On 3 September 2014 01:19, Antoine Pitrou solip...@pitrou.net wrote:
Keeping saying it doesn't make it magically true.
Sure, but it *is* true, at the very least for HTTP.
RFC 2818 (HTTP over TLS) has the following language in section 3.1:
If the hostname is available, the client MUST check it
Hi all
I am using buildbot now for some time and i would be willing to contribute on
that. I had small work on openstack buildbot slave but had not the proper
infrastructure to get more value out of it. I like that project and automation.
Anyway, if i could be of help let me know (;
Short to
On 3 Sep 2014 18:28, Cory Benfield c...@lukasa.co.uk wrote:
This is definitely true, and this change is both. The only question
that matters is whether we believe we're doing users a service by
breaking their code. I'd argue, along with Glyph, Alex and Donald,
that we are. I've been on the
On Wed, 3 Sep 2014 20:34:32 +1000
Nick Coghlan ncogh...@gmail.com wrote:
The backwards compatibility argument only applies to Python 2 maintenance
releases (where dreid indicated an intention to request backporting the
change), and there I'm quite happy to take the position of use requests,
On Tue, 02 Sep 2014 21:29:16 -0400
R. David Murray rdmur...@bitdance.com wrote:
The top proposal so far is an sslcustomize.py file that could be used to
either decrease or increase the default security. This is a much less
handy solution than application options (eg, curl, wget) that allow
On Wed, 03 Sep 2014 16:31:13 +0200, Antoine Pitrou solip...@pitrou.net wrote:
On Tue, 02 Sep 2014 21:29:16 -0400
R. David Murray rdmur...@bitdance.com wrote:
The top proposal so far is an sslcustomize.py file that could be used to
either decrease or increase the default security. This is
On 09/03/2014 08:58 AM, R. David Murray wrote:
I'm OK with letting go of this invalid-cert issue myself, given the lack
of negative feedback Twisted got. I'll just keep my fingers crossed.
I apologize if I missed this point, but if we have the source code then it is possible to go in and
As mentioned, I don't mind sysadmining a bit, if required. My primary joy
would be helping code python, but can't seem to figure out the ideal place
to start doing so. Therefore, helping out as sysadmin would be a good start.
On Wed, Sep 3, 2014 at 4:58 PM, Cameron Simpson c...@zip.com.au wrote:
Ethan Furman ethan at stoneleaf.us writes:
I apologize if I missed this point, but if we have the source code then it is
possible to go in and directly modify the application/utility to be able to
talk over https to a router with an invalid certificate? This is an option
when creating the
On Sun, Aug 31, 2014 at 3:00 PM, Nick Coghlan ncogh...@gmail.com wrote:
However, we still think we should start providing pip by default to Python
2.7 users as well, at least as part of the Windows and Mac OS X installers.
serious +1 here.
Just last night I was writing up notes for an intro
On 09/03/2014 10:15 AM, Alex Gaynor wrote:
Ethan Furman writes:
I apologize if I missed this point, but if we have the source code then it is
possible to go in and directly modify the application/utility to be able to
talk over https to a router with an invalid certificate? This is an option
[...] But it
does mean a measure of trust in some external entity, or else some
very careful rules (mainly firewall), which not every coder will know
about.
Just curious, is there a way to mount the infrastructure the oder way
around? One sets a system polling for sources changes, if so it
On Wed, Sep 3, 2014 at 8:58 AM, R. David Murray rdmur...@bitdance.com
wrote:
I'm OK with letting go of this invalid-cert issue myself, given the lack
of negative feedback Twisted got. I'll just keep my fingers crossed.
I'm with this sentiment (cautiously +1) -- and not just because of
On Wed, 3 Sep 2014 10:54:55 -0700
Guido van Rossum gu...@python.org wrote:
Let's take the plunge on this issue for the next 2.7 release (3.5 being a
done deal).
I'm entirely against this.
Yes, some people will find that they have an old script
accessing an old service which breaks. Surely
On Sep 3, 2014, at 1:54 PM, Guido van Rossum gu...@python.org wrote:
On Wed, Sep 3, 2014 at 8:58 AM, R. David Murray rdmur...@bitdance.com
mailto:rdmur...@bitdance.com wrote:
I'm OK with letting go of this invalid-cert issue myself, given the lack
of negative feedback Twisted got. I'll
On Wed, 03 Sep 2014 20:37:38 +0200, Antoine Pitrou solip...@pitrou.net wrote:
On Wed, 3 Sep 2014 10:54:55 -0700
Guido van Rossum gu...@python.org wrote:
Today (working at Dropbox, a much smaller company!) I don't
even remember the last time I had to deal with such a browser
complaint --
On 03.09.2014 19:29, Ethan Furman wrote:
Excellent. Last question (I hope): it is possible to (easily) create an
SSLContext that will verify against a self-signed certificate?
Yes:
context = ssl.create_default_context(cafile=/path/to/selfsigned.pem)
That works iff the certificate is
On Wed, 03 Sep 2014 10:09:36 -0700, Ethan Furman et...@stoneleaf.us wrote:
On 09/03/2014 08:58 AM, R. David Murray wrote:
I'm OK with letting go of this invalid-cert issue myself, given the lack
of negative feedback Twisted got. I'll just keep my fingers crossed.
I apologize if I missed
Antoine, I think we are well past the point where arguments can sway
positions. There clearly is no agreement on this issue. So please treat my
post as a BDFL tie-breaker. I will just give you one thing to ponder --
those small/non-profit websites that can't afford proper certs are exactly
the
On 03.09.2014 19:54, Guido van Rossum wrote:
Let's take the plunge on this issue for the next 2.7 release (3.5 being
a done deal). Yes, some people will find that they have an old script
accessing an old service which breaks. Surely some of the other changes
in the same 2.7 bugfix release will
2014-09-03 21:26 GMT+02:00 Christian Heimes christ...@python.org:
On 03.09.2014 19:54, Guido van Rossum wrote:
I'm +1 for Python 3.5 but -1 for Python 2.7.
The SSLContext backport will landed in Python 2.7.9 (to be released). No
Python 2 user is familiar with the feature yet. But more
OK, that changes my position for 2.7 (but not for 3.5). I had assumed there
was a way to disable the cert check by changing one parameter to the
urlopen() call. (And I had wanted to add that there should be a clear FAQ
about the subject.) If this isn't possible that changes the situation. (But
I
On 09/03/2014 12:10 PM, R. David Murray wrote:
On Wed, 03 Sep 2014 10:09:36 -0700, Ethan Furman et...@stoneleaf.us wrote:
On 09/03/2014 08:58 AM, R. David Murray wrote:
I'm OK with letting go of this invalid-cert issue myself, given the lack
of negative feedback Twisted got. I'll just keep
On 03.09.2014 21:37, Victor Stinner wrote:
Thanks, you replied before I asked the question :-) (If
certificates are validated by default, how do you disable the
checks?)
Sorry, I didn't follow the whole discussion and Python 2.7 changes
related to security. Does Python 2.7 support loading
On 03.09.2014 21:37, Guido van Rossum wrote:
OK, that changes my position for 2.7 (but not for 3.5). I had
assumed there was a way to disable the cert check by changing one
parameter to the urlopen() call. (And I had wanted to add that
there should be a clear FAQ about the subject.) If this
In article CAMpsgwabYhXB0OG3UhdX=fucyonajgzpwd-g8stdaukjzpj...@mail.gmail.com,
Victor Stinner victor.stin...@gmail.com wrote:
2014-09-02 23:03 GMT+02:00 Matthew Woodcraft matt...@woodcraft.me.uk:
In any case I think PEP 475 should be explaining what is going to happen
to signal.siginterrupt().
Guido van Rossum guido at python.org writes:
OK, that changes my position for 2.7 (but not for 3.5). I had assumed there
was a way to disable the cert check by changing one parameter to the
urlopen() call. (And I had wanted to add that there should be a clear FAQ
about the subject.) If this
2014-09-03 0:13 GMT+02:00 Victor Stinner victor.stin...@gmail.com:
AMD64 OpenIndiana 3.x: a lot of tests fail with OSError(12, Not
enough space) or MemoryError. It's probably on issue on the host.
x86 OpenIndiana 3.x: MemoryError. TestReadline.test_init() also fails.
I sent an email to Jesus
Guido van Rossum writes:
lot: five years ago (when I worked at Google!) it was common to find
internal services that required SSL but had a misconfigured certificate,
and the only way to access those services was to override the browser
complaints. Today (working at Dropbox, a much
On Wed, Sep 3, 2014, at 13:37, Alex Gaynor wrote:
Guido van Rossum guido at python.org writes:
OK, that changes my position for 2.7 (but not for 3.5). I had assumed there
was a way to disable the cert check by changing one parameter to the
urlopen() call. (And I had wanted to add that
On 4 Sep 2014 04:39, Antoine Pitrou solip...@pitrou.net wrote:
On Wed, 3 Sep 2014 10:54:55 -0700
Guido van Rossum gu...@python.org wrote:
Let's take the plunge on this issue for the next 2.7 release (3.5 being
a
done deal).
I'm entirely against this.
Yes, some people will find that
On 4 Sep 2014 06:39, Alex Gaynor alex.gay...@gmail.com wrote:
Guido van Rossum guido at python.org writes:
OK, that changes my position for 2.7 (but not for 3.5). I had assumed
there
was a way to disable the cert check by changing one parameter to the
urlopen() call. (And I had wanted to
On Thu, 4 Sep 2014 09:19:56 +1000
Nick Coghlan ncogh...@gmail.com wrote:
Python is routinely updated to bugfix releases by Linux distributions
and other distribution channels, you usually have no say over what's
shipped in those updates. This is not like changing the major version
used
On 09/03/2014 04:36 PM, Antoine Pitrou wrote:
On Thu, 4 Sep 2014 09:19:56 +1000
Nick Coghlan ncogh...@gmail.com wrote:
Python is routinely updated to bugfix releases by Linux distributions
and other distribution channels, you usually have no say over what's
shipped in those updates. This is
On 1 September 2014 08:00, Nick Coghlan ncogh...@gmail.com wrote:
Earlier versions of PEP 453 proposed bootstrapping pip into a Python 2.7
maintenance release in addition to including it with Python 3.4.
That part of the proposal proved to be controversial, so we dropped it from
the original
On 09/03/2014 05:00 PM, Ethan Furman wrote:
On 09/03/2014 04:36 PM, Antoine Pitrou wrote:
On Thu, 4 Sep 2014 09:19:56 +1000
Nick Coghlan ncogh...@gmail.com wrote:
Python is routinely updated to bugfix releases by Linux distributions
and other distribution channels, you usually have no say
On Thu, Sep 4, 2014 at 3:32 AM, francis franci...@email.de wrote:
does mean a measure of trust in some external entity, or else some
very careful rules (mainly firewall), which not every coder will know
about.
Just curious, is there a way to mount the infrastructure the oder way
around? One
I wonder if there is any interest in starting to use the opensuse build
servers for continuous build and testing on redhat, fedora suse and (I
think) debian: that will solve once for all the maintenance issues on
those platforms (and provide a reliable build).
Regards,
Antonio
On Wed, Sep 3, 2014, at 17:03, Nick Coghlan wrote:
On 1 September 2014 08:00, Nick Coghlan ncogh...@gmail.com wrote:
Earlier versions of PEP 453 proposed bootstrapping pip into a Python 2.7
maintenance release in addition to including it with Python 3.4.
That part of the proposal proved
On 4 September 2014 10:00, Ethan Furman et...@stoneleaf.us wrote:
On 09/03/2014 04:36 PM, Antoine Pitrou wrote:
On Thu, 4 Sep 2014 09:19:56 +1000
Nick Coghlan ncogh...@gmail.com wrote:
Python is routinely updated to bugfix releases by Linux distributions
and other distribution channels,
On 4 September 2014 11:07, Antonio Cavallo a.cava...@cavallinux.eu wrote:
I wonder if there is any interest in starting to use the opensuse build
servers for continuous build and testing on redhat, fedora suse and (I
think) debian: that will solve once for all the maintenance issues on those
On 4 September 2014 12:21, Benjamin Peterson benja...@python.org wrote:
On Wed, Sep 3, 2014, at 17:03, Nick Coghlan wrote:
On 1 September 2014 08:00, Nick Coghlan ncogh...@gmail.com wrote:
Earlier versions of PEP 453 proposed bootstrapping pip into a Python 2.7
maintenance release in
42 matches
Mail list logo
