[issue13645] import machinery vulnerable to timestamp collisions

2020-04-24 Thread Ammar Askar
Change by Ammar Askar : -- pull_requests: -19023 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue13645] import machinery vulnerable to timestamp collisions

2020-04-24 Thread Ammar Askar
Change by Ammar Askar : -- nosy: +ammar2 nosy_count: 8.0 -> 9.0 pull_requests: +19023 pull_request: https://github.com/python/cpython/pull/19651 ___ Python tracker ___

[issue13645] import machinery vulnerable to timestamp collisions

2012-01-13 Thread Antoine Pitrou
Antoine Pitrou pit...@free.fr added the comment: One is possibly deprecating path_mtime() so people don't waste time implementing it (we actually never need to remove it thanks to the ABC; otherwise we need to make sure the docs strongly state to only bother with path_stats()). Ok, I saw I

[issue13645] import machinery vulnerable to timestamp collisions

2012-01-13 Thread Roundup Robot
Roundup Robot devn...@psf.upfronthosting.co.za added the comment: New changeset 87331661042b by Antoine Pitrou in branch 'default': Issue #13645: pyc files now contain the size of the corresponding source http://hg.python.org/cpython/rev/87331661042b --

[issue13645] import machinery vulnerable to timestamp collisions

2012-01-13 Thread Antoine Pitrou
Antoine Pitrou pit...@free.fr added the comment: Now pushed in. Thanks for the reviews! -- resolution: - fixed stage: patch review - committed/rejected status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13645

[issue13645] import machinery vulnerable to timestamp collisions

2012-01-12 Thread Brett Cannon
Brett Cannon br...@python.org added the comment: LGTM (although I didn't run the unit tests and focused mainly on the importlib._bootstrap and abc changes). Only two things I would change. One is possibly deprecating path_mtime() so people don't waste time implementing it (we actually never

[issue13645] import machinery vulnerable to timestamp collisions

2012-01-11 Thread Antoine Pitrou
Antoine Pitrou pit...@free.fr added the comment: Then a method that returns some object representing all of the needed info on the source file is needed, but that does NOT blindly return the stat info Then it's simpler for the object to be a dict, and backwards compatibility is

[issue13645] import machinery vulnerable to timestamp collisions

2012-01-10 Thread Brett Cannon
Brett Cannon br...@python.org added the comment: On Mon, Jan 9, 2012 at 18:05, Antoine Pitrou rep...@bugs.python.org wrote: Antoine Pitrou pit...@free.fr added the comment: I'm not suggesting two stat calls (in the general case); you would call one or the other depending on the magic

[issue13645] import machinery vulnerable to timestamp collisions

2012-01-09 Thread Brett Cannon
Brett Cannon br...@python.org added the comment: I'm not suggesting two stat calls (in the general case); you would call one or the other depending on the magic number of the pyc file. Anyway, it would probably be best to have some method that is expected to return a specific object which

[issue13645] import machinery vulnerable to timestamp collisions

2012-01-09 Thread Antoine Pitrou
Antoine Pitrou pit...@free.fr added the comment: I'm not suggesting two stat calls (in the general case); you would call one or the other depending on the magic number of the pyc file. The proposal is to store both mtime and size, actually, to make false positives less likely. --

[issue13645] import machinery vulnerable to timestamp collisions

2012-01-01 Thread Antoine Pitrou
Antoine Pitrou pit...@free.fr added the comment: You could add the requisite path_size() method to get the value, and assume 0 means unsupported I thought: - calling two methods means two stat calls per file, this could be slightly inefficient - if future extensions of the import mechanism

[issue13645] import machinery vulnerable to timestamp collisions

2012-01-01 Thread Charles-François Natali
Charles-François Natali neolo...@free.fr added the comment: The patch looks good to me. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13645 ___

[issue13645] import machinery vulnerable to timestamp collisions

2011-12-30 Thread Brett Cannon
Brett Cannon br...@python.org added the comment: Why change importlib's API and instead add to it? You could add the requisite path_size() method to get the value, and assume 0 means unsupported (at least until some future version where a deprecation warning about not requiring file size

[issue13645] import machinery vulnerable to timestamp collisions

2011-12-29 Thread Antoine Pitrou
Antoine Pitrou pit...@free.fr added the comment: Here is a patch adding the source code size to the pyc header. The number of places where details of the pyc file format are hard coded is surprisingly high... Unfortunately, I had to modify importlib's public API (path_mtime - path_stats). I

[issue13645] import machinery vulnerable to timestamp collisions

2011-12-29 Thread Arfrever Frehtes Taifersar Arahesis
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com: -- nosy: +Arfrever ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13645 ___