[Python-Dev] Patch reviews

2016-08-31 Thread Christian Heimes
Hi, I have 7 patches for 3.6 ready for merging. The new features were discussed on Security-SIG and reviewed by Victor or GPS. The patches just need one final review and an ACK. The first three patches should land in 2.7, 3.4 and 3.5, too. http://bugs.python.org/issue26470 Make OpenSSL module

Re: [Python-Dev] Update on PEP 523 and adding a co_extra field to code objects

2016-08-31 Thread Victor Stinner
The PEP 445, C API for malloc, allows to plug multiple wrappers and each wrapper has its own "void* context" data. When you register a new wrapper, you store the current context and function to later chain it. See the hooks example:

Re: [Python-Dev] Supported versions of OpenSSL

2016-08-31 Thread M.-A. Lemburg
On 31.08.2016 01:55, Gregory P. Smith wrote: > On Tue, Aug 30, 2016 at 1:08 PM M.-A. Lemburg wrote: >>> On 29.08.2016 22:16, Christian Heimes wrote: >>> In my >>> opinion it is more than reasonable to ditch 1.0.1 and earlier. >> >> I want you to consider the consequences of doing

Re: [Python-Dev] Supported versions of OpenSSL

2016-08-31 Thread Antoine Pitrou
On Wed, 31 Aug 2016 10:31:12 +0200 "M.-A. Lemburg" wrote: > > I am thinking of Python users out there who are running on LTS > OS releases simply because their IT doesn't let them run anything > else. There is a solution nowadays, which is to use Anaconda (or Miniconda).

Re: [Python-Dev] Supported versions of OpenSSL

2016-08-31 Thread Paul Moore
On 31 August 2016 at 00:55, Gregory P. Smith wrote: > I find that users of such systems either use only what their distro itself > supplies (ie: ancient versions at that point) or are fully comfortable > building any dependencies their own software needs. If they are comfortable

Re: [Python-Dev] Update on PEP 523 and adding a co_extra field to code objects

2016-08-31 Thread Stefan Behnel
Nick Coghlan schrieb am 31.08.2016 um 06:30: > On 31 August 2016 at 04:55, Serhiy Storchaka wrote: >> On 30.08.16 21:20, Antoine Pitrou wrote: >>> But the performance overhead of iterating over a 1-element list >>> is small enough (it's just an array access after a pointer dereference) >>> that it

Re: [Python-Dev] Supported versions of OpenSSL

2016-08-31 Thread Christian Heimes
On 2016-08-31 10:31, M.-A. Lemburg wrote: > In all this discussion I have yet to find a compelling security > relevant argument for using an 1.0.2 API which is so important > that we cannot make this optional at runtime. > > The only argument Christian reported was this one: > > """ >> BTW: Are

Re: [Python-Dev] Supported versions of OpenSSL

2016-08-31 Thread Christian Heimes
On 2016-08-30 22:07, M.-A. Lemburg wrote: > That was not my point. It's unfortunate that Python depends on > a library which is inevitably going to need updates frequently, > and which then may have the implication that Python won't compile on > systems which don't ship with more recent OpenSSL

Re: [Python-Dev] Supported versions of OpenSSL

2016-08-31 Thread Antoine Pitrou
Le 31/08/2016 à 11:33, M.-A. Lemburg a écrit : > On 31.08.2016 10:43, Antoine Pitrou wrote: >> On Wed, 31 Aug 2016 10:31:12 +0200 >> "M.-A. Lemburg" wrote: >>> >>> I am thinking of Python users out there who are running on LTS >>> OS releases simply because their IT doesn't let

Re: [Python-Dev] Supported versions of OpenSSL

2016-08-31 Thread Christian Heimes
On 2016-08-31 11:33, M.-A. Lemburg wrote: > On 31.08.2016 10:50, Christian Heimes wrote: >> On 2016-08-31 10:31, M.-A. Lemburg wrote: >>> In all this discussion I have yet to find a compelling security >>> relevant argument for using an 1.0.2 API which is so important >>> that we cannot make this

Re: [Python-Dev] PEP 526 ready for review: Syntax for Variable and Attribute Annotations

2016-08-31 Thread Steven D'Aprano
On Tue, Aug 30, 2016 at 07:15:55PM -0700, Guido van Rossum wrote: > On Tue, Aug 30, 2016 at 6:00 PM, Steven D'Aprano wrote: > > On Tue, Aug 30, 2016 at 02:20:26PM -0700, Guido van Rossum wrote: > >> I'm happy to present PEP 526 for your collective review: > > > > Are you

Re: [Python-Dev] Supported versions of OpenSSL

2016-08-31 Thread M.-A. Lemburg
On 31.08.2016 12:05, Christian Heimes wrote: > This was my last reply to your mails on this topic. It's clear to me > that you are not open to Cory's, Nick's or my arguments and that you > won't change your position. More replies are just a waste of my limited > time. I *am* open to arguments,

Re: [Python-Dev] Supported versions of OpenSSL

2016-08-31 Thread Nick Coghlan
On 31 August 2016 at 19:33, M.-A. Lemburg wrote: > On 31.08.2016 10:43, Antoine Pitrou wrote: >> On Wed, 31 Aug 2016 10:31:12 +0200 >> "M.-A. Lemburg" wrote: >>> >>> I am thinking of Python users out there who are running on LTS >>> OS releases simply because

Re: [Python-Dev] Supported versions of OpenSSL

2016-08-31 Thread M.-A. Lemburg
On 31.08.2016 10:50, Christian Heimes wrote: > On 2016-08-31 10:31, M.-A. Lemburg wrote: >> In all this discussion I have yet to find a compelling security >> relevant argument for using an 1.0.2 API which is so important >> that we cannot make this optional at runtime. >> >> The only argument

Re: [Python-Dev] Supported versions of OpenSSL

2016-08-31 Thread M.-A. Lemburg
On 31.08.2016 10:43, Antoine Pitrou wrote: > On Wed, 31 Aug 2016 10:31:12 +0200 > "M.-A. Lemburg" wrote: >> >> I am thinking of Python users out there who are running on LTS >> OS releases simply because their IT doesn't let them run anything >> else. > > There is a solution

Re: [Python-Dev] PEP 526 ready for review: Syntax for Variable and Attribute Annotations

2016-08-31 Thread Nick Coghlan
On 31 August 2016 at 15:40, Guido van Rossum wrote: > On Tuesday, August 30, 2016, Nick Coghlan wrote: >> What if we included local variable annotations in func.__annotations__ >> as cells, like the entries in func.__closure__? >> >> We could also use that

Re: [Python-Dev] Supported versions of OpenSSL

2016-08-31 Thread Christian Heimes
On 2016-08-30 18:00, Antoine Pitrou wrote: > On Sun, 28 Aug 2016 22:40:11 +0200 > Christian Heimes wrote: >> >> Here is the deal for 2.7 to 3.5: >> >> 1) All versions older than 0.9.8 are completely out-of-scope and no >> longer supported. >> >> 2) 0.9.8 is semi-support.

Re: [Python-Dev] Supported versions of OpenSSL

2016-08-31 Thread Nick Coghlan
On 31 August 2016 at 20:20, M.-A. Lemburg wrote: > ... which would then mean: Python's compatibility roadmap will > be dictated by OpenSSL. > > I won't buy into that, sorry. Crypto is a helper in certain > situations, it's not what Python is all about. We should not > let OpenSSL

Re: [Python-Dev] PEP 526 ready for review: Syntax for Variable and Attribute Annotations

2016-08-31 Thread Ivan Levkivskyi
On 31 August 2016 at 13:09, Nick Coghlan wrote: > I guess as long as they're included somewhere in the AST for the > function body, I don't mind if the translation to bytecode throws them > away - that's essentially saying that a function level type annotation > is

Re: [Python-Dev] Supported versions of OpenSSL

2016-08-31 Thread M.-A. Lemburg
On 31.08.2016 14:02, Nick Coghlan wrote: > On 31 August 2016 at 20:20, M.-A. Lemburg wrote: >> ... which would then mean: Python's compatibility roadmap will >> be dictated by OpenSSL. >> >> I won't buy into that, sorry. Crypto is a helper in certain >> situations, it's not what

Re: [Python-Dev] Supported versions of OpenSSL

2016-08-31 Thread Brett Cannon
I think it's time for this thread to stop as everyone seems to be talking in circles. Christian said he's going to write a PEP so let's wait for that before discussing this any further so we have a concrete proposal to focus around. On Wed, 31 Aug 2016 at 05:04 Nick Coghlan