I don't always post to python-dev, but when I do I ask for braces.
On Friday, December 9, 2011 at 4:43 PM, Antoine Pitrou wrote:
Dear Cedric,
I'm guessing you drank too much (perhaps you are training for New Year's
Eve), ate some bad sausages or are simply very self-complacent.
Even if a MemoryException is raised I believe that is still a fundamental
change in the documented contract of dictionary API. I don't believe there is a
way to fix this without breaking someones application. The major differences I
see between the two solutions is that counting will break
On Friday, January 20, 2012 at 2:36 PM, Tres Seaver wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/20/2012 02:04 PM, Donald Stufft wrote:
Even if a MemoryException is raised I believe that is still a
fundamental change in the documented contract of dictionary API
20, 2012 at 5:11 PM, Terry Reedy wrote:
On 1/20/2012 2:51 PM, Donald Stufft wrote:
I think the counting collision is at best a bandaid and not a proper fix
stemmed from a desire to not break existing applications on a bugfix
release ...
My opinion of counting is better than yours
On Tuesday, March 13, 2012 at 9:31 AM, Paul Moore wrote:
On 13 March 2012 03:48, C. Titus Brown c...@msu.edu (mailto:c...@msu.edu)
wrote:
I feel like there's a middle ground where stable, long-term go-to modules
could
be mentioned, though. I don't spend a lot of time browsing PyPI, but
On Wednesday, June 20, 2012 at 2:36 AM, Victor Stinner wrote:
What is the status of the third party module on PyPI (distutils2)?
Does it contain all fixes done in the packaging module? Does it have
exactly the same API? Does it support Python 2.5 to 3.3, or maybe also
2.4?
How is the
On Thursday, June 21, 2012 at 4:01 PM, Paul Moore wrote:
End users should not need packaging tools on their machines.
Sort of riffing on this idea, I cannot seem to find a specification for what a
Python
package actually is. Maybe the first effort should focus on this instead of
arguing one
On Thursday, June 21, 2012 at 7:34 PM, Alex Clark wrote:
Hi,
On 6/21/12 5:38 PM, Donald Stufft wrote:
On Thursday, June 21, 2012 at 4:01 PM, Paul Moore wrote:
End users should not need packaging tools on their machines.
Sort of riffing on this idea, I cannot seem to find
On Friday, June 22, 2012 at 1:05 AM, Nick Coghlan wrote:
- I reject setup.cfg, as I believe ini-style configuration files are
not appropriate for a metadata format that needs to include file
listings and code fragments
- I reject bento.info (http://bento.info), as I think if we accept
I think json probably makes the most sense, it's already part of the stdlib for
2.6+
and while it has some issues with human editablity, there's no reason why this
json
file couldn't be auto generated from another data structure by the package
creation tool
that exists outside of the stdlib (or
On Friday, June 22, 2012 at 5:22 AM, Dag Sverre Seljebotn wrote:
What Bento does is have one metadata file for the source-package, and
another metadata file (manifest) for the built-package. The latter is
normally generated by the build process (but follows a standard
nevertheless). Then
On Friday, June 22, 2012 at 5:52 AM, Dag Sverre Seljebotn wrote:
The reason PyPI isn't one big security risk is that packages are built
from source, and so you can have some confidence that backdoors would be
noticed and highlighted by somebody.
Having a common standards for binary
On Friday, June 22, 2012 at 6:20 AM, David Cournapeau wrote:
If by manifest you mean the build manifest, then that's not desirable:
the manifest contains the explicit filenames, and those are
platform/environment specific. You don't want this to be user-facing.
It appears I misunderstood the
Ideally authors will be signing their packages (using gpg keys). Of course
how to distribute keys is an exercise left to the reader.
On Friday, June 22, 2012 at 11:48 AM, Vinay Sajip wrote:
martin at v.loewis.de (http://v.loewis.de) writes:
See above. Also notice that such signing is
On Friday, June 22, 2012 at 12:54 PM, Alexandre Zani wrote:
Key distribution is the real issue though. If there isn't a key
distribution infrastructure in place, we might as well not bother with
signatures. PyPI could issue x509 certs to packagers. You wouldn't be
able to verify that the
Not at the moment, but I could gather them up and make them public later today.
They
are very rough draft at the moment.
On Friday, June 22, 2012 at 1:09 PM, Alexandre Zani wrote:
On Fri, Jun 22, 2012 at 9:56 AM, Donald Stufft donald.stu...@gmail.com
(mailto:donald.stu...@gmail.com) wrote
On Friday, June 22, 2012 at 4:55 PM, Terry Reedy wrote:
Every time windows users download and install a binary, they are taking
a chance. I try to use a bit more sense than some people, but I know it
is not risk free. There *is* a third party site that builds installers,
but should I
.
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/donald%40stufft.io
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F
On Sep 5, 2013, at 2:25 PM, Oleg Broytman p...@phdru.name wrote:
On Thu, Sep 05, 2013 at 02:16:29PM -0400, Donald Stufft don...@stufft.io
wrote:
On Sep 5, 2013, at 2:12 PM, Oleg Broytman p...@phdru.name wrote:
I used to use myOpenID and became my own provider using poit[1].
These days I
On Sep 5, 2013, at 2:43 PM, Oleg Broytman p...@phdru.name wrote:
On Thu, Sep 05, 2013 at 02:35:16PM -0400, Donald Stufft don...@stufft.io
wrote:
Persona is the logical successor to OpenID.
OpenID lived a short life and died a quiet death. I'm afraid Persona
wouldn't live even that much
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/donald%40stufft.io
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9
%40stufft.io
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Python-Dev mailing list
Python-Dev@python.org
https
in
the news a lot lately :)
If I recall Persona doesn't leak this data like OpenID does, but perhaps Dan
can speak to that better than I can.
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/donald%40stufft.io
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA
On Sep 6, 2013, at 3:34 PM, R. David Murray rdmur...@bitdance.com wrote:
On Fri, 06 Sep 2013 15:17:12 -0400, Donald Stufft don...@stufft.io wrote:
On Sep 6, 2013, at 3:11 PM, R. David Murray rdmur...@bitdance.com wrote:
IMO, single signon is overrated. Especially if one prefers not to make
On Sep 10, 2013, at 11:08 AM, Guido van Rossum gu...@python.org wrote:
Why do several posts in this thread have an Unsubscribe link that tries to
unsubscribe me from the list? (I saw one by Glen, and another one by Donald
Stufft.)
(Come to think of it, what's the point of having an Unbub
/mailman/options/python-dev/donald%40stufft.io
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Python-Dev mailing list
://www.continuum.io/blog/conda`
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Python-Dev mailing list
Python-Dev@python.org
https
On Sep 19, 2013, at 9:27 AM, Donald Stufft don...@stufft.io wrote:
We've updated PEP453 based on some of the early feedback we've gotten from
-dev and Martin.
Major changes:
* Removal of the option to fetch pip from PyPI in order not to modify the
trust model of the Python installers
On Sep 19, 2013, at 9:36 AM, Paul Tagliamonte paul...@debian.org wrote:
On Thu, Sep 19, 2013 at 09:27:24AM -0400, Donald Stufft wrote:
Rationale
=
Currently, on systems without a platform package manager and repository,
installing a third-party Python package into a freshly
On Sep 19, 2013, at 9:43 AM, Paul Moore p.f.mo...@gmail.com wrote:
On 19 September 2013 14:27, Donald Stufft don...@stufft.io wrote:
Major changes:
* Removal of the option to fetch pip from PyPI in order not to modify the
trust model of the Python installers
* Consequently rename
On Sep 19, 2013, at 9:50 AM, Antoine Pitrou solip...@pitrou.net wrote:
Le Thu, 19 Sep 2013 09:27:24 -0400,
Donald Stufft don...@stufft.io a écrit :
We've updated PEP453 based on some of the early feedback we've gotten
from -dev and Martin.
Major changes:
* Removal of the option
packages to simply document installing as ``pip install package`` and if it's
not
installed by default on Debian they'll get a good message telling them what they
need to do.
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
package when a user executes ``pip`` without
+it being installed. Systems that choose this option should ensure that
+the ``pyvenv`` command still installs pip into the virtual environment
+by default.
* Do not remove the bundled copy of pip.
-
Donald Stufft
PGP
(mostly running the
command).
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Python-Dev mailing list
Python-Dev@python.org
://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/donald%40stufft.io
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using
On Sep 23, 2013, at 8:12 PM, Donald Stufft don...@stufft.io wrote:
A common source of Python installations are through downstream distributors
such as the various Linux Distributions [#ubuntu]_ [#debian]_ [#fedora]_,
OSX
package managers [#homebrew]_, or Python-specific tools [#conda
to
Martin's judgement on this.
After your concern was raised I went ahead and emailed VanL.
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
long 2.7.LASTEVER is going to be
relevant to end users.
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Python-Dev
On Sep 25, 2013, at 5:51 PM, Barry Warsaw ba...@python.org wrote:
On Sep 25, 2013, at 05:33 PM, Donald Stufft wrote:
I think it should be placed in the source tree for the stable releases. The
reasoning is that 2.7 is going to stick around for a long time. Immediately
this won't
Lives
Better.
Because with PEP453 you can just ``pip install enum34`` it :)
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
? If
they don't import it (which the vast bulk of people won't directly, nor at all
during
the operation of their applications) how does it's existence on the file system
risk a breakage to their system?
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9
(For reals a pip and apt-get playing nicely is on my stack of PEPs to do)
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
Ideally people won't be typing either of them because it'll be installed
automatically. They might in some cases (accidentally uninstalled pip?)
I agree that it seems there is paranoia going on here and that the risk is low
and making it just be a special cased new feature is ok. However the
On Sep 26, 2013, at 10:28 AM, Antoine Pitrou solip...@pitrou.net wrote:
Le Thu, 26 Sep 2013 10:22:55 -0400,
Donald Stufft don...@stufft.io a écrit :
Ideally people won't be typing either of them because it'll be
installed automatically. They might in some cases (accidentally
uninstalled pip
vcvarsall.bat message and then gone off to find a suitable binary download.
Going forward Wheels are binary packages that pip can install.
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed
are ported to Python3. I still think Python
2.7 is a better
target for new users because if you're using Python 3.x theirs a high chance
you'll
need to port a library or two still.
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
features' policy. The optional installation of pip is not a change to Python
itself.
This sounds like a really bad idea to me. You're going to end up with a
different stdlib not only by minor release, but by if they installed through an
installer or not.
-
Donald Stufft
PGP
On Sep 27, 2013, at 4:09 PM, Terry Reedy tjre...@udel.edu wrote:
On 9/27/2013 3:10 PM, Donald Stufft wrote:
On Sep 27, 2013, at 2:50 PM, Terry Reedy tjre...@udel.edu wrote:
I add: for 2.7/3.3, there is consequently no need for _ensurepip to be in
/Lib after installation, even
On Sep 27, 2013, at 9:20 PM, Brett Cannon br...@python.org wrote:
On Fri, Sep 27, 2013 at 5:16 PM, Zachary Ware zachary.ware+py...@gmail.com
wrote:
On Fri, Sep 27, 2013 at 3:29 PM, Donald Stufft don...@stufft.io wrote:
snip
If it lives in the source tree how are you going
that
happen to be met by the stdlib).
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/donald%40stufft.io
-
Donald Stufft
On Sep 30, 2013, at 5:01 AM, Martin v. Löwis mar...@v.loewis.de wrote:
Signed PGP part
Am 25.09.13 23:33, schrieb Donald Stufft:
An early draft of this did not have the backport to 2.7 and when I
showed *that* version around to get feedback people were less
enthusiastic about
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/donald%40stufft.io
Awesome! I find Github way nicer for reading source than hg.python.org's web
interface, any chance I could convince you to do this for the peps repo too? ;)
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA
%40stufft.io
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Python-Dev mailing list
Python-Dev@python.org
https
-dev/donald%40stufft.io
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Python-Dev mailing list
Python-Dev@python.org
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/donald%40stufft.io
Let me echo Nick's thank you!
Now to get this implemented :D
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo
to secure by default. The CA cert situation is solved
on most platforms.
Please Yes, secure by default +1000
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org
Isn't changing it in 2.7.6 which is already released and then reverting in
2.7.7 worse? Either way 2.7.6 will have this change and be in the wild and
broken for people who depend on it
On Dec 17, 2013, at 5:54 PM, Benjamin Peterson benja...@python.org wrote:
2013/12/17 Antoine Pitrou
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/donald%40stufft.io
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926
://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/donald%40stufft.io
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed
it. Giving bytes a format method would not have affected
that either way I don’t believe.
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/donald%40stufft.io
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description
Python 3
porting target for recalcitrant module authors, sooner than later.
I really hope this can make it in 3.4, needing to wait another 2 years or so
until this is available would be a shame.
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9
On Jan 13, 2014, at 1:59 AM, Nick Coghlan ncogh...@gmail.com wrote:
On 13 January 2014 16:52, Donald Stufft don...@stufft.io wrote:
On Jan 13, 2014, at 12:45 AM, Glenn Linderman v+pyt...@g.nevcal.com wrote:
So then the question is whether to proceed with 3.4, delay this feature to
3.5
using %s (or at
least using %s
on a str object and not as an alias for %b) than to implicitly encode that
(given we
don’t know what the RHS can contain) or to throw junk data into the bytes that
we
know pretty much nobody ever is going to actually want.
-
Donald Stufft
PGP
think disallowing %s is the right thing to do, but I definitely think numbers
and %b should be allowed.
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
is where the
RHS
may possibly contain something non ASCII that needs encoding (such as the str
case).
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
On Jan 13, 2014, at 5:31 PM, Donald Stufft don...@stufft.io wrote:
%s not accepting str is the major thing I’d personally be against.
To be more clear
b”%s” % “abc” == No
b”%s” % 123 == Fine
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9
a secure
resource to be educated on the fact that they need to flip some switch to
do what most of them would expect.
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
On Jan 22, 2014, at 5:51 AM, M.-A. Lemburg m...@egenix.com wrote:
On 22.01.2014 11:30, Donald Stufft wrote:
I would like to propose that a backwards incompatible change be made to
Python to make
verification of hostname and certificate chain the default instead of
requiring it to be opt
On Jan 22, 2014, at 6:21 AM, Paul Moore p.f.mo...@gmail.com wrote:
On 22 January 2014 10:30, Donald Stufft don...@stufft.io wrote:
Python 3.4 has made great strides in making it easier for applications
to simply turn on these settings, however many people are not aware
at all that they need
On Jan 22, 2014, at 6:30 AM, M.-A. Lemburg m...@egenix.com wrote:
On 22.01.2014 11:56, Donald Stufft wrote:
On Jan 22, 2014, at 5:51 AM, M.-A. Lemburg m...@egenix.com wrote:
On 22.01.2014 11:30, Donald Stufft wrote:
I would like to propose that a backwards incompatible change be made
for applications
that don’t provide one. I really don’t like the idea of doing that, but
it would be better than not validating by default.
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed
On Jan 22, 2014, at 6:45 AM, Nick Coghlan ncogh...@gmail.com wrote:
On 22 January 2014 21:21, Paul Moore p.f.mo...@gmail.com wrote:
On 22 January 2014 10:30, Donald Stufft don...@stufft.io wrote:
Python 3.4 has made great strides in making it easier for applications
to simply turn
On Jan 22, 2014, at 7:03 AM, Paul Moore p.f.mo...@gmail.com wrote:
On 22 January 2014 11:29, Donald Stufft don...@stufft.io wrote:
1. To be like the browser we'd need to use the OS certificate store,
which isn't the case on Windows at the moment (managing those
certificate bundle files
On Jan 22, 2014, at 6:58 AM, Nick Coghlan ncogh...@gmail.com wrote:
On 22 January 2014 21:36, Donald Stufft don...@stufft.io wrote:
On Jan 22, 2014, at 6:30 AM, M.-A. Lemburg m...@egenix.com wrote:
The change would also disable all services using self-signed
certificates which are very
to https://twitter.com/ojiidotch/status/425986619879866368
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Python-Dev
On Jan 22, 2014, at 9:19 AM, Paul Moore p.f.mo...@gmail.com wrote:
On 22 January 2014 13:55, Donald Stufft don...@stufft.io wrote:
As an additional side note, anecdotal evidence and what not, but
*every* time I bring this up somewhere I get at least one reply that
looks similar to https
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/donald%40stufft.io
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D
certs everywhere. Thanks to you this
is fixed now, so “once more unto the breach”.
Can't we just mark these things as pending deprecated in Python 3.4 so
people start fixing their code *now*?
+1
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C
that worked on platforms such as
Windows and Python was unwilling to ship it’s own certificate bundle.
Christian has improved this situation so that it appears that this issue has
been largely resolved.
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372
of people simply don't know they
exist because they also don't read the documentation.
Ironically this is the exact reason why validation should happen by default :]
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description
Never mind. If someone else cares they can propose it. I withdraw.
On Jan 22, 2014, at 4:29 PM, Brett Cannon br...@python.org wrote:
On Wed, Jan 22, 2014 at 3:56 PM, Benjamin Peterson benja...@python.org
wrote:
On Wed, Jan 22, 2014, at 12:25 PM, Nick Coghlan wrote:
On 23 Jan
1.9
Go also verifies by default, I’m not aware if PHP or Perl do.
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
On Jan 23, 2014, at 10:09 PM, Donald Stufft don...@stufft.io wrote:
On Jan 23, 2014, at 10:06 PM, Stephen J. Turnbull step...@xemacs.org wrote:
Wes Turner writes:
But if it's only the already security-conscious developers and
managers who go WTF?, and other environments don't do
``ENSUREPIP=no make install``, but probably this
should
just print a warning instead of dying when TLS isn’t available.
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using
-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/donald%40stufft.io
Does it affect 3.4?
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
It is in 3.4.
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Python-Dev mailing list
Python-Dev@python.org
https
:
https://mail.python.org/mailman/options/python-dev/donald%40stufft.io
Hash randomization is broken and doesn’t fix anything. It’s only SipHash in
3.4+ that actually fixes it.
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
available here: http://legacy.python.org/dev/peps/pep-0456/
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Python-Dev
On Feb 25, 2014, at 8:17 AM, Antoine Pitrou solip...@pitrou.net wrote:
On Tue, 25 Feb 2014 08:08:09 -0500
Donald Stufft don...@stufft.io wrote:
Hash randomization is broken and doesn’t fix anything.
Not sure what you mean with doesn't fix anything. Hash collisions were
easy to exploit
.
In the end, it’s good that it was fixed in 3.4, I wish it had been back ported
and applied to 2.7 and the relevant 3.x branches.
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using
:
https://mail.python.org/mailman/options/python-dev/donald%40stufft.io
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
:
https://mail.python.org/mailman/options/python-dev/donald%40stufft.io
AFAIK the www.python.org PEP stuff just isn’t done yet, and the legacy redirect
is
a temporary stopgap.
-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
I personally think that at a minimum we should have X-Fields that
get moved into the normal METADATA file, and personally I would
prefer to just drop the X- prefix completely.
I think any spec which doesn't include first class support for
extending it with new metadata is going to essentially
On Tuesday, August 28, 2012 at 8:28 AM, Nick Coghlan wrote:
Agreed, and this is the kind of thing a v1.3 metadata PEP could
define. It just needs to be properly namespaced, and the obvious
namespacing mechanism is PyPI project names.
The biggest reason I have against namespacing them is it
On Tuesday, August 28, 2012 at 9:09 AM, Nick Coghlan wrote:
On Tue, Aug 28, 2012 at 10:57 PM, Daniel Holth dho...@gmail.com
(mailto:dho...@gmail.com) wrote:
How about
Extensions are fields that start with a pypi-registered name followed
by a hyphen. A file that contains extension
On Tuesday, August 28, 2012 at 9:09 AM, Nick Coghlan wrote:
It does have the advantage that tools for manipulating the format can
remain dumber, but that doesn't seem like *that* much of an advantage,
especially since any such benefit could be eliminated completely by
just switching to a
1 - 100 of 490 matches
Mail list logo