Re: [Python-Dev] PEP 469: Restoring the iterkeys/values/items() methods

2014-04-19 Thread Donald Stufft
going to be 3.5+ anyways. It seems like trying to fit as many of these compatibility things as Python is willing to do into 3.5 is the best possible solution since it’s likely that for a lot of these hanger-ons 3.5 is likely to be a minimum target anyways. --------- Donald Stufft PGP: 0x

Re: [Python-Dev] Software integrators vs end users (was Re: Language Summit notes)

2014-04-18 Thread Donald Stufft
On Apr 18, 2014, at 6:37 PM, Nick Coghlan wrote: > On 18 April 2014 18:28, Donald Stufft wrote: >> >> On Apr 18, 2014, at 6:24 PM, Nick Coghlan wrote: >> >>> On 18 April 2014 18:17, Paul Moore wrote: >>>> On 18 April 2014 22:57, Donald Stufft w

Re: [Python-Dev] Software integrators vs end users (was Re: Language Summit notes)

2014-04-18 Thread Donald Stufft
On Apr 18, 2014, at 6:24 PM, Nick Coghlan wrote: > On 18 April 2014 18:17, Paul Moore wrote: >> On 18 April 2014 22:57, Donald Stufft wrote: >>> Maybe Nick meant ``pip install ipython[all]`` but I don’t actually know >>> what that >>> includes. I’ve never

Re: [Python-Dev] Software integrators vs end users (was Re: Language Summit notes)

2014-04-18 Thread Donald Stufft
). And the 1.x > versions were just as simple. > > Paul Maybe Nick meant ``pip install ipython[all]`` but I don’t actually know what that includes. I’ve never used ipython except for the console. - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E

Re: [Python-Dev] Software integrators vs end users (was Re: Language Summit notes)

2014-04-18 Thread Donald Stufft
On Apr 18, 2014, at 5:08 PM, Nick Coghlan wrote: > On 18 April 2014 16:50, Donald Stufft wrote: >> So I’m not really worried about a competition or anything. I’m mostly worried >> about confusion of users. What you’re suggestion we give to use is *two* ways >> to install P

Re: [Python-Dev] Software integrators vs end users (was Re: Language Summit notes)

2014-04-18 Thread Donald Stufft
On Apr 18, 2014, at 4:50 PM, Donald Stufft wrote: > So I’m not really worried about a competition or anything. I’m mostly worried > about confusion of users. What you’re suggestion we give to use is *two* ways > to install Python packages (and 2 or 3 ways to virtualize a Python

Re: [Python-Dev] Software integrators vs end users (was Re: Language Summit notes)

2014-04-18 Thread Donald Stufft
On Apr 18, 2014, at 4:22 PM, Nick Coghlan wrote: > On 18 April 2014 15:39, Donald Stufft wrote: >> >> On Apr 18, 2014, at 3:18 PM, Nick Coghlan wrote: >> >>> At this point, however, I'm mainly looking for consensus that there >>> *are* two diffe

Re: [Python-Dev] Software integrators vs end users (was Re: Language Summit notes)

2014-04-18 Thread Donald Stufft
lop something to make it easier like a build farm). - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail ___ Python-Dev ma

Re: [Python-Dev] Language Summit notes

2014-04-18 Thread Donald Stufft
_ > Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/donald%40stufft.io Fastly logs are stored in Dreamhost so we could make those num

Re: [Python-Dev] this is what happens if you freeze all the modules required for startup

2014-04-17 Thread Donald Stufft
s not all startup related, often comes as an additional slap in the face. :-( > > Best regards, >Jurko Gospodnetić > > ___ > Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/pyt

Re: [Python-Dev] Language Summit notes

2014-04-16 Thread Donald Stufft
on.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/donald%40stufft.io Possibly Glyph meant installing a Python *stack*, which likely includes setuptools and pip in order to actually get other things installable. Possibly also a compiler set

Re: [Python-Dev] Python "2migr8"

2014-04-14 Thread Donald Stufft
On Apr 14, 2014, at 4:39 PM, Guido van Rossum wrote: > On Mon, Apr 14, 2014 at 4:02 PM, Donald Stufft wrote: > > On Apr 14, 2014, at 3:53 PM, Terry Reedy wrote: > > > On 4/14/2014 11:32 AM, Steve Dower wrote: > [...] > >> However unfair > >> and incorr

Re: [Python-Dev] Python "2migr8"

2014-04-14 Thread Donald Stufft
ying a core developer full time, but >> it's the starting point that some companies will need to be able to >> become comfortable with employing a core dev. > > Let's hope some act on your invitation. > > -- > Terry Jan Reedy > > __

Re: [Python-Dev] Language Summit notes

2014-04-09 Thread Donald Stufft
On Apr 9, 2014, at 10:30 PM, Senthil Kumaran wrote: > Mentioned about https://pypi-preview.a.ssl.fastly.net/ For what it’s worth, https://warehouse.python.org/ is a somewhat easier to remember demo url for that :] ----- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5

Re: [Python-Dev] Jython site now seems to redirect to docs.python.org???

2014-03-28 Thread Donald Stufft
on.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/donald%40stufft.io Probably infrastructure-st...@python.org - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372

Re: [Python-Dev] On the necessity of PEPs [was "collections.sortedtree"]

2014-03-26 Thread Donald Stufft
> Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/donald%40stufft.io Is that what it’s called? “character” >:] - Donald Stufft P

Re: [Python-Dev] PEP 466 (round 5): selected network security enhancements for Python 2.7

2014-03-26 Thread Donald Stufft
ormational > Content-Type: text/x-rst > Created: 23-Mar-2014 > Post-History: 23-Mar-2014, 24-Mar-2014, 25-Mar-2014, 26-Mar-2014 > > This looks reasonable to me still and still solves the major problems that trying to securely use the 2.7 series has. +1 From me. --

Re: [Python-Dev] PEP 466 (round 5): selected network security enhancements for Python 2.7

2014-03-26 Thread Donald Stufft
n, > and has thus been replaced by the current more explicit proposal. > > > Open Questions > == > > * MvL has indicated he is not prepared to tackle the task of trying to > integrate a newer OpenSSL into the also aging Python 2.7 build > infrastructu

Re: [Python-Dev] PEP 466 (round 4): Python 2.7 network security enhancements

2014-03-25 Thread Donald Stufft
> > Unsubscribe: > > https://mail.python.org/mailman/options/python-dev/ncoghlan%40gmail.com > ___ > Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.or

Re: [Python-Dev] PEP 466 (round 4): Python 2.7 network security enhancements

2014-03-25 Thread Donald Stufft
On Mar 25, 2014, at 1:16 PM, Guido van Rossum wrote: > On Tue, Mar 25, 2014 at 9:46 AM, Donald Stufft wrote: > > On Mar 25, 2014, at 12:35 PM, Guido van Rossum wrote: > [...] >> >> I do note that the PEP seems to have some weasel-words about breaking >> back

Re: [Python-Dev] PEP 466 (round 4): Python 2.7 network security enhancements

2014-03-25 Thread Donald Stufft
he sense that APIs can’t change their default behavior and such. In other words we can’t suddenly flip on hostname checking or anything like that. > > -- > --Guido van Rossum (python.org/~guido) > ___ > Python-Dev mailing list > Pyth

Re: [Python-Dev] PEP 466 (round 2): Network security enhancements for Python 2.7

2014-03-24 Thread Donald Stufft
ent of influential members who still want to treat Python as a hobbyist project and not a critical piece of the infrastructure of the Internet as a whole. I *don't* want to get help from downstream users, especially on important but "boring" or hard issues such as security, and then have

Re: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements

2014-03-23 Thread Donald Stufft
ython.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/donald%40stufft.io - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Descrip

Re: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements

2014-03-23 Thread Donald Stufft
/mailman/options/python-dev/donald%40stufft.io I agree, the bulk of the alternative suggestions feel more like trying to adhere to a policy for policy’s sake rather than actually figure out what is best for the users. Adding new APIs to 2.7 feels to me like a pretty backwards compat

Re: [Python-Dev] On porting to Python 3 as the answer

2014-03-23 Thread Donald Stufft
stinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/donald%40stufft.io - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail ___

Re: [Python-Dev] OP_NO_COMPRESSION

2014-03-23 Thread Donald Stufft
On Mar 23, 2014, at 11:55 AM, Mark Lawrence wrote: > On 23/03/2014 15:46, Antoine Pitrou wrote: >> On Sun, 23 Mar 2014 11:37:25 -0400 >> Donald Stufft wrote: >>> >>> I already did open an issue and write a patch :) >>> >>> There’s someone on

Re: [Python-Dev] PEP 466 (round 2): Network security enhancements for Python 2.7

2014-03-23 Thread Donald Stufft
-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/donald%40stufft.io - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message si

Re: [Python-Dev] OP_NO_COMPRESSION

2014-03-23 Thread Donald Stufft
On Mar 23, 2014, at 11:46 AM, Antoine Pitrou wrote: > On Sun, 23 Mar 2014 11:37:25 -0400 > Donald Stufft wrote: >> >> I already did open an issue and write a patch :) >> >> There’s someone on that issue saying that flipping that without a way to >&g

Re: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements

2014-03-23 Thread Donald Stufft
thon.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/donald%40stufft.io I already did open an issue and write a patch :) There’s someone on that issue saying that flipping that without a way to flip it back would brea

Re: [Python-Dev] PEP 466 (round 2): Network security enhancements for Python 2.7

2014-03-23 Thread Donald Stufft
ed OpenSSL module? > > * Are there any other security relevant modules that should be covered > by either a blanket or conditional exemption? > > > Disclosure of Interest > == > > The author of this PEP cu

Re: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements

2014-03-22 Thread Donald Stufft
mail.com | Brisbane, Australia > ___ > Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/brett%40python.org

Re: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements

2014-03-22 Thread Donald Stufft
if it requires any work at all. Going from 2.7 to 3.4 is often times a significant investment in resources that has to be taken by *every* network using project. - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Descript

Re: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements

2014-03-22 Thread Donald Stufft
ib. CPython isn’t our only target and C dependencies don’t work very well on PyPy (if at all) and it makes the situation much more difficult on platforms where there are no compiler toolchains (Windows). - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A92

Re: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements

2014-03-22 Thread Donald Stufft
They detect for ssl to have the SSLContext and use it if it's available. > On Mar 22, 2014, at 7:54 PM, Paul Moore wrote: > >> On 22 March 2014 23:49, Donald Stufft wrote: >> In the case of requests they already have an optional dependency on >> pyopenssl. It&#x

Re: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements

2014-03-22 Thread Donald Stufft
Also important to remember that pip itself uses the OpenSSL binding in the ssl module so there is a chicken and egg problem. > On Mar 22, 2014, at 7:49 PM, Donald Stufft wrote: > > In the case of requests they already have an optional dependency on > pyopenssl. It's just m

Re: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements

2014-03-22 Thread Donald Stufft
In the case of requests they already have an optional dependency on pyopenssl. It's just many people either don't know they should use it, are unable to use it, or unwilling to use the python packaging tool chain because of its current flaws. > On Mar 22, 2014, at 7:42 PM, Ben Darnell wrote:

Re: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements

2014-03-22 Thread Donald Stufft
those situations affect more people than just the developers and users of >> the affected application: their existence becomes something that developers >> of secure networked services need to take into account as part of their >> security design. By making it more feasible to enh

Re: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements

2014-03-22 Thread Donald Stufft
"Just use Python 3.4" ignores the reality of production software. I wish it were that simple because I love 3.4 > On Mar 22, 2014, at 6:16 PM, "Martin v. Löwis" wrote: > > Am 22.03.14 22:17, schrieb Cory Benfield: >> I am 100%, overwhelmingly in favour of this. Without this PEP, Python 2.7 >> i

Re: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements

2014-03-22 Thread Donald Stufft
I think the pep doesn't mandate that someone does. It still requires someone to care enough to actually write the patch. It just allows such a patch to be merged. > On Mar 22, 2014, at 5:32 PM, Benjamin Peterson wrote: > > Does anyone really want to backport features to Python 3.1? __

Re: [Python-Dev] Confirming status of new modules in 3.4

2014-03-14 Thread Donald Stufft
___ > Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/donald%40stufft.io - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B

Re: [Python-Dev] PEP URLs

2014-03-13 Thread Donald Stufft
ail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/donald%40stufft.io AFAIK the www.python.org PEP stuff just isn’t done yet, and the legacy redirect is a temporary stopgap. - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7

Re: [Python-Dev] Python 4: don't remove anything, don't break backward compatibility

2014-03-10 Thread Donald Stufft
some extra cleaning at the 4.0 >> boundary, just for mental convenience.) >> > What does "irregardless" mean? http://www.merriam-webster.com/dictionary/irregardless > ___ > Python-Dev mailing l

Re: [Python-Dev] Python Remote Code Execution in socket.recvfrom_into()

2014-02-25 Thread Donald Stufft
ough. I *do* believe that calling it fixed is misleading to people who will assume it means they no longer have to worry about a trivial DoS via hash collisions when they still do need to, just slightly different than before. In the end, it’s good that it was fixed in 3.4, I wish it had been back

Re: [Python-Dev] Python Remote Code Execution in socket.recvfrom_into()

2014-02-25 Thread Donald Stufft
On Feb 25, 2014, at 8:17 AM, Antoine Pitrou wrote: > On Tue, 25 Feb 2014 08:08:09 -0500 > Donald Stufft wrote: >> >> Hash randomization is broken and doesn’t fix anything. > > Not sure what you mean with "doesn't fix anything". Hash collisions were &

Re: [Python-Dev] Python Remote Code Execution in socket.recvfrom_into()

2014-02-25 Thread Donald Stufft
Unsubscribe: > https://mail.python.org/mailman/options/python-dev/donald%40stufft.io More information available here: http://legacy.python.org/dev/peps/pep-0456/ - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Desc

Re: [Python-Dev] Python Remote Code Execution in socket.recvfrom_into()

2014-02-25 Thread Donald Stufft
ail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/donald%40stufft.io Hash randomization is broken and doesn’t fix anything. It’s only SipHash in 3.4+ that actually fixes it. - Donald Stufft PGP: 0x6E3CBCE93372DC

Re: [Python-Dev] Python Remote Code Execution in socket.recvfrom_into()

2014-02-25 Thread Donald Stufft
/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/donald%40stufft.io It is in 3.4. - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail __

Re: [Python-Dev] Possible major bug with zipimport on Windows in Python 3.3.4

2014-02-13 Thread Donald Stufft
> https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/donald%40stufft.io Does it affect 3.4? - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signa

Re: [Python-Dev] Is the PIP requirement too strict?

2014-02-11 Thread Donald Stufft
man/options/python-dev/donald%40stufft.io So right now pip doesn’t work without TLS, we’re working on that and our 1.6 release should have that. I *thought* that Nick (I think?) had made it so that you just didn’t get pip if you didn’t have TLS enabled, but apparently not. You can suppress

Re: [Python-Dev] Enable Hostname and Certificate Chain Validation

2014-01-23 Thread Donald Stufft
On Jan 23, 2014, at 10:09 PM, Donald Stufft wrote: > > On Jan 23, 2014, at 10:06 PM, Stephen J. Turnbull wrote: > >> Wes Turner writes: >>>> But if it's only the already security-conscious developers and >>>> managers who go WTF?, and other env

Re: [Python-Dev] Enable Hostname and Certificate Chain Validation

2014-01-23 Thread Donald Stufft
urity of the network > remains broken yet there aren't warnings out to avoid these platforms. > (BTW, my employer prides itself on being Matz's alma mater ... they > actually might do something if Ruby was breaking things!) Ruby has verified the peer by default since Ruby

Re: [Python-Dev] Enable Hostname and Certificate Chain Validation

2014-01-22 Thread Donald Stufft
Never mind. If someone else cares they can propose it. I withdraw. > On Jan 22, 2014, at 4:29 PM, Brett Cannon wrote: > > > > >> On Wed, Jan 22, 2014 at 3:56 PM, Benjamin Peterson >> wrote: >> >> >> On Wed, Jan 22, 2014, at 12:25 PM, Nick Coghlan wrote: >> > On 23 Jan 2014 00:39, "Benjam

Re: [Python-Dev] Enable Hostname and Certificate Chain Validation

2014-01-22 Thread Donald Stufft
gt; applications I write, but I can careless until it breaks. So as we moving >> forward, we can break it. For those stuck behind, deprecation is the right >> approach. > > They're disabled by default, so a lot of people simply don't know they > exist because they a

Re: [Python-Dev] Enable Hostname and Certificate Chain Validation

2014-01-22 Thread Donald Stufft
store that worked on platforms such as Windows and Python was unwilling to ship it’s own certificate bundle. Christian has improved this situation so that it appears that this issue has been largely resolved. - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F0

Re: [Python-Dev] Enable Hostname and Certificate Chain Validation

2014-01-22 Thread Donald Stufft
oo. Last time I tried the reasoning was that Python couldn’t ship root certs and we couldn’t get to the OS certs everywhere. Thanks to you this is fixed now, so “once more unto the breach”. > > Can't we just mark these things as pending deprecated in Python 3.4 so > people start fixi

Re: [Python-Dev] Enable Hostname and Certificate Chain Validation

2014-01-22 Thread Donald Stufft
t; about it at one stage. If I *were* to set up an index, it's definitely > why I'd use http rather than bothering with https.) > > Paul > ___ > Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/p

Re: [Python-Dev] Enable Hostname and Certificate Chain Validation

2014-01-22 Thread Donald Stufft
On Jan 22, 2014, at 9:19 AM, Paul Moore wrote: > On 22 January 2014 13:55, Donald Stufft wrote: >> >> As an additional side note, anecdotal evidence and what not, but >> *every* time I bring this up somewhere I get at least one reply that >> looks similar to ht

Re: [Python-Dev] Enable Hostname and Certificate Chain Validation

2014-01-22 Thread Donald Stufft
e, anecdotal evidence and what not, but *every* time I bring this up somewhere I get at least one reply that looks similar to https://twitter.com/ojiidotch/status/425986619879866368 - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2

Re: [Python-Dev] Enable Hostname and Certificate Chain Validation

2014-01-22 Thread Donald Stufft
On Jan 22, 2014, at 6:58 AM, Nick Coghlan wrote: > On 22 January 2014 21:36, Donald Stufft wrote: >> On Jan 22, 2014, at 6:30 AM, M.-A. Lemburg wrote: >>> The change would also disable all services using self-signed >>> certificates which are very common in inter

Re: [Python-Dev] Enable Hostname and Certificate Chain Validation

2014-01-22 Thread Donald Stufft
On Jan 22, 2014, at 7:03 AM, Paul Moore wrote: > On 22 January 2014 11:29, Donald Stufft wrote: >>> 1. To be "like the browser" we'd need to use the OS certificate store, >>> which isn't the case on Windows at the moment (managing those >>>

Re: [Python-Dev] Enable Hostname and Certificate Chain Validation

2014-01-22 Thread Donald Stufft
On Jan 22, 2014, at 6:45 AM, Nick Coghlan wrote: > On 22 January 2014 21:21, Paul Moore wrote: >> On 22 January 2014 10:30, Donald Stufft wrote: >>> Python 3.4 has made great strides in making it easier for applications >>> to simply turn on these settings, howeve

Re: [Python-Dev] Enable Hostname and Certificate Chain Validation

2014-01-22 Thread Donald Stufft
ure flag for applications that don’t provide one. I really don’t like the idea of doing that, but it would be better than not validating by default. ----- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message

Re: [Python-Dev] Enable Hostname and Certificate Chain Validation

2014-01-22 Thread Donald Stufft
On Jan 22, 2014, at 6:30 AM, M.-A. Lemburg wrote: > On 22.01.2014 11:56, Donald Stufft wrote: >> >> On Jan 22, 2014, at 5:51 AM, M.-A. Lemburg wrote: >> >>> On 22.01.2014 11:30, Donald Stufft wrote: >>>> I would like to propose that a backwards inco

Re: [Python-Dev] Enable Hostname and Certificate Chain Validation

2014-01-22 Thread Donald Stufft
On Jan 22, 2014, at 6:21 AM, Paul Moore wrote: > On 22 January 2014 10:30, Donald Stufft wrote: >> Python 3.4 has made great strides in making it easier for applications >> to simply turn on these settings, however many people are not aware >> at all that they need t

Re: [Python-Dev] Enable Hostname and Certificate Chain Validation

2014-01-22 Thread Donald Stufft
On Jan 22, 2014, at 5:51 AM, M.-A. Lemburg wrote: > On 22.01.2014 11:30, Donald Stufft wrote: >> I would like to propose that a backwards incompatible change be made to >> Python to make >> verification of hostname and certificate chain the default instead of >> r

[Python-Dev] Enable Hostname and Certificate Chain Validation

2014-01-22 Thread Donald Stufft
secure resource to be educated on the fact that they need to flip some switch to do what most of them would expect. - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail

Re: [Python-Dev] PEP 460 reboot

2014-01-13 Thread Donald Stufft
On Jan 13, 2014, at 5:31 PM, Donald Stufft wrote: > %s not accepting str is the major thing I’d personally be against. To be more clear b”%s” % “abc” == No b”%s” % 123 == Fine ----- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 D

Re: [Python-Dev] PEP 460 reboot

2014-01-13 Thread Donald Stufft
t would give us a large "compatibility surface" in common > with Python 2. %s not accepting str is the major thing I’d personally be against. %s taking numeric types and bytes would be fine. The main thing i’d be worried about is where the RHS may possibly contain something non A

Re: [Python-Dev] PEP 460 reboot

2014-01-13 Thread Donald Stufft
(how could it? :-), nor does > plain string concatenation using +. I think disallowing %s is the right thing to do, but I definitely think numbers and %b should be allowed. - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 33

Re: [Python-Dev] PEP 460 reboot

2014-01-13 Thread Donald Stufft
g exceptions then I think you are strange. It makes > porting really difficult while you are still trying to figure out > where the bytes/str boundaries are. I am now deeply suspicious of all > % formatting. > ___ > Python-Dev mailing

Re: [Python-Dev] PEP 460 reboot

2014-01-12 Thread Donald Stufft
On Jan 13, 2014, at 1:59 AM, Nick Coghlan wrote: > On 13 January 2014 16:52, Donald Stufft wrote: >> >> On Jan 13, 2014, at 12:45 AM, Glenn Linderman wrote: >> >> So then the question is whether to proceed with 3.4, delay this feature to >> 3.5, or to delay

Re: [Python-Dev] PEP 460 reboot

2014-01-12 Thread Donald Stufft
Python 3 > porting target for recalcitrant module authors, sooner than later. I really hope this can make it in 3.4, needing to wait another 2 years or so until this is available would be a shame. ----- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BC

Re: [Python-Dev] PEP 460 reboot

2014-01-12 Thread Donald Stufft
consistent -- it always produces text in ASCII > encoding (by default). The same applies to the http module, which IIUC > adheres to the standard by treating headers as Latin-1. > > -- > --Guido van Rossum (python.org/~guido) > ___________ > Python-Dev mailing list > Python-Dev@python.

Re: [Python-Dev] RFC: PEP 460: Add bytes % args and bytes.format(args) to Python 3.5

2014-01-11 Thread Donald Stufft
hat actually did it. Giving bytes a format method would not have affected that either way I don’t believe. - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message

Re: [Python-Dev] RFC: PEP 460: Add bytes % args and bytes.format(args) to Python 3.5

2014-01-07 Thread Donald Stufft
_ > Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/donald%40stufft.io - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F

Re: [Python-Dev] [RELEASED] Python 3.4.0b2

2014-01-05 Thread Donald Stufft
e > if it msiexec still tries to go out to the network. That would confirm > it is ensurepip that is the issue (although that does seem most likely). > > --David > ___ > Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org

Re: [Python-Dev] Backward-incompatible change to random.randrange in 2.7.6

2013-12-17 Thread Donald Stufft
Isn't changing it in 2.7.6 which is already released and then reverting in 2.7.7 worse? Either way 2.7.6 will have this change and be in the wild and broken for people who depend on it > On Dec 17, 2013, at 5:54 PM, Benjamin Peterson wrote: > > 2013/12/17 Antoine Pitrou : >> On Tue, 17 Dec 201

Re: [Python-Dev] (#19562) Asserts in Python stdlib code (datetime.py)

2013-11-16 Thread Donald Stufft
n-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/donald%40stufft.io - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BC

Re: [Python-Dev] Simplify and unify SSL verification

2013-11-07 Thread Donald Stufft
o reliable story for CA certs. > > I'd like to move to "secure by default". The CA cert situation is solved > on most platforms. Please Yes, secure by default +1000 - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 33

Re: [Python-Dev] pip SSL

2013-10-26 Thread Donald Stufft
hence ``pip``). > ======== > > Regards, > Nick. > > -- > Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message

Re: [Python-Dev] PEP 453 (ensurepip) updated

2013-10-22 Thread Donald Stufft
artin > > ___ > Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/donald%40stufft.io Let me echo Nick's th

Re: [Python-Dev] pip SSL

2013-10-19 Thread Donald Stufft
. > > ___ > Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/donald%40stufft.io - Donald Stufft PGP:

Re: [Python-Dev] Support keyword in PEP URL?

2013-10-11 Thread Donald Stufft
-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/donald%40stufft.io - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9

Re: [Python-Dev] Semi-official read-only Github mirror of the CPython Mercurial repository

2013-09-30 Thread Donald Stufft
t; Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/donald%40stufft.io Awesome! I find Github way nicer for reading source than hg.python.org's web interface, any chance I coul

Re: [Python-Dev] PEP 453 (pip bootstrapping) ready for pronouncement?

2013-09-30 Thread Donald Stufft
On Sep 30, 2013, at 5:01 AM, "Martin v. Löwis" wrote: > Signed PGP part > Am 25.09.13 23:33, schrieb Donald Stufft: > > An early draft of this did not have the backport to 2.7 and when I > > showed *that* version around to get feedback people were less > > e

Re: [Python-Dev] PEP 453 (pip bootstrapping) ready for pronouncement?

2013-09-27 Thread Donald Stufft
happen to be met by the stdlib). > _______ > Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/donald%40stufft.io

Re: [Python-Dev] PEP 453 (pip bootstrapping) ready for pronouncement?

2013-09-27 Thread Donald Stufft
On Sep 27, 2013, at 9:20 PM, Brett Cannon wrote: > > > > On Fri, Sep 27, 2013 at 5:16 PM, Zachary Ware > wrote: > On Fri, Sep 27, 2013 at 3:29 PM, Donald Stufft wrote: > > > > > > > If it lives in the source tree how are you going to provent it from

Re: [Python-Dev] PEP 453 (pip bootstrapping) ready for pronouncement?

2013-09-27 Thread Donald Stufft
On Sep 27, 2013, at 4:09 PM, Terry Reedy wrote: > On 9/27/2013 3:10 PM, Donald Stufft wrote: >> >> On Sep 27, 2013, at 2:50 PM, Terry Reedy wrote: >> >>> I add: for 2.7/3.3, there is consequently no need for _ensurepip to be in >>> /Lib after installa

Re: [Python-Dev] PEP 453 (pip bootstrapping) ready for pronouncement?

2013-09-27 Thread Donald Stufft
features' policy. The optional installation of pip is not a change to Python > itself. This sounds like a really bad idea to me. You're going to end up with a different stdlib not only by minor release, but by if they installed through an installer or not. -

Re: [Python-Dev] PEP 453 (pip bootstrapping) ready for pronouncement?

2013-09-27 Thread Donald Stufft
tever they are trying to do with all of their libraries are ported to Python3. I still think Python 2.7 is a better target for new users because if you're using Python 3.x theirs a high chance you'll need to port a library or two still. - Donald Stufft PGP: 0x6E3CBC

Re: [Python-Dev] PEP 453 (pip bootstrapping) ready for pronouncement?

2013-09-27 Thread Donald Stufft
able to find > vcvarsall.bat" message and then gone off to find a suitable binary download. Going forward Wheels are binary packages that pip can install. - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Descripti

Re: [Python-Dev] PEP 453 (pip bootstrapping) ready for pronouncement?

2013-09-26 Thread Donald Stufft
On Sep 26, 2013, at 10:28 AM, Antoine Pitrou wrote: > Le Thu, 26 Sep 2013 10:22:55 -0400, > Donald Stufft a écrit : >> Ideally people won't be typing either of them because it'll be >> installed automatically. They might in some cases (accidentally >> unin

Re: [Python-Dev] PEP 453 (pip bootstrapping) ready for pronouncement?

2013-09-26 Thread Donald Stufft
Ideally people won't be typing either of them because it'll be installed automatically. They might in some cases (accidentally uninstalled pip?) I agree that it seems there is paranoia going on here and that the risk is low and making it just be a special cased new feature is ok. However the poi

Re: [Python-Dev] PEP 453 (pip bootstrapping) ready for pronouncement?

2013-09-25 Thread Donald Stufft
ls a pip and apt-get playing nicely is on my stack of PEPs to do) ----- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail ___ Python

Re: [Python-Dev] PEP 453 (pip bootstrapping) ready for pronouncement?

2013-09-25 Thread Donald Stufft
e installers) would break someones use any other module? If they don't import it (which the vast bulk of people won't directly, nor at all during the operation of their applications) how does it's existence on the file system risk a breakage to their system? - Donald

Re: [Python-Dev] PEP 453 (pip bootstrapping) ready for pronouncement?

2013-09-25 Thread Donald Stufft
Lives > Better. Because with PEP453 you can just ``pip install enum34`` it :) --------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail _

Re: [Python-Dev] PEP 453 (pip bootstrapping) ready for pronouncement?

2013-09-25 Thread Donald Stufft
On Sep 25, 2013, at 5:51 PM, Barry Warsaw wrote: > On Sep 25, 2013, at 05:33 PM, Donald Stufft wrote: > >> I think it should be placed in the source tree for the stable releases. The >> reasoning is that 2.7 is going to stick around for a long time. Immediately >> this

Re: [Python-Dev] PEP 453 (pip bootstrapping) ready for pronouncement?

2013-09-25 Thread Donald Stufft
ortant data point, especially given how long 2.7.LASTEVER is going to be relevant to end users. - Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed with OpenPGP using GPGMail ___

Re: [Python-Dev] PEP 453 (pip bootstrapping) ready for pronouncement?

2013-09-23 Thread Donald Stufft
happy to defer to > Martin's judgement on this. After your concern was raised I went ahead and emailed VanL. ----- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA signature.asc Description: Message signed w

Re: [Python-Dev] PEP 453 (pip bootstrapping) ready for pronouncement?

2013-09-23 Thread Donald Stufft
On Sep 23, 2013, at 8:12 PM, Donald Stufft wrote: >> >> >>> A common source of Python installations are through downstream distributors >>> such as the various Linux Distributions [#ubuntu]_ [#debian]_ [#fedora]_, >>> OSX >>> package manager

<    1   2   3   4   5   >