
What is the best way to proceed? Post each program as it is changed or a
note that no change is required? It can get lengthy if all of the
programs are posted here
David [EMAIL PROTECTED] added the comment:
See if Doug Hellman's module of the week helps any
http://blog.doughellmann.com/2007/07/pymotw-subprocess.html I plan on
asking him if we can include some of his examples in the Python 3000
docs. Subprocess is new enough and gets enough questions
New submission from david da...@plasmatronics.com.au:
http://docs.python.org/tutorial/inputoutput.html#reading-and-writing-
files
Windows makes a distinction between text and binary files;
the end-of-line characters in text files are automatically altered
slightly when data is read or written
david da...@plasmatronics.com.au added the comment:
So, it's wrong, and it's not helpful unless you already know what it
means, but it works for someone who doesn't need the Python tutorial!
I'm gobsmacked.
If the C libraries that Python uses have the concept of Text/Binary,
why not just say
david da...@plasmatronics.com.au added the comment:
If this is like to be non-portable to jPython, I'd like to be told.
However, I can see that the tutorial may be the wrong place to mention
that.
--
___
Python tracker rep...@bugs.python.org
http
New submission from David vencabot_tep...@hotmail.com:
Qualifier: This is the first issue that I've raised, so I apologise before-hand
for any protocol flubs.
str.splitlines()'s implementation jives unexpectedly with str.split().
In this code snippet, a server buffers input until it receives
David vencabot_tep...@hotmail.com added the comment:
I typoed when copying my second snippet.
while request_buffer.splitlines[-1] != or request_buffer == :
It should be:
while request_buffer.splitlines()[-1] != or request_buffer == :
This code has the problem that I'm complaining of. I
David vencabot_tep...@hotmail.com added the comment:
Thank you for the clarification, David. I thought that it might have been a
calculated decision beyond my understanding, and I can rest easy knowing that
this behavior isn't accidental. I was thinking that I might have to do
something like
david db.pub.m...@gmail.com added the comment:
On 1 March 2011 18:01, Alex rep...@bugs.python.org wrote:
Alex alex.gay...@gmail.com added the comment:
Why? JSON is incapable of representing most Python datastructures that can
be pickled (i.e. anything that isn't a list, tuple, dict, int
david db.pub.m...@gmail.com added the comment:
Um this isn't a duplicate this is addressing a different module to
multiprocessing. Currently in subprocess you can almost remove the use of
pickle with little to no side-effects.
--
___
Python tracker
david db.pub.m...@gmail.com added the comment:
Can you please re-open this bug ? (unless you feel otherwise).
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue11359
david db.pub.m...@gmail.com added the comment:
I don't have 3.3 installed so I cannot test it, but here is a patch for 2.6. I
am sure it breaks stuff - are there tests for the subprocess module that would
cover the cases that pickle was used for?
--- subprocess.py.orig 2011-03-02 00:47
david db.pub.m...@gmail.com added the comment:
From my reading of the code it may be possible if I execute a command via
Popen that the child had output that went to stderror, because stderror is
associated with the fd of errpipe_write, and it was not to be 'trusted' (lets
say I ran
david db.pub.m...@gmail.com added the comment:
Actually I don't think that is possible mmm.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue11359
david db.pub.m...@gmail.com added the comment:
As the child will have already have exec'ed there will be no exception raised
-- so the parent shouldn't pickle.load from stderror... So unless there is a
path where the parent will end up pickle.load ing the exception that case I put
before
david db.pub.m...@gmail.com added the comment:
Um ok.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue11358
___
___
Python-bugs-list mailing list
david db.pub.m...@gmail.com added the comment:
Fair enough.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue11358
___
___
Python-bugs-list
david db.pub.m...@gmail.com added the comment:
I have also hit this bug. It is slightly interesting that urllib is able to
connect to hosts that trigger a segfault under urllib2 without an issue...
--
nosy: +db
___
Python tracker rep
New submission from david db.pub.m...@gmail.com:
(This is similar to http://bugs.python.org/issue10274)
The smtplib module should provide a means to validate a remote server ssl
certificate(s).
It would be 'nice' if smtplib.SMTP_SSL smtplib.starttls took in arguments to
validate the remote
Changes by david db.pub.m...@gmail.com:
--
nosy: +db
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue8809
___
___
Python-bugs-list mailing list
david db.pub.m...@gmail.com added the comment:
It should also explain how the context can be used.
An example of how to use it to establish a 'secured' connection would be a nice
to have.
--
___
Python tracker rep...@bugs.python.org
http
New submission from david db.pub.m...@gmail.com:
The _PyString_Resize function in stringobject.c[0] takes in a PyObject ** and a
Py_ssize_t newsize. Where Py_ssize_t is often a typedef for ssize_t(a signed
version of size_t). As such the newsize parameter could be negative.
The code checks
Changes by david db.pub.m...@gmail.com:
--
components: +None
versions: +Python 2.7
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13334
Changes by david db.pub.m...@gmail.com:
--
title: Erroneous Size check in - Erroneous Size check in _PyString_Resize
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13334
david db.pub.m...@gmail.com added the comment:
Yes my bad :-) I got my C test case wrong.
--
status: pending - open
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13334
Changes by david db.pub.m...@gmail.com:
--
nosy: +db
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue11357
___
___
Python-bugs-list mailing list
New submission from David vencabot_tep...@hotmail.com:
The __str__() method of the KeyError class seems to put quotes around the
argument given to the class. This was causing bizarre, escaped quotation marks
to appear in my code (where the result of str(e) is often passed as the
argument
David vencabot_tep...@hotmail.com added the comment:
Thanks, Julian. I'm closing this and marking it as a duplicate of #2651.
--
resolution: - duplicate
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org
David vencabot_tep...@hotmail.com added the comment:
I'm +1 for fixing this behavior for the same reasons that are mentioned in the
OP: consistency and predictability. I raised this issue as #14086, and I was
referred to this issue before closing mine as a duplicate.
It took me a while
New submission from David:
Python crashes while executing the following code using the new regex module.
Have I made a mistake?
import regex as re
rx = re.compile(r'\bt(est){i2}', flags=re.V1)
print Prints here
rx.findall(Some text) # Python crashes
print Fails to print
I get the same results
David added the comment:
Hi, I've the same problem.
I've already tested (from source, Python-3.4.1.tgz) under OpenSUSE 12.3 and
Debian 7.5 with the same issue. I've compiled it in standard way (./configure;
make; make install) although the output (error) is the same, after import
sqlite3
David added the comment:
You're absolute right that file is not in path.
However, in my view this a bug, due to the fact libsqlite3-dev package must be
installed before Python3.4.1 is compiled (or install it and recompile python)
because there is no errors, no warnings... nothing.
In any
New submission from David:
Hi there.
3.5.1 final didn't have this problem, 3.5.2 final does have this problem.
I'm compiling Python 3.5.2 under Debian, and get this warning during the
./configure step:
---
configure: WARNING: linux/random.h: present but cannot be compiled
David added the comment:
Forgot to mention - this is for Debian 4. A really old legacy system we're
running, but where we like to use new versions of Python.
--
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/i
David added the comment:
Thanks.
What is the last official version of Python which does support GCC versions
< 4.3 ?
On Fri, Sep 16, 2016 at 7:20 AM, Benjamin Peterson <rep...@bugs.python.org>
wrote:
>
> Benjamin Peterson added the comment:
>
> We don't support GCC v
New submission from David:
Hi there.
On Debian 4, while running 'make' against a downloaded and extracted
Python-3.6.0b1.tar.xz, I get this error:
gcc -pthread -c -fno-strict-aliasing -Wsign-compare -DNDEBUG -g -fwrapv -O3
-Wall -Wstrict-prototypes-std=c99 -Wextra
David added the comment:
Thanks for the help Steve, however I cannot find the Python Launcher app
anywhere on my computer. Even after repairing/reinstalling. Where might I find
this file? What is it called exactly? Much appreciated.
--
___
Python
David added the comment:
I'm going to tackle the questions one-by-one:
I would like these ".py" files to be IDLE files in the sense that they have the
IDLE icon and they open up directly into an idle file with a shell in the
background. For context: on my other Windows 10 machine,
David added the comment:
So I tried changing it to py.exe, and it doesn't load the IDLE: instead, it
opens up the run command for the program in command prompt. That's not what I
want it to do. Also, there still is no Edit With IDLE option. And I tried doing
the ProgID stuff, but none
David added the comment:
Also, I created a reg file with the commands in a txt file and when I merged
it, it was able to show the "Edit with IDLE" but it would do nothing. IDLE
isn't there. Very perplexing.
--
___
Python tr
David added the comment:
Yes, I have IDLE installed, and Launcher is installed as well. I can open up
IDLE from the shortcut, however I am not able to access it within "Open With"
or "Default Programs" or "Change" (within Properties). I _can_ open up the file
David added the comment:
Thank you for your help. Attached is the py_config.txt that your .bat file gave
me.
--
Added file: http://bugs.python.org/file45991/py_config.txt
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/i
1 - 100 of 12771 matches
Mail list logo