Donald Stufft added the comment:
We shouldn't do this in Python for the same reason we're not including
a predefined set of CA root certificates with the distribution.
The difference here is that there are properly maintained alternatives to
Python including a predefined set of CA
Roundup Robot added the comment:
New changeset 9dc199b921eb by Vinay Sajip in branch '3.4':
Issue #10141, Issue 20065: Changed #if to take CAN_RAW into account.
http://hg.python.org/cpython/rev/9dc199b921eb
New changeset 20cced06acdd by Vinay Sajip in branch 'default':
Issue #10141, Issue
Roundup Robot added the comment:
New changeset 9dc199b921eb by Vinay Sajip in branch '3.4':
Issue #10141, Issue 20065: Changed #if to take CAN_RAW into account.
http://hg.python.org/cpython/rev/9dc199b921eb
New changeset 20cced06acdd by Vinay Sajip in branch 'default':
Issue #10141, Issue
Donald Stufft added the comment:
Updated the patch to change the priority slightly to ensure that all the secure
PFS ciphers come first and that non PFS AES comes before the other Non PFS HIGH
ciphers
--
Added file: http://bugs.python.org/file34546/better-ciphers-better-priority.diff
Christian Bachmaier added the comment:
Thanks for the patches. After applying issue11824-0.patch and then
isse16047-1.patch I am successfully able to freeze a hello world python script
under ubuntu 14.04 with python 3.4 rc3. I have attached my new site.py file,
since the automatical patch
Marc-Andre Lemburg added the comment:
On 21.03.2014 12:42, Donald Stufft wrote:
If we enforce a specific set of ciphers per default and a user finds
that a server he wants to communicate with for example only supports
RC4 ciphers, because that's the server admins were told to use after
the
Brett Cannon added the comment:
You lose chronology in the directory, but not necessarily in the output; if you
sort based on first commit time then you retain the chronological ordering in
the merge.
--
___
Python tracker rep...@bugs.python.org
Alexandre JABORSKA added the comment:
I saw the low level part with the warning. But what I mean is that I found no
clear indication on how to change default loop to allow asyncio.subprocess
usage with Windows Python. I guessed :
asyncio.set_event_loop(ProactorEventLoop())
but I'm not sure
Donald Stufft added the comment:
It shows the effect of the additional !DSS - which I don't understand;
DSA is part of the X.509 standard, so it's removing support will break
compatibility. Could you perhaps explain you're reasoning ?
Well DSA has problems with weak RNGs and consequently no
Antoine Pitrou added the comment:
I think the proposed cipher string is still overly complicated and tedious to
maintain. The following seems to achieve similar results:
'EECDH+AESGCM:DH+AESGCM:ECDH:DH:HIGH:!aNULL:!eNULL:!MD5:!DSS:!LOW:!EXPORT'
Also, as Marc-André points out, we probably
Antoine Pitrou added the comment:
I'm pretty sure you can't even use PSK or SRP using the stdlib ssl
module, I
didn't explicitly exclude them though.
This is true. There are issues open, though: issue 11943 and issue 19084.
--
___
Python tracker
Antoine Pitrou added the comment:
(oh, I missed the part where Marc-André suggested not to drop DSS; this should
also be removed from my cipher string proposal)
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20995
Donald Stufft added the comment:
As I said earlier Antoine, doing that puts PFS RC4 before non PFS AES. That
isn't good because RC4 key stream bias makes it extremely fragile. RC4 needs to
be in the default ciphers for compatibility sake but it should be dead last so
that it's only used as a
Donald Stufft added the comment:
With regard to PSK and SRP. Seeing as how Python doesn't currently support
them, SRP had a patch that hasn't been worked on since 2011 and PSK doesn't
have a patch at all that this cipher string shouldn't concern itself with
something that Python might someday
Antoine Pitrou added the comment:
With regard to PSK and SRP. Seeing as how Python doesn't currently
support them, SRP had a patch that hasn't been worked on since 2011 and
PSK doesn't have a patch at all that this cipher string shouldn't
concern itself with something that Python might someday
Donald Stufft added the comment:
Yup :) Just being explicit in that!
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20995
___
___
R. David Murray added the comment:
Thanks Tuomas, but we don't have any consensus that that kind of change will be
accepted. It's just my opinion that it should be...and if it was, it would
have to start with a deprecation, not raising an exception.
What we need as a patch for this issue is
Roundup Robot added the comment:
New changeset e266525c9294 by Ethan Furman in branch 'default':
Issue19995: more informative error message; spelling corrections; use
operator.mod instead of __mod__
http://hg.python.org/cpython/rev/e266525c9294
--
Changes by Dillon Aumiller dillonaumil...@gmail.com:
--
nosy: +daumiller
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue11380
___
___
Changes by Ram Rachum r...@rachum.com:
--
assignee: docs@python
components: Documentation
nosy: cool-RR, docs@python
priority: normal
severity: normal
status: open
title: List of development releases in PEPs like 429 should be links to
download pages
type: behavior
versions: Python
New submission from Benjamin Peterson:
I disagree. They are easy enough to find on the website. Easier than the
release schedule I hope! Of course, RMs are welcome to link to the download
page if they want, but we needn't require it.
--
nosy: +benjamin.peterson
resolution: - rejected
Benjamin Peterson added the comment:
Very nice, but your help message still doesn't explain what json.tool does. :)
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21000
___
Tal Einat added the comment:
Im considering updating SearchBar and posting a patch.
Marco, any chance you could detail the quirks and bugs you experienced when
using SearchBar?
--
nosy: +taleinat
___
Python tracker rep...@bugs.python.org
Antoine Pitrou added the comment:
Perhaps this thing should use argparse?
--
nosy: +pitrou
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21000
___
Claudiu.Popa added the comment:
Hello. Here's a patch for this issue. It tests only the conditions described by
Eric.
--
keywords: +patch
nosy: +Claudiu.Popa
Added file: http://bugs.python.org/file34549/issue19714.patch
___
Python tracker
New submission from Brett Cannon:
E.g. with pip included it makes setting up coverage.py easier.
--
assignee: brett.cannon
messages: 214371
nosy: brett.cannon
priority: low
severity: normal
stage: needs patch
status: open
title: Update devinabox for Python 3.4
Roundup Robot added the comment:
New changeset 455e5385752a by Brett Cannon in branch 'default':
Issue #19165: The formatter module graduates to full deprecation.
http://hg.python.org/cpython/rev/455e5385752a
--
nosy: +python-dev
___
Python tracker
Zachary Ware added the comment:
R. David Murray wrote:
I want no script asking me questions. Post-facto errors for omissions are
fine (and if I have to positively say no in the input file, that's fine).
tkinter is right out.
I have been planning a command line interface, something along the
Changes by Brett Cannon br...@python.org:
--
resolution: - fixed
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue19165
___
Roundup Robot added the comment:
New changeset b5b81a3eb6e6 by Brett Cannon in branch '3.4':
Issue #20884: Don't assume in importlib.__init__ that __file__ is
http://hg.python.org/cpython/rev/b5b81a3eb6e6
New changeset 42ae7b2524a2 by Brett Cannon in branch 'default':
Merge for issue #20884
Changes by Brett Cannon br...@python.org:
--
resolution: - fixed
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20884
___
Jurko Gospodnetić added the comment:
Thanks Brett! :-)
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20884
___
___
Python-bugs-list mailing
Roundup Robot added the comment:
New changeset 395904f70d6a by Brett Cannon in branch 'default':
Issue #20627: xmlrpc.client.ServerProxy is now a context manager.
http://hg.python.org/cpython/rev/395904f70d6a
--
nosy: +python-dev
___
Python tracker
Brett Cannon added the comment:
Thanks for the patch!
--
resolution: - fixed
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20627
___
Claudiu.Popa added the comment:
My pleasure!
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20627
___
___
Python-bugs-list mailing list
Nitika Agarwal added the comment:
Hi,
I am attaching a patch with the changes made as suggested by py.user.
--
nosy: +nitika
Added file: http://bugs.python.org/file34550/document18566.patch
___
Python tracker rep...@bugs.python.org
New submission from Simon Jagoe:
At Enthought we have been tracking a deadlock in some code that turned out to
be due to the following scenario:
0) There is some cyclic garbage that requires collection; an object in the
garbage is referred to by a weakref with a callback
1) You have a
Changes by Mark Dickinson dicki...@gmail.com:
--
nosy: +mark.dickinson
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21009
___
___
New submission from Claudiu.Popa:
There is an invalid item meth:`resume_reading`.
--
assignee: docs@python
components: Documentation
files: asyncio_doc_fix.patch
keywords: patch
messages: 214381
nosy: Claudiu.Popa, docs@python
priority: normal
severity: normal
status: open
title:
Changes by Chris Farrow farro...@gmail.com:
--
nosy: +Chris.Farrow
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21009
___
___
Python-bugs-list
Changes by Brett Cannon br...@python.org:
--
resolution: - fixed
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21008
___
Roundup Robot added the comment:
New changeset 230510d0cb92 by Victor Stinner in branch '3.4':
Close #21005: Fix documentation of asyncio.subprocess.DEVNULL
http://hg.python.org/cpython/rev/230510d0cb92
--
resolution: - fixed
stage: - committed/rejected
status: open - closed
Roundup Robot added the comment:
New changeset ab0aa412fca2 by Victor Stinner in branch '3.4':
Issue #21006: Fix subprocess example on Windows in asyncio doc
http://hg.python.org/cpython/rev/ab0aa412fca2
--
___
Python tracker rep...@bugs.python.org
Roundup Robot added the comment:
New changeset ef4f460e3c9e by Victor Stinner in branch '3.4':
Close #21010: Fix typo in asyncio doc. Patch written by Claudiu Popa.
http://hg.python.org/cpython/rev/ef4f460e3c9e
New changeset 7761b3dff2e8 by Victor Stinner in branch 'default':
(Merge 3.4) Close
STINNER Victor added the comment:
Fix applied, thanks.
--
nosy: +haypo
stage: committed/rejected -
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21010
___
Ram Rachum added the comment:
I looked for it for 10 minutes but couldn't find the link. I ended up using a
URL from an old script. I still don't know how I was supposed to find it.
--
___
Python tracker rep...@bugs.python.org
Antoine Pitrou added the comment:
Ok, so I think the latest patch is mostly good but I don't understand why the
restricted ciphers (again, misnomer) would ban RC4 (and DSS?). These are the
ciphers used by higher-level client libs, and connection failures will confuse
the hell out of people.
Changes by Claudiu.Popa pcmantic...@gmail.com:
Added file: http://bugs.python.org/file34553/issue19714.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue19714
___
New submission from Hristo Venev:
This really annoys me. I have to store the literals in char[] and then make a
char*[] from them. It would be better if a simple array of string literals
could be used. It would also require less data space because string literals
could be merged by the
Zachary Ware added the comment:
I've used the same installer on multiple machines with no problems, as have
many others; this leads me to believe that there is no problem with the MSI :)
Did you use the same MSI file on both machines? Try re-downloading, or
checking the size and md5sum of
New submission from Brett Cannon:
Probably the most complicated bit now for using devinabox is building the
various bits of docs in a way that doesn't require mucking with the system
python:
* Having Python built
* Creating a venv
* Installing sphinx
* Running the requisite Makefile with the
Charles-François Natali added the comment:
That AF_CAN was undefined (even though HAVE_LINUX_CAN_H is). This is on
Ubuntu Jaunty, which I use for my Python core development.
How dear...
The latest change should be OK.
--
___
Python tracker
Donald Stufft added the comment:
Right now you can do ``pip install --download some/path --no-use-wheel
stuff`` and then ``pip install --no-index --find-links some/path stuff``
In the future that'll be ``pip download`` instead probably.
--
nosy: +dstufft
Donald Stufft added the comment:
Note: The RC4 and DSS exclusion existed previously on the restricted ciphers so
we'd have to ask Christian why he did that. For me personally the restricted
ciphers are intended to be best practice ciphers and that means no RC4. DSS
here I'm kind of meh about
Donald Stufft added the comment:
Forgot to add! If you think splitting between restricted server and client
ciphers I can split them like that and upload a new patch.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20995
Berker Peksag added the comment:
Here's a new patch. Changes:
- Updated the output of -h option
- Added documentation
- Switched to argparse
--
Added file: http://bugs.python.org/file34554/issue21000_v2.diff
___
Python tracker rep...@bugs.python.org
Antoine Pitrou added the comment:
Forgot to add! If you think splitting between restricted server and
client ciphers I can split them like that and upload a new patch.
I was about to open a separate issue for the server side. How about
restricting this issue to client usage?
--
Ned Deily added the comment:
Ronald or Dmitry, can you elaborate under what conditions you start your login
shell on 10.9? I cannot reproduce the behavior you observe. With 10.9
Terminal.app and the default language settings in System Preferences and with
the default Terminal.app
Ned Deily added the comment:
OK, let's close this issue as a duplicate of Issue18378 and continue the
discussion there.
--
resolution: works for me - duplicate
status: open - closed
superseder: - locale.getdefaultlocale() fails on Mac OS X with default
language set to English
Brett Cannon added the comment:
Here is a patch to change PyImport_ImportFrozenModuleObject() to not set
__file__. Had to refactor some things as PyImport_ExecCodeModuleObject() was
setting __file__ no matter what, so to avoid it even being used during import I
had to change some things.
Brett Cannon added the comment:
Did you want to update your patch for Python 3.4 and 3.5, Meador?
--
versions: +Python 3.5 -Python 3.3
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16047
___
Donald Stufft added the comment:
Not sure what you mean by client issue. Do you mean to keep RC4?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20995
___
Antoine Pitrou added the comment:
Which client issue? Sorry, I've lost track :-)
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20995
___
___
Donald Stufft added the comment:
Er, I typed issue and meant usage. Right now the only difference between
restricted ciphers and the default ciphers is restricted ciphers have no RC4
and no DSS. You wanted this issue limited to client changes and I'm not sure
how to do that without enabling
Antoine Pitrou added the comment:
Er, I typed issue and meant usage. Right now the only difference
between restricted ciphers and the default ciphers is restricted
ciphers have no RC4 and no DSS. You wanted this issue limited to
client changes and I'm not sure how to do that without enabling
Changes by Antoine Pitrou pit...@free.fr:
--
nosy: +dstufft
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20913
___
___
Python-bugs-list mailing
Ned Deily added the comment:
AFAIK, traditionally, there have not been separate download pages for each
pre-release of a new feature (e.g. 3.4.0) or maintenance (e.g. 3.3.5) release.
The usual practice has been to create *one* release page at the usual URI (e.g.
New submission from Antoine Pitrou:
Currently, create_default_context() doesn't do anything special for server use.
It seems the configuration could be improved, though:
- PROTOCOL_TLSv1 is suboptimal for servers: a TLSv1 server can't accept a
TLSv1.2 client, but a SSLv23 server will; so we
Changes by Antoine Pitrou pit...@free.fr:
--
nosy: +dstufft
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20421
___
___
Python-bugs-list mailing
Antoine Pitrou added the comment:
(also perhaps enable OP_CIPHER_SERVER_PREFERENCE, although it seems it could
cause interoperability problems with some clients)
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21013
Donald Stufft added the comment:
Nah it should be fine to enable that, and it's preferable to do so. The server
selects the cipher anyways in the TLS handshake. That just tells the server to
prefer it's list for precedence and not the client list.
--
Zachary Ware added the comment:
No, 3.4 uses VS 2010. Your patch changes the line from hg update 3.4 to hg
update 3.3, which is not a legitimate change, in fact it undoes a change that
Éric Araujo just made. With the release of 3.4.0, 3.4 became the current
maintenance branch and 3.3 moved
Brett Cannon added the comment:
New patch that includes docs and integrates the tests. If someone who
understands import can look it over and give me an LGTM that would be
appreciated.
--
Added file: http://bugs.python.org/file34556/lazy_loader.diff
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com:
--
stage: - committed/rejected
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20884
___
Ethan Furman added the comment:
Final status:
3.4 - DeprecationWarning
3.5 - TypeError
--
resolution: - fixed
stage: commit review - committed/rejected
status: open - closed
___
Python tracker rep...@bugs.python.org
Changes by Terry J. Reedy tjre...@udel.edu:
--
versions: +Python 3.5 -Python 3.3
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13630
___
___
Changes by Terry J. Reedy tjre...@udel.edu:
--
nosy: +terry.reedy
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20956
___
___
Python-bugs-list
Raymond Hettinger added the comment:
Maybe the fastpath should do a strict check and not
be used for subclasses of dict?
This code is ancient and well-established. IMO, nothing good can come from
changing it (besides slowing down code that is already deployed and working
fine).
Changes by Jakub Wilk jw...@jwilk.net:
--
nosy: +jwilk
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13856
___
___
Python-bugs-list mailing list
Raymond Hettinger added the comment:
This looks like a nice improvement.
--
nosy: +rhettinger
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21000
___
Changes by Ethan Furman et...@stoneleaf.us:
--
versions: +Python 3.5 -Python 3.4
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue8297
___
___
Nick Coghlan added the comment:
Shall we commit the new string for 3.5 for the time being? I'm currently
working on a PEP to help define a policy for dealing with network security
related issues/enhancements in maintenance branches, so I don't think we should
touch those until we have that
Antoine Pitrou added the comment:
Updated patch with Martin's suggested changes, and various other nits.
--
Added file: http://bugs.python.org/file34557/ssl_best2.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20913
Antoine Pitrou added the comment:
(for the record and for the sake of comparison, Postfix's high security
setting is ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20995
Antoine Pitrou added the comment:
The patch will also need updating the Cipher selection paragraph in ssl.rst,
I think.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20995
___
Donald Stufft added the comment:
I can add that.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20995
___
___
Python-bugs-list mailing list
Martin v. Löwis added the comment:
Please get perl out of this discussion. A perl installation shouldn't be
necessary to compile Python. (IOW, -1 on any patch that recommends that Perl
should be installed to build Python)
--
nosy: +loewis
___
Donald Stufft added the comment:
Hmm, I'm not sure what needs updated. The docs only say that ssl module
disabled certain weak ciphers by default which is still the case. Was there
some specific place or wording you were looking for?
--
___
Python
Mark Lawrence added the comment:
I simply do not understand the last comment, Perl has always been part of the
build process on Windows. Are you saying that the build process has to change?
--
nosy: +BreamoreBoy
___
Python tracker
Antoine Pitrou added the comment:
Well, the doc currently says:
Starting from Python 3.2.3, the
ssl module disables certain weak ciphers by default, but you may want
to further restrict the cipher choice. For example::
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
Donald Stufft added the comment:
Ah yes, I skipped over that looking for a place where we were detailing what
ciphers were picked. Ok Thanks!
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20995
Martin v. Löwis added the comment:
No, Perl has not been mandatory for the build process, at least not for the
last decade or so. It may occasionally happen that it is mandatory to build
OpenSSL, but that would be a bug in our copy of OpenSSL.
--
Donald Stufft added the comment:
Added the docs changes
--
Added file: http://bugs.python.org/file34558/better-ciphers-with-docs.diff
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20995
___
Antoine Pitrou added the comment:
UnicodeEncodeError: 'charmap' codec can't encode character '\u265e' in
position 13: character maps to undefined.
That's because stdout is treated as a regular bytestream under Windows (as it
is under POSIX), and it therefore uses the current codepage to
Meador Inge added the comment:
Sure. I will refresh it tonight or sometime tomorrow.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16047
___
Roundup Robot added the comment:
New changeset e9749a7aa958 by Donald Stufft in branch '3.4':
Issue #20995: Enhance default ciphers used by the ssl module
http://hg.python.org/cpython/rev/e9749a7aa958
--
nosy: +python-dev
___
Python tracker
Roundup Robot added the comment:
New changeset 60f696488c4f by Donald Stufft in branch 'default':
Merge changes from 3.4 to bring in fixes for Issue #20995
http://hg.python.org/cpython/rev/60f696488c4f
--
___
Python tracker rep...@bugs.python.org
New submission from Samuel Marks:
Particularly for new programmers `True` makes more sense than `1` when doing
boolean logic.
If you aren't going to accept this patch; at least add in a sentence explaining
that: ` 1 == True`.
Best,
Samuel Marks
--
assignee: docs@python
components:
New submission from Antoine Pitrou:
From the OpenSSL changelog:
*) Support for automatic EC temporary key parameter selection. If enabled
the most preferred EC parameters are automatically used instead of
hardcoded fixed parameters. Now a server just has to call:
Donald Stufft added the comment:
Heh, I was just getting ready to figure out if I should write this ticket or
not :)
I think we should do this. Nginx also defaults to prime256v1 (which is NIST
P-256), DJB seems to think that's an unsafe curve though
(http://safecurves.cr.yp.to/).
--
101 - 200 of 216 matches
Mail list logo
