\Martin v. Löwis\ [EMAIL PROTECTED] wrote:
There are know problems comparing durations (e.g. is 30 days more
or less than a month?). For time stamps, there is no issue. For
calender dates, there are again problems, in particular with time
zones.
Python durations (datetime.timedelta) do not
Brett Cannon [EMAIL PROTECTED] wrote:
Treat dates as if they have a time-part of midnight. This is my preferred
solution, and it is already what the datetime module does, for example,
when subtracting two dates.
I personally like the current solution. The proposal to just assume
Phillip J. Eby [EMAIL PROTECTED] wrote:
At 09:20 PM 3/9/2007 +, Jon Ribbens wrote:
If you want the answer to be the entire of that day then you need
to alter the datetime module so that, e.g. subtracting 2007-03-08
from 2007-03-09 does not return one day as currently, but returns
zero
Steven Bethard [EMAIL PROTECTED] wrote:
Using the .date() is fine when the year/month/day doesn't match. So
the following are fine::
datetime.datetime(2005, 1, 1, 0, 0, 0) datetime.date(2006, 1, 1)
datetime.datetime(2007, 1, 1, 0, 0, 0) datetime.date(2006, 1, 1)
It's *not* okay to
Christian Heimes [EMAIL PROTECTED] wrote:
Jon Ribbens schrieb:
So you're deciding that a 'date' is 'the entire of that day', except
when you subtract two of them, when it suddenly means something else? ;-)
It makes kinda sense although it looks like a contradiction at first.
The common
Christian Heimes [EMAIL PROTECTED] wrote:
What do you feel next Tuesday plus 12 hours means? ;-)
First thought: It's nonsense! Nobody would say that. ;)
Second though: Tuesday noon (12h after the beginning of Tuesday)
I agree with you entirely. Your suggestions correspond to 'throw an
Robert Brewer [EMAIL PROTECTED] wrote:
One solution that just occurred to me -- and that
skirts the issue of choosing an interpretation --
is that, when comparing date and datetime objects,
the datetime's .date() method is called and the
result of that call is compared to
Steven Bethard [EMAIL PROTECTED] wrote:
I don't see why the docs can't be explicit about what subtraction
means given that there are a number of possible interpretations.
I don't see why the docs can't be explicit about what comparison
means given that there are a number of possible
I see you snipped without response my request to back up your claim
that assuming that a date() is a datetime() with a time of midnight
will clearly break that logic.
Am I to assume you cannot back it up?
___
Python-Dev mailing list
Steven Bethard [EMAIL PROTECTED] wrote:
I was trying to minimize the extent of this already too long thread,
assuming you could go do the reading I referred you to if you were
really interested in the answer.
There's nothing to be gained by being patronising.
I still encourage you to read
Collin Winter [EMAIL PROTECTED] wrote:
Please find or write a package that makes the assumptions you want,
since datetime clearly isn't the module you want.
Datetime clearly *is* the module I want. It already makes the
assumptions I want, I just want it to make them consistently.
Andrew McNamara [EMAIL PROTECTED] wrote:
The point was to produce the same results as Excel. Sure, Excel probably
doesn't generate crap like this itself, but 3rd parties do, and people
complain if we don't parse it just like Excel (sigh).
The slight problem with copying Excel is that Excel
Gordon Messmer [EMAIL PROTECTED] wrote:
After some discussion, Aahz suggested that I discuss the problem here,
on python-dev. He seemed to think that the problem I saw may have been
an indication of a bug in python. Could anyone take a look at that
thread and say whether it looks like a
Aahz [EMAIL PROTECTED] wrote:
One small wrinkle (and the reason I suggested bringing this to
python-dev): I suspect that the problem is not a bug, but simply the
occasional failure of sockets. When that happens in a threaded app
without timeouts, eventually threads die (block forever). But
Gordon Messmer [EMAIL PROTECTED] wrote:
Tonight I should have time to pull an old copy of the code out of CVS
and recreate the test script that I used. Once I have, it should be a
matter of feeding a big list of email addresses to the script and
waiting a couple of minutes for the script
Nick Maclaren [EMAIL PROTECTED] wrote:
Sockets, terminals etc. are stateful devices, and killing a process
can leave them in a very unclean state. It is one of the most
common causes of unkillable processes (the process can't go until
its files do, and the socket is jammed).
Can you
Nick Maclaren [EMAIL PROTECTED] wrote:
Well, I have seen it hundreds of times on a dozen different Unices;
it is very common. You don't always SEE the stuck process - sometimes
the 'kill -9' causes the pid to become invisible to ps etc., and
just occasionally it can continue to use CPU until
\Martin v. Löwis\ [EMAIL PROTECTED] wrote:
And do we even need os.fork(), os.exec*(), os.spawn*()?
I don't know about about *os*.fork; I surely like to have posix.fork.
The posix module exposes many OS functions as-is. This has the
advantage that their semantics are crystal-clear: they do
Guido van Rossum [EMAIL PROTECTED] wrote:
-1
Me too.
While this may be theoretically preferable, I believe that in practice
changing this would be a major pain for very little gain. I don't
recall ever finding a bug related to this feature, and I believe it's
occasionally useful.
I find it
On Wed, May 02, 2007 at 10:23:39PM -0700, Raymond Hettinger wrote:
Another way to look at it is to ask whether we would consider
adding implicit string concatenation if we didn't already have it.
I think there would be a chorus of emails against it
Personally, I would have been irritated if
On Sat, May 19, 2007 at 07:14:09PM +0200, Georg Brandl wrote:
For the impatient: the result can be seen at http://pydoc.gbrandl.de.
I think that looks great.
One comment I have, I don't know if it's relevant - it perhaps depends
on whether the Global Module Index is auto-generated or not. This
On Tue, May 22, 2007 at 06:13:36PM +0200, Georg Brandl wrote:
Finding the location that tells you how to suggest changes, and opening
a new bug in the infamous SF tracker is not really something people do
happily. A click here to suggest a change link that leads to a pseudo-
edit-form,
On Tue, May 22, 2007 at 01:19:36PM -0400, Steve Holden wrote:
For example, this rocks! ::
http://pydoc.gbrandl.de/search.html?q=os.patharea=default
It would be more impressive if the search string returned hits ...
Also if it was not completely reliant on JavaScript...
(Maybe it's
On Tue, Jun 05, 2007 at 12:55:07PM -0400, Todd Hopfinger wrote:
I am using TLS Lite and J2ME SecureConnection for the purposes of
encrypting traffic to/from a Java Midlet client and a multithreaded Python
server. However, I encounter a TLSAbruptCloseError. I have tried to
determine
On Thu, Jul 26, 2007 at 04:08:37PM +, Cameron Laird wrote:
Folklore that I remember so unreliably I avoid trying to repeat it here
held that Python threading had problems on BSD and allied Unixes. What's
the status of this? I suspect the answer is, Everything works, and the
only real
On Thu, Sep 13, 2007 at 12:19:21PM +0200, André Malo wrote:
Pardon my ignorance but why does Python do reference counting for truly
global and static objects like None, True, False, small and cached
integers, sys and other builtins? If I understand it correctly these
objects are never
On Thu, Sep 13, 2007 at 01:15:39PM +0200, Martin v. Löwis wrote:
To put it another way, would it actually matter if the reference
counts for such objects became hopelessly wrong due to non-atomic
adjustments?
If they drop to zero (which may happen due to non-atomic adjustments),
Python
On Thu, Sep 13, 2007 at 06:38:05PM -0500, [EMAIL PROTECTED] wrote:
Hrvoje More precisely, Python will call the deallocator appropriate for
Hrvoje the object type. If that deallocator does nothing, the object
Hrvoje continues to live. Such objects could also start out with a
On Tue, Oct 23, 2007 at 12:16:41PM +1300, Greg Ewing wrote:
[EMAIL PROTECTED] wrote:
This interface follows the completely stupid semantics of System V and
IEEE Std 1003.1-1988 (``POSIX.1'') that require that all locks
associated with a file for a given process are removed when
On Tue, Oct 23, 2007 at 12:29:35PM +1300, Greg Ewing wrote:
[EMAIL PROTECTED] wrote:
Does fcntl.flock work over NFS and SMB and on Windows?
I don't think file locking will ever work over NFS, since
it's a stateless protocol by design, and locking would
require maintaining state on the
On Mon, Jan 14, 2008 at 03:07:20PM -0500, Barry Warsaw wrote:
I feel pretty strongly that ~/bin should *not* be used. It makes
sense to me that ~/.local would mirror /usr/local.
It makes sense, but personally I have never heard before of ~/.local.
Whereas ~/bin is something I am quite
On Mon, Jan 28, 2008 at 08:07:21PM -0800, Guido van Rossum wrote:
PS. There's something wrong with Raymond's mailer that creates a
thread in gmail whenever he responds. I suspect it's not correctly
adding an In-reply-to header. That makes the thread feel much more
disconnected than most,
On Thu, Apr 16, 2009 at 12:10:36PM +0400, Oleg Broytmann wrote:
This patch adds a monthdelta class and a monthmod function to the
datetime module. The monthdelta class is much like the existing
timedelta class, except that it represents months offset from a date,
rather than an exact
On Wed, Mar 19, 2008 at 02:05:37AM +0900, [EMAIL PROTECTED] wrote:
So, at the risk of painting a bike-shed, I'd like to propose that we adopt
'AMD64' in distutils (needs a change), platform.py (needs a change to use
sys.getwindowsversion() in preference to pywin32, if possible, anyway),
and
On Wed, Sep 17, 2008 at 08:21:55AM -0700, Alex Martelli wrote:
Unbelievable as this may seem, this crazy over-committing malloc
behavior is by now a classic -- I first fought against it in 1990,
when IBM released AIX 3 for its then-new RS/6000 line of workstations;
in a later minor release
On Wed, Aug 04, 2010 at 07:26:06PM -0400, Barry Warsaw wrote:
On Aug 04, 2010, at 06:39 PM, Steve Holden wrote:
I'll see if I can get God to extend it for you.
No need to involve the supernatural Steve! Just approve that PSF grant I
submitted so I can finish my (Python powered of course!)
On Tue, Sep 14, 2010 at 11:43:46AM -0500, s...@pobox.com wrote:
We got rid of gopherlib a few years ago (deprecated in 2.5, presumably gone
in 2.6). I suspect the NNTP protocol has a greatly diminished user base as
well, GMANE's presence notwithstanding.
NNTP is *very* considerably less dead
On Fri, Oct 08, 2010 at 01:24:09PM +0200, Dirkjan Ochtman wrote:
On Fri, Oct 8, 2010 at 09:05, Tarek Ziadé ziade.ta...@gmail.com wrote:
The feedback I received for this is pretty clear: people want a single
script that can be called directly. e.g.
$ distutils2 depgraph
$ distutils2
On Fri, Oct 08, 2010 at 11:04:35AM -0400, Toshio Kuratomi wrote:
In the larger universe of programs, it might make for more intuitive
remembering of the command to use a prefix (either py or python) though.
python-setup is a lot like python setup.py
pysetup is shorter
pyegg is even shorter
On Sun, Mar 27, 2011 at 05:21:08PM +0200, Antoine Pitrou wrote:
On Sun, 27 Mar 2011 10:06:49 -0500
s...@pobox.com wrote:
It seems that all checkin mails are utf-8-encoded. This makes it
challenging to view checkin mails if you have a text-based mail reader. (I
use VM within XEmacs.
On Sun, Mar 27, 2011 at 02:13:29PM -0400, Eugene Toder wrote:
I'm not disputing that, and I understand that my current choice of mail
reader limits me. I was just asking if it would be possible (read: fairly
easy) to only generate utf-8 when it was necessary.
Isn't utf-8 itself same as
On Sun, Mar 27, 2011 at 02:21:25PM -0400, R. David Murray wrote:
Mind you, I've never managed to get the -- button working reliably
either, but to be fair that's insanely complicated too.
No idea what that is.
Backspace key.
___
Python-Dev
Am I correct in thinking that Python's newfangled socket.settimeout()
feature does not play well with SSL wrapped sockets? Would there be
any interest in making it so that it did?
___
Python-Dev mailing list
Python-Dev@python.org
On Mon, Feb 17, 2014 at 12:43:25PM +0100, M.-A. Lemburg wrote:
This doesn't only apply to numeric comparisons. In Python 2 you
can compare None with any kind of object and it always sorts first,
No you can't. See http://bugs.python.org/issue1673405 .
According to Tim Peters, the None is less
On Mon, Sep 28, 2009 at 09:38:20AM +0100, Floris Bruynooghe wrote:
On Mon, Sep 28, 2009 at 06:59:45AM +0300, Yuvgoog Greenle wrote:
-1 for deprecating getopt. getopt is super-simple and especially useful for
c programmers learning python.
+1 for argparse.+1 for eventual deprecation of
On Thu, Oct 01, 2009 at 09:58:59AM +0100, Paul Moore wrote:
(Question - is it *ever* possible for a Unix program to have invalid
file descriptors 0,1 and 2? At startup - I'm assuming anyone who does
os.close(1) knows what they are doing!)
Yes, at startup you just have the file descriptors your
On Fri, Mar 12, 2010 at 05:56:57PM -0500, Barry Warsaw wrote:
Nope, sorry I should have been clearer.
*creation* is the key here. As per BDFL pronouncement, we'll support reading
pyc-only modules just like we do today. This is in PEP 3147. We won't
support creating them though.
BTW,
On Tue, Apr 20, 2010 at 03:27:53PM -0400, Neal Becker wrote:
I have a preference to allow at least exact matches to succeed even in the
case of ambiguity - mainly because I accidentally created this already once,
and I feel it's better to at least work somewhat. Not sure if there is any
On Wed, Apr 21, 2010 at 03:53:16AM -0400, Eric Smith wrote:
I agree the new behavior is desirable. And I also think it should be the
default, although I feel less strongly about that.
But since this behavior seems to be an accident of the implementation
(based on Steve's comment above), I
On Sun, May 09, 2010 at 03:19:40PM -0600, David Abrahams wrote:
Yes. But the question is whether urlparse should really be so fragile
that every hierarchical scheme needs to be explicitly registered.
Surely ending with “+file” should be sufficient to have it recognized
as a file-based scheme
On Sun, May 23, 2010 at 03:16:27PM +0400, Andrew Svetlov wrote:
Is there any reason to have Future .cancelled, .done, .running as methods?
From my perspective they are really readonly properties.
BTW, is 'cancelled' correct name? Spell-checkers likes only single 'l'
form: 'canceled'.
In
On Mon, Jul 27, 2015 at 04:28:48PM -0700, Chris Barker wrote:
The only other thing I found
really weird about datetime is how Python 2 had no implementation of
a UTC tzinfo class, despite this being utterly trivial -
Huh? it is either so trivial that there is no point --
On Mon, Jul 27, 2015 at 01:04:03AM -0500, Tim Peters wrote:
[Tim]
The Python docs also are quite clear about that all arithmetic within
a single timezone is naive. That was intentional. The _intended_
way to do aware arithmetic was always to convert to UTC, do the
arithmetic, then
On Tue, Mar 15, 2016 at 01:30:08PM -0700, Guido van Rossum wrote:
> I came across a file that had two different coding cookies -- one on
> the first line and one on the second. CPython uses the first, but mypy
> happens to use the second. I couldn't find anything in the spec or
> docs ruling out
On Mon, Apr 11, 2016 at 11:40:05AM +0200, Victor Stinner wrote:
> 2016-04-10 18:43 GMT+02:00 Jon Ribbens <jon+python-...@unequivocal.co.uk>:
> > That's the opposite of my approach though - I'm starting small and
> > adding things, not starting with everything and removing st
On Fri, Apr 08, 2016 at 05:49:12PM +0200, Marcin Kościelnicki wrote:
> On 08/04/16 16:18, Jon Ribbens wrote:
> That one is trivially fixable, but here goes:
>
> async def a():
> global c
> c = b.cr_frame.f_back.f_back.f_back
>
> b = a()
> b.send(None)
>
I've made another attempt at Python sandboxing, which does something
which I've not seen tried before - using the 'ast' module to do static
analysis of the untrusted code before it's executed, to prevent most
of the sneaky tricks that have been used to break out of past attempts
at sandboxes.
In
On Fri, Apr 08, 2016 at 03:37:45PM +0100, Paul Moore wrote:
> On 8 April 2016 at 15:18, Jon Ribbens <jon+python-...@unequivocal.co.uk>
> wrote:
> > I would be very interested to see if anyone can manage to break it.
> > Bugs which are trivially fixable are of cours
On Fri, Apr 08, 2016 at 05:21:38PM +0200, Arthur Darcet wrote:
>If i'm not mistaken, this breaks out:
>> exec('open("out", "w").write("a")', {})
>because if the second argument of exec does not contain a __builtins__
>key, then a copy of the original builtins module is inserted:
>
On Tue, Apr 12, 2016 at 01:08:36PM +1200, Greg Ewing wrote:
> Jon Ribbens wrote:
> >So far it looks like blocking "_*" and the frame object attributes
> >appears to be sufficient.
>
> Even if your sandbox as it currently exists is secure, it's
> only an extremel
On Mon, Apr 11, 2016 at 08:35:11AM -0700, Nikolaus Rath wrote:
> On Apr 11 2016, Jon Ribbens <jon+python-...@unequivocal.co.uk> wrote:
> >> What I see is that you asked to break your sandbox, and less than 1
> >> hour later, a first vulnerability was found (exec call
On Tue, Apr 12, 2016 at 06:57:37PM +1000, Chris Angelico wrote:
> And yes, you win if you get another module. Interestingly, you're
> allowed to import urllib.parse, but not urllib itself; but "import
> urllib.parse" makes urllib available - and, since modules inside
> modules are blacklisted,
On Tue, Apr 12, 2016 at 06:28:34PM +1000, Chris Angelico wrote:
> On Sat, Apr 9, 2016 at 12:18 AM, Jon Ribbens
> <jon+python-...@unequivocal.co.uk> wrote:
> > Anyway the code is at https://github.com/jribbens/unsafe
> > It requires Python 3.4 or later (it could
On Tue, Apr 12, 2016 at 01:38:09PM +0200, Maciej Fijalkowski wrote:
> Jon, let me reiterate. You asked people to break it (that's the title
> of the thread) and they did so almost immediately. Then you patched
> the thing and asked them to break it again and they did. Now the
> faulty assumption
On Tue, Apr 12, 2016 at 02:16:57PM +0200, Victor Stinner wrote:
> I read your code and the code of CPython. I found many issues.
Thanks for your efforts.
> Your "safe import" hides real functions with a proxy. Ok. But the code
> of modules is still run in the real namespace,
Yes, that was the
On Tue, Apr 12, 2016 at 10:45:06PM +1000, Chris Angelico wrote:
> On Tue, Apr 12, 2016 at 10:42 PM, Jon Ribbens
> <jon+python-...@unequivocal.co.uk> wrote:
> > That's not a vulnerability, and it's something I already explicitly
> > mentioned - if you can get a functi
On Tue, Apr 12, 2016 at 08:27:14PM +1000, Chris Angelico wrote:
> On Tue, Apr 12, 2016 at 8:06 PM, Jon Ribbens
> <jon+python-...@unequivocal.co.uk> wrote:
> > No, it still isn't. If the names blacklist had to keep being extended
> > then you would be right, but tha
On Tue, Apr 12, 2016 at 06:21:04AM -0400, Isaac Morland wrote:
> On Tue, 12 Apr 2016, Jon Ribbens wrote:
> >>This is still a massive game of whack-a-mole.
> >
> >No, it still isn't. If the names blacklist had to keep being extended
> >then you would be right, b
On Tue, Apr 12, 2016 at 02:05:06PM +0200, Victor Stinner wrote:
> 2016-04-12 13:10 GMT+02:00 Jon Ribbens <jon+python-...@unequivocal.co.uk>:
> > No, it's a matter of reducing the whitelist. I must admit that
> > I don't understand in what way this is not already clear. Lo
On Tue, Apr 12, 2016 at 02:31:19PM +0200, Victor Stinner wrote:
> Oh, I forgot to mention another vulnerability: you block access to
> attributes by replacing getattr and by analyzing the AST. Ok, but one
> more time, it's not enough. If you get access to obj.__dict__, you
> will likely get access
On Tue, Apr 12, 2016 at 11:03:11PM +1000, Chris Angelico wrote:
> One of the key differences with scripts in web browsers is that there
> *is* no "outer environment" to access.
If you think that then I think you considerably misunderstand how
modern browsers work.
> Remember what I said about
On Tue, Apr 12, 2016 at 01:40:57PM +, David Wilson wrote:
> On Tue, Apr 12, 2016 at 11:12:27PM +1000, Steven D'Aprano wrote:
> > I can think of one possible threat. Suppose that the locale library
> > has a bug, so that calling "aardvark".isdigit seg faults, potentially
> > executing arbitrary
On Sun, Apr 10, 2016 at 02:51:23PM +1000, Nick Coghlan wrote:
> On 9 April 2016 at 22:43, Victor Stinner wrote:
> > See pysandbox test suite for a lot of ways to escape a sandbox. CPython has
> > a list of know code to crash CPython (I don't recall the dieectory in
> >
On Sat, Apr 09, 2016 at 02:43:19PM +0200, Victor Stinner wrote:
>Please don't loose time trying yet another sandbox inside CPython. It's
>just a waste of time. It's broken by design.
>
>Please read my email about my attempt (pysandbox):
>https://lwn.net/Articles/574323/
>
>
On Mon, Apr 11, 2016 at 12:07:48AM +0300, Serhiy Storchaka wrote:
> On 10.04.16 19:51, Jon Ribbens wrote:
> >On Sun, Apr 10, 2016 at 02:51:23PM +1000, Nick Coghlan wrote:
> >>On 9 April 2016 at 22:43, Victor Stinner <victor.stin...@gmail.com> wrote:
> >>>See py
On Sun, Apr 10, 2016 at 02:08:16PM -0700, Nikolaus Rath wrote:
> On Apr 10 2016, Jon Ribbens <jon+python-...@unequivocal.co.uk> wrote:
> > On Sat, Apr 09, 2016 at 02:43:19PM +0200, Victor Stinner wrote:
> > That's the opposite of my approach though - I'm starting small
On Sat, Apr 09, 2016 at 02:20:49AM +1000, Chris Angelico wrote:
> On Sat, Apr 9, 2016 at 12:18 AM, Jon Ribbens
> <jon+python-...@unequivocal.co.uk> wrote:
> > Anyway the code is at https://github.com/jribbens/unsafe
> > It requires Python 3.4 or later (it could
On Mon, Apr 11, 2016 at 04:04:21PM +0100, Paul Moore wrote:
> However, it's not at all clear (to me at least) what you *are* trying
> to do.
I'm trying to see to what extent we can use ast node inspection to
remedy the failures of prior attempts at Python sandboxing. Is there
*any* extent to
On Tue, Apr 12, 2016 at 03:02:54AM +1000, Chris Angelico wrote:
> On Tue, Apr 12, 2016 at 2:53 AM, Jon Ribbens
> <jon+python-...@unequivocal.co.uk> wrote:
> > On Mon, Apr 11, 2016 at 04:04:21PM +0100, Paul Moore wrote:
> >> However, it's not at all clear (to me at l
79 matches
Mail list logo