Re: [Python-Dev] [python-committers] Enabling depreciation warnings feature code cutoff

I also feel this decision was a mistake. If there's a consensus to revert, I'm happy to draft a PEP. Alex On Nov 6, 2017 1:58 PM, "Neil Schemenauer" wrote: > On 2017-11-06, Nick Coghlan wrote: > > Gah, seven years on from Python 2.7's release, I still get caught by > >

Re: [Python-Dev] [python-committers] Cherry picker bot deployed in CPython repo

This is a great UX win for our development process. Thanks for making this happen! Alex On Tue, Sep 5, 2017 at 9:10 PM, Mariatta Wijaya wrote: > Hi, > > The cherry picker bot has just been deployed to CPython repo, codenamed > miss-islington. > > miss-islington made

Re: [Python-Dev] Backport ssl.MemoryBIO on Python 2.7?

I'm +1 on this, I even wrote the patch: https://bugs.python.org/issue22559 :-) If you're interested in making sure that still applies and tests still pass, I'd be a big fan. In addition to all the benefits you mentioned, it also substantially reduces the diff between 2.7 and 3.x (or at least it

Re: [Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)

Hi all, While I appreciate the vote of confidence from everyone, I'm not interested in being the BDFL-delegate for this. I don't think it's a good idea, and I'm not willing to put further time into. If he's interested, Donald Stufft would make a good choice for delegate. Really do appreciate

Re: [Python-Dev] Python 2.x and 3.x use survey, 2014 edition

Ben Finney ben+python at benfinney.id.au writes: Rather, the claim is that *if* one's code base doesn't migrate to Python 3, it will be decreasingly supported by the PSF and the Python community at large. The PSF doesn't support any versions of Python. We have effectively no involvement

Re: [Python-Dev] PEP 481 - Migrate Some Supporting Repositories to Git and Github

On Sun Nov 30 2014 at 10:28:50 AM Brett Cannon br...@python.org wrote: Why specifically? Did you have a web UI for reviewing patches previously? Do you have CI set up for patches now and didn't before? What features did you specifically gain from the switch to GitHub that you didn't have

Re: [Python-Dev] PEP 481 - Migrate Some Supporting Repositories to Git and Github

Donald Stufft donald at stufft.io writes: [words words words] I strongly support this PEP. I'd like to share two pieces of information. Both of these are personal anecdotes: For the past several years, I've been a contributor on two major projects using mercurial, CPython and PyPy. PyPy has

Re: [Python-Dev] PEP476: Enabling certificate validation by default

Guido van Rossum guido at python.org writes: OK, I'll hold off a bit on approving the PEP, but my intention is to approve it. Go Alex go! A patch for the environmental variable overrides on Windows has landed; thanks Benjamin! Alex ___

Re: [Python-Dev] PEP476: Enabling certificate validation by default

, 3.4 and 3.5 in the Abstract (for example in the 3rd paragraph of the abstract). On Fri, Sep 19, 2014 at 3:52 PM, Nick Coghlan ncogh...@gmail.com wrote: On 20 September 2014 08:34, Alex Gaynor alex.gay...@gmail.com wrote: Pushed a new version which I believe adresses all of these. I added

Re: [Python-Dev] PEP476: Enabling certificate validation by default

to see more working code and some beta testing before it goes live. Perhaps I should just approve the PEP but separately get to approve the code? (Others will have to review it for correctness -- but I want to understand and review the API.) On Sat, Sep 20, 2014 at 8:54 AM, Alex Gaynor alex.gay

[Python-Dev] PEP476: Enabling certificate validation by default

Hi all, I've just updated the PEP to reflect the API suggestions from Nick, and the fact that the necessary changes to urllib were landed. I think this is ready for pronouncement, Guido? Cheers, Alex ___ Python-Dev mailing list Python-Dev@python.org

Re: [Python-Dev] PEP476: Enabling certificate validation by default

of http.client. Finally, it's kind of non-obvious in the PEP that this affects Python 2.7.X (I guess the one after the next) as well as 3.4 and 3.5. On Fri, Sep 19, 2014 at 9:53 AM, Alex Gaynor alex.gay...@gmail.com wrote: Hi all, I've just updated the PEP to reflect the API suggestions from

Re: [Python-Dev] Proposed schedule for 3.4.2

Guido van Rossum guido at python.org writes: Would you be willing to officially pronounce on PEP-476 in the context of 3.4.x, so we can get it into the release, and then we can defer on officially approving it for 2.7.X until we figure out all the moving pieces? Cheers, Alex

Re: [Python-Dev] Proposed schedule for 3.4.2

down an https URL using urlopen. Without adding package dependencies. On Mon, Sep 8, 2014 at 10:25 AM, Alex Gaynor alex.gay...@gmail.com wrote: Guido van Rossum guido at python.org writes: Would you be willing to officially pronounce on PEP-476 in the context of 3.4.x, so we can get

Re: [Python-Dev] PEP 476: Enabling certificate validation by default!

Ethan Furman ethan at stoneleaf.us writes: I apologize if I missed this point, but if we have the source code then it is possible to go in and directly modify the application/utility to be able to talk over https to a router with an invalid certificate? This is an option when creating the

Re: [Python-Dev] PEP 476: Enabling certificate validation by default!

Guido van Rossum guido at python.org writes: OK, that changes my position for 2.7 (but not for 3.5). I had assumed there was a way to disable the cert check by changing one parameter to the urlopen() call. (And I had wanted to add that there should be a clear FAQ about the subject.) If this

Re: [Python-Dev] PEP 476: Enabling certificate validation by default!

Antoine Pitrou solipsis at pitrou.net writes: And how many people are using Twisted as an HTTPS client? (compared to e.g. Python's httplib, and all the third-party libraries building on it?) I don't think anyone could give an honest estimate of these counts, however there's two factors to

Re: [Python-Dev] PEP 476: Enabling certificate validation by default!

The Windows certificate store is used by ``load_default_certs``: * https://github.com/python/cpython/blob/master/Lib/ssl.py#L379-L381 * https://docs.python.org/3.4/library/ssl.html#ssl.enum_certificates Cheers, Alex ___ Python-Dev mailing list

[Python-Dev] PEP 476: Enabling certificate validation by default!

: $Revision$ Last-Modified: $Date$ Author: Alex Gaynor alex.gay...@gmail.com Status: Draft Type: Standards Track Content-Type: text/x-rst Created: 28-August-2014 Abstract Currently when a standard library http client (the ``urllib`` and ``http`` modules) encounters an ``https://`` URL it will wrap

Re: [Python-Dev] PEP 476: Enabling certificate validation by default!

Thanks for the rapid feedback everyone! I want to summarize the action items and discussion points that have come up so far: To add to the PEP: * Emit a warning in 3.4.next for cases that would raise a Exception in 3.5 * Clearly state that the existing OpenSSL environment variables will be

Re: [Python-Dev] PEP 467: Minor API improvements for bytes bytearray

Donald Stufft donald at stufft.io writes: For the record I’ve had all of the problems that Nick states and I’m +1 on this change. --- Donald Stufft PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA I've hit basically every problem everyone here has stated, and in no

Re: [Python-Dev] [PEP466] SSLSockets, and sockets, _socketobjects oh my!

Antoine Pitrou antoine at python.org writes: No, IIRC there shouldn't be a cycle. It's just complicated in a different way than 3.x Regards Antoine. Indeed, you're right, this is just differently convoluted so no leak (not that I would call collected by a normal GC a leak :-)). That

Re: [Python-Dev] [PEP466] SSLSockets, and sockets, _socketobjects oh my!

Antoine Pitrou antoine at python.org writes: You mean for use with SSL_set_app_data? Yes, if you look in ``_servername_callback``, you can see where it uses ``SSL_get_app_data`` and then reads ``ssl-Socket``, which is supposed to be the same object that's returned by

[Python-Dev] [PEP466] SSLSockets, and sockets, _socketobjects oh my!

Hi all, I've been happily working on the SSL module backports for Python2 (pursuant to PEP466), and I've hit something of a snag: In python3, the SSLSocket keeps a weak reference to the underlying socket, rather than a strong reference, as Python2 uses. Unfortunately, due to the way sockets

[Python-Dev] Network Security Backport Status

Hi all, I wanted to bring everyone up to speed on the status of PEP 466, what's been completed, and what's left to do. First the completed stuff: * hmac.compare_digest * hashlib.pbkdf2_hmac Are both backported, and I've added support to use them in Django, so users should start seeing these

Re: [Python-Dev] [Python-checkins] cpython: Remove the redundant and poorly worded warning message.

Hi python-dev and Raymond, I think this change is a considerable usability regression for the documentation. Right now the warnings about CSPRNGs are hidden in the introductory paragraph, which users are likely to skip. I agree that there's no need to repeat the same advice twice, but I'd much

Re: [Python-Dev] PEP 466 (round 5): selected network security enhancements for Python 2.7

This mostly looks good to me, however I'm not sure I understand the point of this sentence: Rather, it is intended to send a clear signal to potential corporate contributors that the core development team are willing to accept offers of corporate assistance in putting this policy into effect

Re: [Python-Dev] PEP 466 (round 4): Python 2.7 network security enhancements

A casual glance at https://github.com/kennethreitz/requests/blob/master/requests/packages/urllib3/ util.py#L610 which is probably the most widely used consumer of these APIs, outside the stdlib itself, looks to me like if these names were to suddenly show up, everything would continue to work just

Re: [Python-Dev] PEP 466 (round 4): Python 2.7 network security enhancements

At this I think this PEP has become a little too vague and abstract, and I think we'd probably be better served by getting more concrete: Problem: Some of Python 2's modules which are fundamentally necessary for interop with the broader internet, and the security thereof, are missing really

Re: [Python-Dev] PEP 466: Proposed policy change for handling network security enhancements

Thanks for putting this together Nick. I suspect it goes without saying that I'm wildly +1 on this as a whole. I'm in favor of leaving it somewhat implicit as to exactly which networking modules concern the health of the internet as a whole. Alex ___

Re: [Python-Dev] GC pauses in CPython

Maciej Fijalkowski fijall at gmail.com writes: HI I'm working on an incremental GC for PyPy. How do I measure GC pauses in CPython? (that is, the circular reference searching stuff) Cheers, fijal For what it's worth I threw together some code that might be helpful:

Re: [Python-Dev] performance of {} versus dict()

Stefan Behnel stefan_ml at behnel.de writes: Right. If that makes a difference, it's another bug. Stefan It's fixed, with, I will note, fewer lines of code than many messages in this thread: https://bitbucket.org/pypy/pypy/changeset/c30cb1dcb7a9adc32548fd14274e4995 Alex

Re: [Python-Dev] [compatibility-sig] do all VMs implement the ast module? (was: Re: AST optimizer implemented in Python)

Brett Cannon brett at python.org writes: Time to ask the other VMs what they are currently doing (the ast module came into existence in Python 2.6 so all the VMs should be answer the question since Jython is in alpha for 2.7 compatibility). As far as I know PyPy supports the ast module,

Re: [Python-Dev] Requesting pronouncement on PEP 0424

On Mon, Jul 30, 2012 at 9:51 AM, Guido van Rossum gu...@python.org wrote: Also, I have a few content quibbles: - Is it really worth flagging a negative return value with ValueError? I'd just as well clip this to zero. What's the worry? That the computed value is wrong? But it's only meant to

Re: [Python-Dev] Requesting pronouncement on PEP 0424

Guido van Rossum guido at python.org writes: Looks good to me, so accepted.But why isn't it visible on python.org/dev/peps/ yet? I just realized the text in the python.org repo did not match what I had locally. I've pushed what I intended to be the latest text, if everyone could take a

[Python-Dev] Requesting pronouncement on PEP 0424

Hi all, The discussion on PEP 0424 seems to have subsided (and I haven't gotten angry emails in a week!). So I would like to request a BDFL or BDFP pronouncement on PEP 0424, text available here: http://hg.python.org/peps/file/tip/pep-0424.txt Alex

Re: [Python-Dev] A new JIT compiler for a faster CPython?

That's not, strictly speaking, true. Mozilla added a method-JIT (Jaegermonkey) and then added another one (IonMonkey) because their tracing JIT (Tracemonkey) was bad. There's no fundamental reason that tracing has to only cover loops, indeed PyPy's tracing has been generalized to compile

Re: [Python-Dev] A new JIT compiler for a faster CPython?

Victor Stinner victor.stinner at gmail.com writes: Example: a = GETLOCAL(0); # a if (a == NULL) /* error */ b = GETLOCAL(1); # b if (b == NULL) /* error */ return PyNumber_Add(a, b); I don't expect to run a program 10x faster, but I would be happy if I can run arbitrary

Re: [Python-Dev] PEP 0424: A method for exposing a length hint

I've updated the PEP to reflect the discussion. There are two major changes: 1) NotImplemented may be used by __length_hint__ to indicate that there is no finite length hint available. 2) callers of operator.length_hint() must provide their own default value, this is also required by the

[Python-Dev] PEP 0424: A method for exposing a length hint

Hi all, I've just submitted a PEP proposing making __length_hint__ a public API for users to define and other VMs to implement: PEP: 424 Title: A method for exposing a length hint Version: $Revision$ Last-Modified: $Date Author: Alex Gaynor alex.gay...@gmail.com Status: Draft Type: Standards

Re: [Python-Dev] PEP 0424: A method for exposing a length hint

On Sat, Jul 14, 2012 at 4:18 PM, Benjamin Peterson benja...@python.orgwrote: 2012/7/14 Alex Gaynor alex.gay...@gmail.com: Proposal This PEP proposes formally documenting ``__length_hint__`` for other interpreter and non-standard library Python to implement

Re: [Python-Dev] PEP 0424: A method for exposing a length hint

On Sat, Jul 14, 2012 at 10:16 PM, Nick Coghlan ncogh...@gmail.com wrote: On Sun, Jul 15, 2012 at 9:18 AM, Benjamin Peterson benja...@python.org wrote: Open questions == There are two open questions for this PEP: * Should ``list`` expose a kwarg in it's constructor for

Re: [Python-Dev] [compatibility-sig] making sure importlib.machinery.SourceLoader doesn't throw an exception if bytecode is not supported by a VM

For PyPy: I'm not an expert in our import, but from looking at the source 1) imp.cache_from_source is unimplemented, it's an AttributeError. 2) sys.dont_write_bytecode is always false, we don't respect that flag (we really should IMO, but it's not a high priority for me, or anyone else

Re: [Python-Dev] [compatibility-sig] making sure importlib.machinery.SourceLoader doesn't throw an exception if bytecode is not supported by a VM

On Tue, Jun 12, 2012 at 11:47 AM, Brett Cannon br...@python.org wrote: On Tue, Jun 12, 2012 at 12:38 PM, Alex Gaynor alex.gay...@gmail.comwrote: For PyPy: I'm not an expert in our import, but from looking at the source 1) imp.cache_from_source is unimplemented, it's an AttributeError

Re: [Python-Dev] backporting stdlib 2.7.x from pypy to cpython

Eric Snow ericsnowcurrently at gmail.com writes: Nick's option 2 would be an improvement, but I imagine that option 3 would have been the most effective by far. Of course, the key thing is how closely the various implementors would follow the new list. Only they could say, though Frank

Re: [Python-Dev] Add a frozendict builtin type

Nick Coghlan ncoghlan at gmail.com writes: I'm pretty sure the PyPy jit can already pick up and optimise cases where a dict goes read-only (i.e. stops being modified). No, it doesn't. We handle cases like a type's dict, or a module's dict, by having them use a different internal implementation

Re: [Python-Dev] requirements for moving __import__ over to importlib?

Brett Cannon brett at python.org writes: IOW you want the sys.modules case fast, which I will never be able to match compared to C code since that is pure execution with no I/O. Sure you can: have a really fast Python VM. Constructive: if you can run this code under PyPy it'd be easy to

Re: [Python-Dev] Hash collision security issue (now public)

A few thoughts on this: a) This is not a new issue, I'm curious what the new interest is in it. b) Whatever the solution to this is, it is *not* CPython specific, any decision should be reflected in the Python language spec IMO, if CPython has the semantic that dicts aren't vulnerable to hash

Re: [Python-Dev] RFC: Add a new builtin strarray type to Python?

There are a number of issues that are being conflated by this thread. 1) Should str += str be fast. In my opinion, the answer is an obvious and resounding no. Strings are immutable, thus repeated string addition is O(n**2). This is a natural and obvious conclusion. Attempts to change this

Re: [Python-Dev] Possible optimization for LOAD_FAST ?

On Tue, Jan 4, 2011 at 10:20 AM, Nick Coghlan ncogh...@gmail.com wrote: On Wed, Jan 5, 2011 at 1:58 AM, Guido van Rossum gu...@python.org wrote: On Tue, Jan 4, 2011 at 2:49 AM, Michael Foord fuzzy...@voidspace.org.uk wrote: I think someone else pointed this out, but replacing builtins

Re: [Python-Dev] Possible optimization for LOAD_FAST ?

Cesare Di Mauro cesare.di.mauro at gmail.com writes: 2010/12/28 Lukas Lueg lukas.lueg at googlemail.com Consider the following code: def foobar(x):    for i in range(5):        x[i] = i The bytecode in python 2.7 is the following:  2           0 SETUP_LOOP              30 (to 33)

[Python-Dev] Very Strange Argument Handling Behavior

Hi all, I ran into the follow behavior while making sure Django works correctly on PyPy. The following behavior was observed in all tested versions of CPython (2.5, 3.1): def f(**kwargs): ... print(kwargs) ... kwargs = {1: 3} dict({}, **kwargs) {1: 3} f(**kwargs) Traceback (most recent

Re: [Python-Dev] O(1) random access to deque? (Re: patch to make list.pop(0) work in O(1) time)

On Wed, Jan 27, 2010 at 4:50 PM, Nick Coghlan ncogh...@gmail.com wrote: Steve Howell wrote: There is also the possibility that my initial patch can be refined by somebody smarter than myself to eliminate the particular tradeoff. In fact, Antoine Pitrou already suggested an approach, although I

Re: [Python-Dev] patch to make list.pop(0) work in O(1) time

On Wed, Jan 27, 2010 at 11:30 PM, Steve Howell showel...@yahoo.com wrote: --- On Wed, 1/27/10, Raymond Hettinger raymond.hettin...@gmail.com wrote: From: Raymond Hettinger raymond.hettin...@gmail.com * the current design encourages people to use the right data structure for a given need.  

Re: [Python-Dev] patch to make list.pop(0) work in O(1) time

On Mon, Jan 25, 2010 at 7:32 PM, Michael Foord fuzzy...@voidspace.org.uk wrote: On 26/01/2010 00:28, Christian Heimes wrote: Michael Foord wrote: How great is the complication? Making list.pop(0) efficient sounds like a worthy goal, particularly given that the reason you don't use it is

Re: [Python-Dev] PEP 3146: Merge Unladen Swallow into CPython

On Fri, Jan 22, 2010 at 1:07 PM, Collin Winter collinwin...@google.com wrote: Hey Jake, On Thu, Jan 21, 2010 at 10:48 AM, Jake McGuire mcgu...@google.com wrote: On Thu, Jan 21, 2010 at 10:19 AM, Reid Kleckner r...@mit.edu wrote: On Thu, Jan 21, 2010 at 12:27 PM, Jake McGuire

Re: [Python-Dev] PEP 3146: Merge Unladen Swallow into CPython

On Thu, Jan 21, 2010 at 3:00 PM, Steve Steiner (listsin) list...@integrateddevcorp.com wrote: On Jan 21, 2010, at 3:20 PM, Collin Winter wrote: Hey Greg, On Wed, Jan 20, 2010 at 10:54 PM, Gregory P. Smith g...@krypto.org wrote: +1 My biggest concern is memory usage but it sounds like

Re: [Python-Dev] PyCon Keynote

On Thu, Jan 21, 2010 at 9:19 PM, Jesse Noller jnol...@gmail.com wrote: On Thu, Jan 21, 2010 at 6:16 PM,  s...@pobox.com wrote: How about explaining why you're not going to give Collin a pony? Skip You're on to something, but the question is: 1 How do we get a pony to atlanta 2 Later