Re: [Python-ideas] Any chance on (slowly) deprecating `eval` and `exec` as builtins?

On Wed, Nov 8, 2017 at 10:58 AM, Chris Barker - NOAA Federal wrote: > > > But the point is that the compiler is recursive, and processing nested > constructs consumes the C stack. There are some guards against too deep > recursion (2.7 has less guards and more vulnerable),

[Python-ideas] Any chance on (slowly) deprecating `eval` and `exec` as builtins?

Hi, The dangers of eval and exec are obvious and well known to advanced users, but the availability as built-in functions makes it too tempting for beginners or even medium-level programmers. You can see questions about these function pretty often in stackoverflow (roughly once a day

Re: [Python-ideas] Possible enhancement to typing

On Mon, Nov 6, 2017 at 10:36 PM, Stéfane Fermigier wrote: > > > On Tue, Nov 7, 2017 at 2:58 AM, Guido van Rossum wrote: > >> On Mon, Nov 6, 2017 at 2:34 AM, Stéfane Fermigier >> wrote: >> >>> 4) 10 years ago, when I was working on the

Re: [Python-ideas] Looking for input to help with the pip situation

On 7 November 2017 at 20:38, Chris Barker wrote: > On Tue, Nov 7, 2017 at 5:04 AM, Thomas Jollans wrote: >> >> As Ivan said earlier, perhaps the Windows installers should provide a >> "python3" executable, so "python3 -m pip" works everywhere. > > absolutely!

Re: [Python-ideas] Any chance on (slowly) deprecating `eval` and `exec` as builtins?

07.11.17 16:41, Steven D'Aprano пише: On Tue, Nov 07, 2017 at 03:35:58PM +0200, Serhiy Storchaka wrote: 07.11.17 12:29, אלעזר пише: Also, it is unfortunate that `ast.literal_eval` is less accessible than `builtins.eval`. Giving it an alias in builtins might make it easier for programmers (and

Re: [Python-ideas] Proposal to change Python version release cycle

On Tue, Nov 7, 2017 at 4:52 AM, Nick Coghlan wrote: > Yes, going with "3.10", but encoding it as "3A" in lexically ambiguous > contexts is another option that would let us get as far as 3.35 (aka > "3Z") before encountering ambiguity problems. > No way. I call YAGNI on

Re: [Python-ideas] Any chance on (slowly) deprecating `eval` and `exec` as builtins?

On Wed, Nov 8, 2017 at 7:33 AM, Chris Barker wrote: > On Tue, Nov 7, 2017 at 6:41 AM, Steven D'Aprano wrote: >> In any case, I think that securing literal_eval is much simpler than >> securing eval: >> >> try: >> # a thousand character expression

Re: [Python-ideas] Looking for input to help with the pip situation

On Tue, Nov 7, 2017 at 5:04 AM, Thomas Jollans wrote: > > As Ivan said earlier, perhaps the Windows installers should provide a > "python3" executable, so "python3 -m pip" works everywhere. > absolutely! I really, really thought it did (I'm amazed I never heard from a single

Re: [Python-ideas] Any chance on (slowly) deprecating `eval` and `exec` as builtins?

On Tue, Nov 7, 2017 at 2:29 AM, אלעזר wrote: > The dangers of eval and exec are obvious and well known to advanced users, > but the availability as built-in functions makes it too tempting for > beginners or even medium-level programmers. > I find it dubious to claim that

Re: [Python-ideas] Looking for input to help with the pip situation

On 7 November 2017 at 12:44, Nick Coghlan wrote: >> - make sure the system path is correctly set > > Recent python.org Windows installers do this automatically, but there > are unfortunately still lots of ways for things to go wrong. I believe the latest installers switch it

Re: [Python-ideas] Proposal to change Python version release cycle

On 6 November 2017 at 22:19, Stephan Houben wrote: > 2017-11-06 12:53 GMT+01:00 Brice Parent : >> I think the only problem we can reach here, not only in our lifetimes, but >> in the next years, is not Python3.10 vs Python31.0 (Python3.x will be long >>

Re: [Python-ideas] Looking for input to help with the pip situation

On 2017-11-06 19:04, Michel Desmoulin wrote: > >> I don't see anything particularly bogging here. >> It's always like this when you have multiple versions of the same >> software on the system. There's only one PATH, after all. >> >> Heck, *the mere fact that Python allows to work like this is

Re: [Python-ideas] Looking for input to help with the pip situation

On 07.11.2017 16:11, Paul Moore wrote: It is, but like any such approach (Cygwin is similar, in principle if not in execution) that makes one OS "look like" another, whether it's appropriate is very dependent on circumstances. Training potential Windows developers in a bash/Ubuntu style

Re: [Python-ideas] Looking for input to help with the pip situation

On 7 November 2017 at 13:06, אלעזר wrote: > On Tue, Nov 7, 2017 at 2:45 PM Nick Coghlan wrote: >> >> On 7 November 2017 at 03:52, Michel Desmoulin >> wrote: >> >> > And assume that stuff in any tutorial you make they know this

Re: [Python-ideas] Any chance on (slowly) deprecating `eval` and `exec` as builtins?

07.11.17 12:29, אלעזר пише: Also, it is unfortunate that `ast.literal_eval` is less accessible than `builtins.eval`. Giving it an alias in builtins might make it easier for programmers (and less scary - "ast" might sound like I need a PhD to use it). ast.literal_eval is not so safe as you

Re: [Python-ideas] Looking for input to help with the pip situation

On 7 November 2017 at 03:52, Michel Desmoulin wrote: > > > Le 06/11/2017 à 09:47, Nick Coghlan a écrit : >> On 6 November 2017 at 16:47, Michel Desmoulin >> wrote: >>> I really want some people from this list to discuss here so we can find

Re: [Python-ideas] Looking for input to help with the pip situation

On Tue, Nov 7, 2017 at 2:45 PM Nick Coghlan wrote: > On 7 November 2017 at 03:52, Michel Desmoulin > wrote: > And assume that stuff in any tutorial you make they know this stuff. > > > > This is a strong barrier or entry IMO. > > Sure, but it's

Re: [Python-ideas] Looking for input to help with the pip situation

On 2017-11-06 23:53, Ivan Pozdeev via Python-ideas wrote: > On 07.11.2017 1:48, Chris Barker wrote: >> On Mon, Nov 6, 2017 at 9:52 AM, Michel Desmoulin >> > wrote: >> >> I know and you still: >> >> - have to use py -m on windows,

Re: [Python-ideas] Moving typing out of the stdlib in Python 3.7?

On Mon, Nov 6, 2017 at 5:27 PM, Barry Warsaw wrote: > > Guido van Rossum wrote: > > > This is beginning to sound like the most attractive solution. We could > > possibly do away with typing_extensions. Are there precedents of how to > > bundle a module in this way? Or is it

Re: [Python-ideas] Any chance on (slowly) deprecating `eval` and `exec` as builtins?

On 2017-11-07 08:29 AM, אלעזר wrote: Hi, The dangers of eval and exec are obvious and well known to advanced users, but the availability as built-in functions makes it too tempting for beginners or even medium-level programmers. You can see questions about these function pretty often in

Re: [Python-ideas] Any chance on (slowly) deprecating `eval` and `exec` as builtins?

But the point is that the compiler is recursive, and processing nested constructs consumes the C stack. There are some guards against too deep recursion (2.7 has less guards and more vulnerable), but it is hard to prove that all vulnerabilities are fixed. Your method (limiting the size of the

[Python-ideas] Fwd: Any chance on (slowly) deprecating `eval` and `exec` as builtins?

: On 7 November 2017 at 18:53, Guido van Rossum wrote: > I find it dubious to claim that these functions are dangerous to beginners. > The dangers are related to attacks on servers that are exposed to the > internet and beginners have no business running servers. I can't be

Re: [Python-ideas] Any chance on (slowly) deprecating `eval` and `exec` as builtins?

On Tue, Nov 07, 2017 at 01:53:00PM -0800, Guido van Rossum wrote: > On Tue, Nov 7, 2017 at 2:29 AM, אלעזר wrote: > > > The dangers of eval and exec are obvious and well known to advanced users, > > but the availability as built-in functions makes it too tempting for > >

Re: [Python-ideas] Any chance on (slowly) deprecating `eval` and `exec` as builtins?

On Tue, Nov 7, 2017 at 6:26 PM, Steven D'Aprano wrote: > On Tue, Nov 07, 2017 at 01:53:00PM -0800, Guido van Rossum wrote: > > On Tue, Nov 7, 2017 at 2:29 AM, אלעזר wrote: > > > > > The dangers of eval and exec are obvious and well known to advanced >

Re: [Python-ideas] Any chance on (slowly) deprecating `eval` and `exec` as builtins?

On Tue, Nov 7, 2017 at 6:41 AM, Steven D'Aprano wrote: > > >Also, it is unfortunate that `ast.literal_eval` is less accessible than > > >`builtins.eval`. Giving it an alias in builtins might make it easier for > > >programmers (and less scary - "ast" might sound like I need

Re: [Python-ideas] Looking for input to help with the pip situation

On 07.11.2017 23:38, Chris Barker wrote: with ensurepip, having pip no installed in a python is getting less common, so maybe this isn't needed anymore, but pip is problematic in environments that have their own package manager (i.e. anything but bare Windows) because it doesn't honor its

Re: [Python-ideas] Looking for input to help with the pip situation

One (smaller) suggestion on the PATH situation on Windows: I noticed that Visual C++ Build Tools installs a number of "Command prompts" under its Start menu item, each of which starts a cmd.exe with appropriate PATH set to the appropriate compiler (32/64 bits or ARM cross-compiler), and assorted

Re: [Python-ideas] Any chance on (slowly) deprecating `eval` and `exec` as builtins?

On Tue, Nov 07, 2017 at 03:35:58PM +0200, Serhiy Storchaka wrote: > 07.11.17 12:29, אלעזר пише: > >Also, it is unfortunate that `ast.literal_eval` is less accessible than > >`builtins.eval`. Giving it an alias in builtins might make it easier for > >programmers (and less scary - "ast" might

Re: [Python-ideas] Looking for input to help with the pip situation

On 07.11.2017 18:34, Stephan Houben wrote: One (smaller) suggestion on the PATH situation on Windows: I noticed that Visual C++ Build Tools installs a number of  "Command prompts" under its Start menu item, each of which starts a cmd.exe with appropriate PATH set to the appropriate compiler