[Python-Dev] hg verify warnings
Hello, In a fresh clone, I'm getting a couple of warnings in `hg verify`. Perhaps someone familiar with Mercurial could take a brief look: repository uses revlog format 1 checking changesets checking manifests crosschecking files in changesets and manifests checking files warning: copy source of 'Modules/_threadmodule.c' not in parents of 60ad83716733 warning: copy source of 'Objects/bytesobject.c' not in parents of 64bb1d258322 warning: copy source of 'Objects/stringobject.c' not in parents of 357e268e7c5f 9754 files, 78648 changesets, 175109 total revisions 3 warnings encountered! Stefan Krah ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] 3.3 str timings
Wiadomość napisana przez Antoine Pitrou solip...@pitrou.net w dniu 18 sie 2012, o godz. 23:27: On Sat, 18 Aug 2012 17:17:14 -0400 Terry Reedy tjre...@udel.edu wrote: The issue came up in python-list about string operations being slower in 3.3. (The categorical claim is false as some things are actually faster.) Some things I understand, this one I do not. Win7-64, 3.3.0b2 versus 3.2.3 print(timeit(c in a, c = '…'; a = 'a'*1000+c)) # ord(c) = 8230 # .6 in 3.2, 1.2 in 3.3 I get opposite numbers: Me too. 3.2 is slower for me in every case. Mac OS X 10.8. -- Best regards, Łukasz Langa Senior Systems Architecture Engineer IT Infrastructure Department Grupa Allegro Sp. z o.o. http://lukasz.langa.pl/ +48 791 080 144 ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Should urlencode() sort the query parameters (if they come from a dict)?
Antoine Pitrou writes: That's unsubstantiated. Sure. If I had a CVE, I would have posted it. Give an example of how sorted URLs compromise security. That's not how you think about security; the right question about sorted URLs is how do you know that they *don't* compromise security? We know that mishandling URLs *can* compromise security (eg, via bugs in directory traversal). But you know that. What you presumably mean here is why do you think randomly changing query parameter order in URLs is more secure than sorted order? The answer to that is that since the server can't depend on order, it *must* handle more configurations of parameters by design (and presumably in implementation and testing), and therefore will be robust against more kinds of parameter configurations. Eg, there will be no temptation to optimize processing by handling parameters in sorted order. Is this a real danger? Maybe not. But every unnecessary regularity in inputs that a program's implementation depends on is a potential attack vector via irregular inputs. Remember, I was responding to a claim that sorted order is *always* better. That's a dangerous kind of claim to make about anything that could be input to an Internet server. Steve ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Should urlencode() sort the query parameters (if they come from a dict)?
Joao S. O. Bueno writes: Ageeded that any way one thinks about it is far too strong a claim - but I still hold to the point. Maybe most ways one thinks about it :-) . 100% agreement now.wink/ ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Should urlencode() sort the query parameters (if they come from a dict)?
On Sun, 19 Aug 2012 20:55:31 +0900 Stephen J. Turnbull step...@xemacs.org wrote: Antoine Pitrou writes: That's unsubstantiated. Sure. If I had a CVE, I would have posted it. Ok, so you have no evidence. Regards Antoine. ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] hg verify warnings
On Sun, 19 Aug 2012 11:11:34 +0200 Stefan Krah ste...@bytereef.org wrote: Hello, In a fresh clone, I'm getting a couple of warnings in `hg verify`. Perhaps someone familiar with Mercurial could take a brief look: repository uses revlog format 1 checking changesets checking manifests crosschecking files in changesets and manifests checking files warning: copy source of 'Modules/_threadmodule.c' not in parents of 60ad83716733 warning: copy source of 'Objects/bytesobject.c' not in parents of 64bb1d258322 warning: copy source of 'Objects/stringobject.c' not in parents of 357e268e7c5f 9754 files, 78648 changesets, 175109 total revisions 3 warnings encountered! I don't get that problem on the master server, nor on two other machines with fresh clones and different hg versions. I suggest you re-try cloning and, if the issue persists, report it on the Mercurial mailing-list. Regards Antoine. -- Software development and contracting: http://pro.pitrou.net ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] hg verify warnings
Antoine Pitrou solip...@pitrou.net wrote: warning: copy source of 'Modules/_threadmodule.c' not in parents of 60ad83716733 I don't get that problem on the master server, nor on two other machines with fresh clones and different hg versions. I suggest you re-try cloning and, if the issue persists, report it on the Mercurial mailing-list. Okay, this only occurs if the ~/.hgrc contains verbose = True. I found a post from Matt Mackall where he says that this only happens with repos that were started with now-ancient versions of hg: http://permalink.gmane.org/gmane.comp.version-control.mercurial.general/23195 So it looks like a known issue, see also: https://bugzilla.mozilla.org/show_bug.cgi?id=644904 Stefan Krah ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Should urlencode() sort the query parameters (if they come from a dict)?
On Sat, Aug 18, 2012 at 1:55 PM, Glenn Linderman v+pyt...@g.nevcal.com wrote: On 8/18/2012 11:47 AM, MRAB wrote: I vote -0. The issue can also be addressed with a small and simple helper function that wraps urlparse and compares the query parameter. Or you cann urlencode() with `sorted(qs.items)` instead of `qs` in the application. Hm. That's actually a good point. Seems adequate to me. Most programs wouldn't care about the order, because most web frameworks grab whatever is there in whatever order, and present it to the web app in their own order. Programs that care, or which talk to web apps that care, are unlikely to want the order from a non-randomized dict, and so have already taken care of ordering issues, so undoing the randomization seems like a solution in search of a problem (other than for poorly written test cases). I am of the same thought too. Changing a behavior based on the test case expectation, no matter if the behavior is a harmless change is still a change. Coming to the point testing query string could be useful in some cases and then giving weightage to the change seems interesting use case, but does not seem to warrant a change. I think, I like Christian Heimes suggestion that a wrapper to compare query strings would be useful and in Guido's original test case, a tittle test code change would have been good. Looks like Guido has withdrawn the bug report too. -- Senthil ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] hg verify warnings
warning: copy source of 'Modules/_threadmodule.c' not in parents of 60ad83716733 warning: copy source of 'Objects/bytesobject.c' not in parents of 64bb1d258322 warning: copy source of 'Objects/stringobject.c' not in parents of 357e268e7c5f These revisions are all from Benjamin. So I conclude that he was once using an now-ancient version of hg. Regards, Martin ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
