On 4 April 2015 at 11:14, Steve Dower wrote:
> The thing is, that's exactly the same goodness as Authenticode gives, except
> everyone gets that for free and meanwhile you're the only one who has
> admitted to using GPG on Windows :)
>
> Basically, what I want to hear is that GPG sigs provide sign
On Sat, Apr 4, 2015 at 6:07 PM, Steve Dower wrote:
> There's no problem, per se, but initially it was less trouble to use the
> trusted PSF certificate and native support than to add an extra step using a
> program I don't already use and trust, am restricted in use by my employer
> (because of th
On 5 April 2015 at 10:40, Greg Ewing wrote:
> Eric Snow wrote:
>>
>> I've felt for a long time that it would be helpful in some situations
>> to have a reverse descriptor protocol.
>
>
> Can you elaborate on what you mean by that?
My guess from the name and the context: having a way to notify
des
On 4 April 2015 at 06:36, PJ Eby wrote:
> On Fri, Apr 3, 2015 at 4:21 AM, Nick Coghlan wrote:
>> No, you can't do it currently without risking a backwards
>> incompatibility through the introduction of a custom metaclass.
>
> Right... which is precisely why I'm suggesting the `noconflict()`
> m
There's no problem, per se, but initially it was less trouble to use the
trusted PSF certificate and native support than to add an extra step using a
program I don't already use and trust, am restricted in use by my employer
(because of the license and the fact there are alternatives), and devel
Eric Snow wrote:
I've felt for a long time that it would be helpful in some situations
to have a reverse descriptor protocol.
Can you elaborate on what you mean by that?
--
Greg
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.or
On Fri, Apr 3, 2015 at 6:44 AM, Martin Teichmann
wrote:
>> When I first wrote PEP 422 I was of the view that "Python 2 allows
>> class definition postprocessing injection, we should allow it in
>> Python 3 as well". I've since changed my view to "Having to declare
>> post-processing of a class def
On Sat, Apr 4, 2015, at 03:54 PM, M.-A. Lemburg wrote:
> On 04.04.2015 21:49, Kurt B. Kaiser wrote:
> >
> >
> > On Sat, Apr 4, 2015, at 03:35 PM, M.-A. Lemburg wrote:
> >> On 04.04.2015 21:02, Kurt B. Kaiser wrote:
> >>> For the record, that is a Symantec/Verisign code signing
> >>> certificate
On 04.04.2015 21:49, Kurt B. Kaiser wrote:
>
>
> On Sat, Apr 4, 2015, at 03:35 PM, M.-A. Lemburg wrote:
>> On 04.04.2015 21:02, Kurt B. Kaiser wrote:
>>> For the record, that is a Symantec/Verisign code signing
>>> certificate. We paid $1123 for it last April. It expires
>>> April 2017.
>>>
>>>
On Sat, Apr 4, 2015, at 03:35 PM, M.-A. Lemburg wrote:
> On 04.04.2015 21:02, Kurt B. Kaiser wrote:
> > For the record, that is a Symantec/Verisign code signing
> > certificate. We paid $1123 for it last April. It expires
> > April 2017.
> >
> > If you don't switch to a different vendor, e.g. st
On 04.04.2015 21:02, Kurt B. Kaiser wrote:
> For the record, that is a Symantec/Verisign code signing certificate. We
> paid $1123 for it last April. It expires April 2017.
>
> If you don't switch to a different vendor, e.g. startssl, please contact
> me for renewal in 2017.
FWIW: The PSF mostly
For the record, that is a Symantec/Verisign code signing certificate. We
paid $1123 for it last April. It expires April 2017.
If you don't switch to a different vendor, e.g. startssl, please contact
me for renewal in 2017.
KBK
On Sat, Apr 4, 2015, at 10:35 AM, Steve Dower wrote:
> Small clarifi
Small clarification: there certificates *are* the same format as for SSL, and
OpenSSL it's able to validate them in the same way as well as generate them
(but not extract embedded ones, AFAICT). But generally SSL certificates are not
marked as suitable for code signing so you need to buy a separ
On 04.04.2015 16:41, Steve Dower wrote:
> "Relying only on Authenticode for Windows installers would result in a break
> in technology w/r to the downloads we make available for Python, since all
> other files are (usually) GPG signed"
>
> This is the point of this discussion. I'm willing to mak
Thanks for fixing it!
On Sat, Apr 4, 2015, 10:53 Benjamin Peterson wrote:
>
>
> On Sat, Apr 4, 2015, at 10:33, Brett Cannon wrote:
> > Anyone know what is causing the deque leakage?
>
> https://hg.python.org/cpython/rev/3409f4d945e8
> ___
> Python-Dev
On Apr 04, 2015, at 02:41 PM, Steve Dower wrote:
>"Relying only on Authenticode for Windows installers would result in a break
>in technology w/r to the downloads we make available for Python, since all
>other files are (usually) GPG signed"
It's the "only" part I have a question about.
Does the
Le samedi 4 avril 2015, Ludovic Gasc a écrit :
>
> From a user's point of view, it should count for the total time, IMO.
>> If people want a timeout for each syscall, they should call send()
>> iteratively.
>
>
> I'm agree with Antoine for a global timeout.
>
Ok, I also agree. I will modify send
"Relying only on Authenticode for Windows installers would result in a break in
technology w/r to the downloads we make available for Python, since all other
files are (usually) GPG signed"
This is the point of this discussion. I'm willing to make such a break because
I believe Authenticode is
On Sat, Apr 4, 2015, at 10:33, Brett Cannon wrote:
> Anyone know what is causing the deque leakage?
https://hg.python.org/cpython/rev/3409f4d945e8
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Uns
Anyone know what is causing the deque leakage?
On Sat, Apr 4, 2015, 04:48 wrote:
> results for e10ad4d4d490 on branch "default"
>
>
> test_collections leaked [0, -4, 0] references, sum=-4
> test_collections leaked [0, -2, 0] memory blocks, sum=-2
> t
"Authenticode does not have a PKI"
If you got that from this discussion, I need everyone to at least skim read
this: https://msdn.microsoft.com/en-us/library/ie/ms537361(v=vs.85).aspx
Authenticode uses the same certificate infrastructure as SSL (note: not the
same certificates). As I see it, a
On Sat, Apr 4, 2015 at 1:27 PM, Antoine Pitrou wrote:
> On Fri, 3 Apr 2015 13:56:44 +0200
> Victor Stinner wrote:
> >
> > The problem is that the socket.sendall() method may require multiple
> > syscalls. In this case, does the timeout count for the total time or
> > only for a single syscall? A
So, AFAIU from this discussion:
* Authenticode does not have a PKI
* GPG does have PKI
* ASC signatures are signed checksums
As far as downstream packaging on Windows (people who should/could be
subscribed to release ANNs):
For Choclatey NuGet:
* https://chocolatey.org/packages/python
* https:/
On Fri, 3 Apr 2015 13:56:44 +0200
Victor Stinner wrote:
>
> The problem is that the socket.sendall() method may require multiple
> syscalls. In this case, does the timeout count for the total time or
> only for a single syscall? Asked differently: should we reset the
> timeout each time a syscall
On 04.04.2015 02:49, Donald Stufft wrote:
>
>> On Apr 3, 2015, at 6:38 PM, M.-A. Lemburg wrote:
>>
>> On 04.04.2015 00:14, Steve Dower wrote:
>>> The thing is, that's exactly the same goodness as Authenticode gives,
>>> except everyone gets that for free and meanwhile you're the only one who
>>
25 matches
Mail list logo
