On 9/26/2014 1:03 PM, Chris Barker wrote:
On Thu, Sep 25, 2014 at 5:38 PM, Donald Stufft mailto:don...@stufft.io>> wrote:
2) Switch to —user based on if the user has permission to
write to the
site-packages or not.
ouch -- no. Why not a clear error message if p
On Thu, Sep 25, 2014 at 5:38 PM, Donald Stufft wrote:
> 2) Switch to —user based on if the user has permission to write to the
>> site-packages or not.
>>
>
> ouch -- no. Why not a clear error message if pip can't write to
> site-packages -- something like:
>
> I fairly strongly believe that
On 26Sep2014 13:16, Antoine Pitrou wrote:
On Fri, 26 Sep 2014 01:10:53 -0700
Hasan Diwan wrote:
On 26 September 2014 00:28, Matěj Cepl wrote:
> Where does your faith that other /bin/sh implementations (dash,
> busybox, etc.) are less buggy comes from?
The fact that they are simpler, in terms
On 26 September 2014 19:01, Steve Dower wrote:
> Microsoft has released a compiler package targeting Python 2.7 (i.e. VC9).
> We've produced this package to help library developers build wheels for
> Windows, but also to help users unblock themselves when they need to build C
> extensions thems
On 09/26/2014 11:01 AM, Steve Dower wrote:
Microsoft has released a compiler package targeting Python 2.7 (i.e. VC9).
We've produced this package to help library developers build wheels for
Windows, but also to help users unblock themselves when they need to build C
extensions themselves.
T
At long last! Building C extensions on Windows will no longer be a pain in
the rear!
On Fri, Sep 26, 2014 at 1:01 PM, Steve Dower
wrote:
> Hi all,
>
> (This is advance notice since people on this list will be interested.
> Official announcements are coming when setuptools makes their next releas
T-Mobile. America's First Nationwide 4G Network.
-- Original message--From: Python trackerDate: Fri, Sep 26, 2014 12:07
PMTo: python-dev@python.org;Subject:[Python-Dev] Summary of Python tracker
IssuesACTIVITY SUMMARY (2014-09-19 - 2014-09-26)Python tracker at
http://bugs.p
On 26/09/2014 19:01, Steve Dower wrote:
Hi all,
(This is advance notice since people on this list will be interested.
Official announcements are coming when setuptools makes their next
release.)
Microsoft has released a compiler package targeting Python 2.7 (i.e.
VC9). We've produced this packa
Awesome!
> On Sep 26, 2014, at 2:01 PM, Steve Dower wrote:
>
> Hi all,
>
> (This is advance notice since people on this list will be interested.
> Official announcements are coming when setuptools makes their next release.)
>
> Microsoft has released a compiler package targeting Python 2.7 (
Hi all,
(This is advance notice since people on this list will be interested. Official
announcements are coming when setuptools makes their next release.)
Microsoft has released a compiler package targeting Python 2.7 (i.e. VC9).
We've produced this package to help library developers build whee
ACTIVITY SUMMARY (2014-09-19 - 2014-09-26)
Python tracker at http://bugs.python.org/
To view or respond to any of the issues listed below, click on the issue.
Do NOT respond to this message.
Issues counts and deltas:
open4677 (+15)
closed 29587 (+43)
total 34264 (+58)
Open issues wit
> On Sep 26, 2014, at 9:53 AM, Paul Moore wrote:
>
> On 26 September 2014 14:31, Donald Stufft wrote:
>> Yea, I think we throw an error when you use —user inside a virtual
>>environment.
>
> So if --user became the default, what would happen? I'd like pip
> inside a virtualenv to install i
On 26 September 2014 14:31, Donald Stufft wrote:
> Yea, I think we throw an error when you use —user inside a virtual
> environment.
So if --user became the default, what would happen? I'd like pip
inside a virtualenv to install into the environment without needing a
--system flag. Is that th
Stefan Behnel wrote:
> Ok, but does that really make it a relevant topic for python-dev?
Sorry - I thought I was reading python-general. gmane makes it too easy to
post :-). However, I think it's worth pointing that out, in case people
think that Popen is a security panacea.
J
__
> On Sep 26, 2014, at 3:09 AM, Paul Moore wrote:
>
> On 26 September 2014 01:38, Donald Stufft wrote:
>> Either way I'm fairly commited to making --user the default, the only
>> question
>> on my mind is what exactly does that look like (e.g. does root get --user by
>> default?) and how we get
On Fri, 26 Sep 2014 14:56:05 +0200
Stefan Behnel wrote:
> Jeremy Sanders schrieb am 26.09.2014 um 09:28:
> > Antoine Pitrou wrote:
> >
> >> Fortunately, Python's subprocess has its `shell` argument default to
> >> False. However, `os.system` invokes the shell implicitly and is
> >> therefore a po
Jeremy Sanders schrieb am 26.09.2014 um 09:28:
> Antoine Pitrou wrote:
>
>> Fortunately, Python's subprocess has its `shell` argument default to
>> False. However, `os.system` invokes the shell implicitly and is
>> therefore a possible attack vector.
>
> Of course anything called by subprocess wi
On Fri, 26 Sep 2014 01:10:53 -0700
Hasan Diwan wrote:
> Matěj,
>
> On 26 September 2014 00:28, Matěj Cepl wrote:
>
> > Where does your faith that other /bin/sh implementations (dash,
> > busybox, etc.) are less buggy comes from?
>
>
> The fact that they are simpler, in terms of lines of code.
On 26.09.14 01:17, Antoine Pitrou wrote:
Fortunately, Python's subprocess has its `shell` argument default to
False. However, `os.system` invokes the shell implicitly and is
therefore a possible attack vector.
Fortunately dash (which is used as /bin/sh in Debian and Ubuntu) is not
vulnerable.
Matěj,
On 26 September 2014 00:28, Matěj Cepl wrote:
> Where does your faith that other /bin/sh implementations (dash,
> busybox, etc.) are less buggy comes from?
The fact that they are simpler, in terms of lines of code. It's no
guarantee, but the less a given piece of code does, the less bug
On 2014-09-25, 23:14 GMT, Cameron Simpson wrote:
>>Fortunately, Python's subprocess has its `shell` argument default to
>>False. However, `os.system` invokes the shell implicitly and is
>>therefore a possible attack vector.
>
> Only if /bin/sh is bash :-) Not always the case, fortunately.
Where do
Antoine Pitrou wrote:
> Fortunately, Python's subprocess has its `shell` argument default to
> False. However, `os.system` invokes the shell implicitly and is
> therefore a possible attack vector.
Of course anything called by subprocess with shell=False may invoke the
shell itself if it runs oth
On 26 September 2014 01:38, Donald Stufft wrote:
> Either way I'm fairly commited to making --user the default, the only
> question
> on my mind is what exactly does that look like (e.g. does root get --user by
> default?) and how we get from where we are now to that point. I think that
> raising
23 matches
Mail list logo