Re: PEP suggestion: Uniform way to indicate Python language version

Steven D'Aprano schrieb am 22.08.2016 um 07:35: > if sys.version < '3': > import mymodule2 as mymodule > else: > import mymodule3 as mymodule This condition is going to fail when Python 30.0 comes out. Stefan -- https://mail.python.org/mailman/listinfo/python-list

[issue27506] make bytes/bytearray translate's delete a keyword argument

Martin Panter added the comment: Looks pretty good thanks Xiang. There’s one English grammar problem in a comment (see review), but I can fix that when I commit. -- stage: patch review -> commit review ___ Python tracker

Re: PEP suggestion: Uniform way to indicate Python language version

On Mon, Aug 22, 2016, at 01:35, Steven D'Aprano wrote: > Could somebody (the OP?) please explain what is the purpose of this > proposal, what it does, how it works, and when would people use it? I think what he wants is a way for a module which uses features (syntactic or otherwise, but I suppose

Re: PEP suggestion: Uniform way to indicate Python language version

On Mon, Aug 22, 2016, at 02:03, Stefan Behnel wrote: > Steven D'Aprano schrieb am 22.08.2016 um 07:35: > > if sys.version < '3': > > import mymodule2 as mymodule > > else: > > import mymodule3 as mymodule > > This condition is going to fail when Python 30.0 comes out. Er, won't it rather

Re: PEP suggestion: Uniform way to indicate Python language version

Stefan Behnel schrieb am 22.08.2016 um 08:03: > Steven D'Aprano schrieb am 22.08.2016 um 07:35: >> if sys.version < '3': >> import mymodule2 as mymodule >> else: >> import mymodule3 as mymodule > > This condition is going to fail when Python 30.0 comes out. Oh, sorry - make that Python

Re: PEP suggestion: Uniform way to indicate Python language version

On Mon, Aug 22, 2016 at 3:35 PM, Steven D'Aprano wrote: > Could somebody (the OP?) please explain what is the purpose of this proposal, > what it does, how it works, and when would people use it? My theory: A directive is actually parsed by the compiler, not

Re: PEP suggestion: Uniform way to indicate Python language version

On Monday 22 August 2016 16:03, Stefan Behnel wrote: > Steven D'Aprano schrieb am 22.08.2016 um 07:35: >> if sys.version < '3': >> import mymodule2 as mymodule >> else: >> import mymodule3 as mymodule > > This condition is going to fail when Python 30.0 comes out. That will be sometime

[issue27826] Null-pointer dereference in tuplehash() function

STINNER Victor added the comment: > And it is hard to protect from such situation in marshal.c. Python doesn't validate marshal nor bytecode. It's a deliberate choice to get best performances. -- nosy: +haypo ___ Python tracker

[issue27792] bool % int has inconsistent return type.

Changes by STINNER Victor : -- nosy: +haypo ___ Python tracker ___ ___

[issue27810] Add METH_FASTCALL: new calling convention for C functions

STINNER Victor added the comment: > There is a tiny bit of a backwards compatibility concern as the new function > signature would be incompatible with anything we had before, Right. If you call directly PyCFunction functions, you will likely get quickly a crash. But... who call directly

Re: saving octet-stream png file

On Sun, Aug 21, 2016 at 5:24 PM, Jon Ribbens wrote: > On 2016-08-19, Larry Martell wrote: >> fd.write(request.POST[key]) > > You could try: > > request.encoding = "iso-8859-1" > fd.write(request.POST[key].encode("iso-8859-1")) > > It's

Re: The dangerous, exquisite art of safely handing user-uploaded files: Tom Eastman (was: Does This Scare You?)

On Mon, Aug 22, 2016, at 10:21, Ben Finney wrote: > So yes, filenames from arbitrary sources should be *completely* > untrusted, and never used to access any file on the system. Throw the > entire filename away and make a filename locally, without using any part > of the original name. To be

Re: saving octet-stream png file

On Fri, Aug 19, 2016 at 4:24 PM, Chris Kaynor wrote: > On Fri, Aug 19, 2016 at 12:00 PM, Larry Martell > wrote: > >> On Fri, Aug 19, 2016 at 1:24 PM, Chris Angelico wrote: >> > On Sat, Aug 20, 2016 at 3:10 AM, Larry Martell

[issue18139] email module should have a way to prepend and insert headers

Barry A. Warsaw added the comment: I've updated this to Python 3.6, but I don't know if there's time to design an API and implementation in the time left before beta 1. But a use case has come up, so I want to reboot this discussion (yes, it should go to email-sig too). Apparently ARC

[issue18139] email module should have a way to prepend and insert headers

Barry A. Warsaw added the comment: I meant .items() -- ___ Python tracker ___ ___ Python-bugs-list mailing

Re: PEP suggestion: Uniform way to indicate Python language version

On Tue, Aug 23, 2016 at 12:29 AM, Random832 wrote: > On Mon, Aug 22, 2016, at 09:21, Steve D'Aprano wrote: >> Rather, you just use the features you rely on, document the minimum >> supported version, and if somebody is silly enough to try running your >> code >> under

Re: The dangerous, exquisite art of safely handing user-uploaded files: Tom Eastman (was: Does This Scare You?)

On 2016-08-23 00:21, Ben Finney wrote: > So yes, filenames from arbitrary sources should be *completely* > untrusted, and never used to access any file on the system. Throw > the entire filename away and make a filename locally, without using > any part of the original name. Sadly, this ideal

Re: The dangerous, exquisite art of safely handing user-uploaded files: Tom Eastman (was: Does This Scare You?)

On Tue, Aug 23, 2016 at 12:34 AM, Random832 wrote: > On Mon, Aug 22, 2016, at 10:21, Ben Finney wrote: >> So yes, filenames from arbitrary sources should be *completely* >> untrusted, and never used to access any file on the system. Throw the >> entire filename away and

Re: The dangerous, exquisite art of safely handing user-uploaded files: Tom Eastman (was: Does This Scare You?)

On Tue, Aug 23, 2016 at 12:21 AM, Ben Finney wrote: > > So yes, filenames from arbitrary sources should be *completely* > untrusted, and never used to access any file on the system. Throw the > entire filename away and make a filename locally, without using any part >

[issue27784] Random failure of test_TCPServer() of test.test_socketserver.SocketServerTest and test_handle_accept() of test.test_asyncore.TestAPI_UseIPv6Select on FreeBSD buildbots

Berker Peksag added the comment: Here is another one on koobs-freebsd10: http://buildbot.python.org/all/builders/AMD64%20FreeBSD%2010.x%20Shared%203.x/builds/4809/steps/test/logs/stdio test_handle_accept was fine this time. And this one is from koobs-freebsd9:

Re: Does This Scare You?

On Mon, Aug 22, 2016 at 1:17 PM, Chris Angelico wrote: > I tried things like "con.txt" and it simply failed (no such file or > directory), without printing anything to the console. Are you using IDLE or some other IDE that uses pythonw.exe instead of python.exe? If so, first

Re: The dangerous, exquisite art of safely handing user-uploaded files: Tom Eastman (was: Does This Scare You?)

On Mon, Aug 22, 2016, at 11:40, Chris Angelico wrote: > Windows has some other issues, including that arbitrary files can > become executable very easily (eg if %PATHEXT% includes its file > extension), and since the current directory is always at the beginning > of your path, this can easily turn

[issue16113] Add SHA-3 and SHAKE (Keccak) support

Christian Heimes added the comment: The maintenance burden is minimal. All six algorithms are just variants of the same KeccakP-1600 sponge construction with different initialization parameters for rate, capacity, delimiter and output size. SHAKEs have no default output len and another

[issue1375011] http.cookies, Cookie.py: Improper handling of duplicate cookies

Changes by Martin Panter : -- title: Improper handling of duplicate cookies -> http.cookies, Cookie.py: Improper handling of duplicate cookies ___ Python tracker

[issue27829] test.regrtest: changed environment variables are not logged

Roundup Robot added the comment: New changeset 2e23f7b9515c by Victor Stinner in branch 'default': Issue #27829: libregrtest.save_env: flush stderr https://hg.python.org/cpython/rev/2e23f7b9515c -- nosy: +python-dev ___ Python tracker

Re: Does This Scare You?

On Mon, 22 Aug 2016 08:33 pm, Jon Ribbens wrote: > On 2016-08-22, Steve D'Aprano wrote: >> On Mon, 22 Aug 2016 10:38 am, eryk sun wrote: >>> To me it's scary that this check misses cases because it's trying to >>> be cross-platform instead of simply relying on

Re: Does This Scare You?

On Mon, Aug 22, 2016 at 9:50 PM, Jon Ribbens wrote: > On 2016-08-22, Chris Angelico wrote: >> On Mon, Aug 22, 2016 at 8:33 PM, Jon Ribbens >> wrote: >>> On 2016-08-22, Steve D'Aprano wrote:

[issue27818] Speed up number format spec parsing

Serhiy Storchaka added the comment: LGTM. I expect that with the patch for issue27078 the effect of this optimization is even more significant. Years ago I wrote much larger patch that includes similar but even more aggressive microoptimization. But the effect was not very impressive for

[issue27674] Quote mark breaks http.cookies, Cookie.py processing

Changes by Martin Panter : -- title: Quote mark breaks cookie processing -> Quote mark breaks http.cookies, Cookie.py processing ___ Python tracker

PyDev 5.2.0 Released

Release Highlights: --- * **Important** PyDev now requires Java 8 and Eclipse 4.5 onwards. * PyDev 4.5.5 is the last release supporting Java 7 and Eclipse 3.8. * See: `update sites page`_ for the update site of older versions of PyDev. * See: the **PyDev

pytest 3.0.0 released!

Hello everyone, The pytest team is proud to announce the 3.0.0 release! pytest is a mature Python testing tool with more than a 1600 tests against itself, passing on many different interpreters and platforms. This release contains a lot of bugs and improvements, and much of the work done on it

Sphinx-1.4.6 released

Hi all, I'm delighted to announce the release of Sphinx 1.4.6, now available on the Python package index at . It includes about 1 incompatible change and 12 bug fixes for the 1.4.5 release series. For the full changelog, go to

[issue27828] Regression in http.cookies parsing with single key without value

Martin Panter added the comment: I am not the biggest expert on cookie syntaxes, but maybe these reports are related: Issue 25228: Skip over invalid cookies by searching for a semicolon; needs confirming whether it reopens a security hole Issue 17340: Problem with a comma in (or preceding) a

Re: PEP suggestion: Uniform way to indicate Python language version

On Mon, Aug 22, 2016, at 08:44, Chris Angelico wrote: > However, I don't think it's particularly necessary. Explicit version > number checks should be very rare, and shouldn't be encouraged. > Instead, encourage feature checks, as Steve gave some examples of. The problem is when you want to write

Re: PEP suggestion: Uniform way to indicate Python language version

On Monday, August 22, 2016 at 12:33:53 AM UTC-4, Chris Angelico wrote: > On Mon, Aug 22, 2016 at 1:37 PM, rocky wrote: > > Sorry should have been: > > > > assert sys.version_info >= (3,0) > > The next question is: How common is code like this? I don't put > version checks in any

[issue27829] test.regrtest: changed environment variables are not logged

Changes by STINNER Victor : -- keywords: +buildbot ___ Python tracker ___ ___

[issue27829] test.regrtest: changed environment variables are not logged

New submission from STINNER Victor: It's common to get a random "env failed" issue when tests are run by buildbots, but changed environment variables are not logged, so the "env changed "information cannot be used to fix the issue :-/ Example: -- ... 0:07:32 [160/402] test_io

[issue27809] _PyObject_FastCall(): add support for keyword arguments

STINNER Victor added the comment: Copy of msg273365 from the issue #27128: Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer)Date: 2016-08-22 12:29 The problem is that passing keyword arguments as a dict is not the most efficient way due to an overhead of creating a

[issue25228] Regression in http.cookies parsing with brackets and quotes

Changes by Martin Panter : -- title: Regression in cookie parsing with brackets and quotes -> Regression in http.cookies parsing with brackets and quotes ___ Python tracker

[issue23930] http.cookies.SimpleCookie doesn't parse comma-only separated cookies correctly

Changes by Martin Panter : -- title: SimpleCookie doesn't parse comma-only separated cookies correctly -> http.cookies.SimpleCookie doesn't parse comma-only separated cookies correctly ___ Python tracker

Twisted 16.3.1 Release Announcement

On behalf of Twisted Matrix Laboratories, I am honoured to announce the release of Twisted 16.3.1. This is a bug fix & security fix release, and is recommended for all users of Twisted. The fixes are: - A bugfix for a HTTP/2 edge case, - Fix for CVE-2008-7317 (generating potentially guessable

rinohtype 0.2.1

Hello, I am pleased to announce rinohtype 0.2.1. rinohtype is a document processor inspired by LaTeX; it renders structured documents to PDF styled by a document template and a style sheet. A primary goal of rinohtype is to make it easy to customize the style of your document. The rinoh

Re: pytest 3.0.0 released!

On Fri, Aug 19, 2016 at 6:24 PM Bruno Oliveira wrote: > This release contains a lot of bugs and improvements, and ... > Of course I meant "lot of bug *fixes*", sorry for the typo. :) Cheers, Bruno. -- https://mail.python.org/mailman/listinfo/python-announce-list

Re: PEP suggestion: Uniform way to indicate Python language version

On Monday, August 22, 2016 at 8:45:05 AM UTC-4, Chris Angelico wrote: > On Mon, Aug 22, 2016 at 10:05 PM, Marko Rauhamaa wrote: > > rocky : > > > >> A slightly different but related problem is noting the Python dialect > >> at the package-level. > > > > I don't

Re: Does This Scare You?

On Mon, Aug 22, 2016, at 08:39, Chris Angelico wrote: > Nope. On Windows, you would try/except it. No, you can't, because the failure mode often isn't "file refuses to open" but "data is written to a serial port". There are myriad other ways > something could fail, and the only correct action

[issue27809] _PyObject_FastCall(): add support for keyword arguments

STINNER Victor added the comment: Serhiy Storchaka: "The problem is that passing keyword arguments as a dict is not the most efficient way due to an overhead of creating a dict. For now keyword arguments are pushed on the stack as interlaced array of keyword names and values. It may be more

[issue27128] Add _PyObject_FastCall()

STINNER Victor added the comment: Serhiy: I "moved" your msg273365 to the issue #27809. -- ___ Python tracker ___

Re: Does This Scare You?

On Mon, Aug 22, 2016 at 12:39 PM, Chris Angelico wrote: > > Nope. On Windows, you would try/except it. There are myriad other ways No, I would not rely on exceptions in this case. Both \\.\CON and \\.\NUL can be opened for both reading and writing, so you may not detect the

Re: Does This Scare You?

On Mon, Aug 22, 2016 at 10:56 PM, Random832 wrote: >> Most of the reserved names will simply give an error; the only way >> you'd actually get incorrect behaviour is if the file name, including >> extension, is exactly a device name. > > I think the reason you believe this

[issue27768] ssl: add public API for IA-32 processor capabilities vector

Antoine Pitrou added the comment: I still think it's a slippery slope to include such specialized APIs that most people don't know what to make of. This reminds me of `RAND_egd()`. If ChaCha20-Poly1305 is always /at least/ as secure as AES-GCM (and sometimes more), then we should simply

[issue27828] Regression in cookie parsing with single key without value

SilentGhost added the comment: The change was implemented in issue22796 and is listed in the what's new document. Any RFC I'm looking at says that the value is required, so your syntax is simply not valid and is rejected by the parser. -- nosy: +SilentGhost, pitrou resolution: -> not

Re: PEP suggestion: Uniform way to indicate Python language version

rocky : > A slightly different but related problem is noting the Python dialect > at the package-level. I don't know what if anything is needed support this idea, but one option would be to just use "import": import python3_5_17 That would require Python and modules to

[issue27128] Add _PyObject_FastCall()

Serhiy Storchaka added the comment: The problem is that passing keyword arguments as a dict is not the most efficient way due to an overhead of creating a dict. For now keyword arguments are pushed on the stack as interlaced array of keyword names and values. It may be more efficient to push

SQLObject 3.1.0

Hello! I'm pleased to announce version 3.1.0, the first stable release of branch 3.1 of SQLObject. What's new in SQLObject === Features * Add UuidCol. * Add JsonbCol. Only for PostgreSQL. Requires psycopg2 >= 2.5.4 and PostgreSQL >= 9.2. * Add JSONCol, a

Python 3 tkinter graphical statistical distributions fitter

I created a Python 3 tkinter graphical statistical distributions fitting application that will fit a 1D data set to all of the continuous statistical distributions in scipy.stats, with graphical display of the distributions plotted against normalized histograms of the data. Fitted results can

[issue27213] Rework CALL_FUNCTION* opcodes

STINNER Victor added the comment: See also the issue #27809 "_PyObject_FastCall(): add support for keyword arguments" where we discuss if we can completely avoid the creation of a temporary dictionary to pass keyword arguments. -- ___ Python

[issue27818] Speed up number format spec parsing

STINNER Victor added the comment: -while (pos ___ ___ Python-bugs-list mailing list Unsubscribe:

Re: PEP suggestion: Uniform way to indicate Python language version

On Mon, 22 Aug 2016 08:32 pm, rocky wrote: > On Monday, August 22, 2016 at 1:36:07 AM UTC-4, Steven D'Aprano wrote: [...] >> But... I don't understand what this proposal actually is. We already have >> a uniform way to indicate the Python language version: check sys.version, >> or

[issue27824] update ConfigParser docs regarding in-line comments

R. David Murray added the comment: The python3 docs do not mention inline comments. Perhaps we even want a documented deprecation here? -- ___ Python tracker

[issue27660] Replace size_t with Py_ssize_t as the type of local variable in list_resize

Xiang Zhang added the comment: Ping. -- ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

Re: PEP suggestion: Uniform way to indicate Python language version

On Monday, August 22, 2016 at 7:00:36 PM UTC+5:30, Steve D'Aprano wrote: > Realistically, by the time you convince people this is a useful feature, > write a patch and have the patch reviewed, you'll be looking at Python 3.7. > So 3.7 will have this new syntax "use version", and *no other

Re: Does This Scare You?

On Mon, 22 Aug 2016 10:56 pm, Random832 wrote: > On Mon, Aug 22, 2016, at 08:39, Chris Angelico wrote: >> Nope. On Windows, you would try/except it. > > No, you can't, because the failure mode often isn't "file refuses to > open" but "data is written to a serial port". Ah, that's a good point.

Re: PEP suggestion: Uniform way to indicate Python language version

On Mon, Aug 22, 2016, at 09:21, Steve D'Aprano wrote: > Rather, you just use the features you rely on, document the minimum > supported version, and if somebody is silly enough to try running your > code > under Python 1.4, they'll get a SyntaxError or an exception when you try > to > do something

[issue27824] update ConfigParser docs regarding in-line comments

R. David Murray added the comment: Alternate proposal. Replace that whole paragraph with: Configuration files may include comments, prefixed by specific characters (# and ;). Comments may appear on their own in an otherwise empty line. If a line has a value or section name that does not

[issue27809] _PyObject_FastCall(): add support for keyword arguments

STINNER Victor added the comment: fastcall_macros.patch: * Rename _PyObject_FastCall() to _PyObject_FastCallDict() * Add _PyObject_FastCall(func, args, nargs) macro * Add _PyObject_CallArg1(func, arg) macro * Add _PyObject_CallNoArg(func) macro The 3 new macros call _PyObject_FastCallDict().

Re: Does This Scare You?

On Mon, 22 Aug 2016 09:50 pm, Jon Ribbens wrote: > On 2016-08-22, Chris Angelico wrote: >> On Mon, Aug 22, 2016 at 8:33 PM, Jon Ribbens >> wrote: >>> On 2016-08-22, Steve D'Aprano wrote: On Mon, 22 Aug 2016 10:38 am,

Re: PEP suggestion: Uniform way to indicate Python language version

On Mon, 22 Aug 2016 10:52 pm, Random832 wrote: > On Mon, Aug 22, 2016, at 08:44, Chris Angelico wrote: >> However, I don't think it's particularly necessary. Explicit version >> number checks should be very rare, and shouldn't be encouraged. >> Instead, encourage feature checks, as Steve gave

The dangerous, exquisite art of safely handing user-uploaded files: Tom Eastman (was: Does This Scare You?)

Chris Angelico writes: > […] to be honest, I wouldn't accept file names from untrusted sources > on *any* system […] That's one of the wiser things said in this whole thread. > I'd use arbitrary numbers or hashes as the file names, and store the > originally-submitted file

[issue27768] ssl: add public API for IA-32 processor capabilities vector

Alex Gaynor added the comment: In this case, performance is security. Both AES-GCM and ChaCha20-Poly1305 are secure. Modulo one thing: GCM in software is hard to implement in constant-time, so it's strongly preferable to use it only when there's a hardware implementation. It works out nicely

[issue27768] ssl: add public API for IA-32 processor capabilities vector

Antoine Pitrou added the comment: Agreed with Gregory. I'm also surprised you consider selecting a cipher suite based on performance considerations rather than security. I'm not sure that's something we want to promote. (btw, AES speed is usually not a critical factor except in very specific

Re: Does This Scare You?

On 2016-08-22, Chris Angelico wrote: > On Mon, Aug 22, 2016 at 8:33 PM, Jon Ribbens > wrote: >> On 2016-08-22, Steve D'Aprano wrote: >>> On Mon, 22 Aug 2016 10:38 am, eryk sun wrote: To me it's scary that this check

Re: PEP suggestion: Uniform way to indicate Python language version

On Mon, Aug 22, 2016 at 10:05 PM, Marko Rauhamaa wrote: > rocky : > >> A slightly different but related problem is noting the Python dialect >> at the package-level. > > I don't know what if anything is needed support this idea, but one > option would be to just

{RELEASE] Python 3.6.0a4 is now available

On behalf of the Python development community and the Python 3.6 release team, I'm happy to announce the availability of Python 3.6.0a4. 3.6.0a4 is the last of four planned alpha releases of Python 3.6, the next major release of Python. During the alpha phase, Python 3.6 remains under heavy

ANN: PERMPOLY v1.0 released

PERMPOLYSP is a block cipher (with authentication) with substitutions of bit groups with pseudo-randomly determined permutation polynomials mod 2**n and pseudo-random permutations of bytes. It employs in its algorithm a number of mechanisms with the goal to enhance the dynamics/variability of

Re: PEP suggestion: Uniform way to indicate Python language version

On Monday, August 22, 2016 at 8:05:15 AM UTC-4, Marko Rauhamaa wrote: > rocky : > > > A slightly different but related problem is noting the Python dialect > > at the package-level. > > I don't know what if anything is needed support this idea, but one > option would be to just

Re: PEP suggestion: Uniform way to indicate Python language version

Random832 : > The problem is when you want to write a large body of code that just > *uses* lots of features (including syntactic features), *without* > checking for them. Ordinarily, that's the job of package management. The installer will perform the necessary checks for

[issue27809] _PyObject_FastCall(): add support for keyword arguments

STINNER Victor added the comment: > _PyObject_FastCallKeywords(PyObject **args, int nargs, PyObject **kwargs, int > nkwargs): nkwargs is the number of (key, value) pairs Hum, I don't know if it's worth to "split" the C array into two parts. Maybe it can be just:

[issue27587] Issues, reported by PVS-Studio static analyzer

Roundup Robot added the comment: New changeset 51627344fc58 by Berker Peksag in branch '3.5': Issue #27587: Move null pointer check earlier in _PyState_AddModule() https://hg.python.org/cpython/rev/51627344fc58 New changeset 7d90bf4780ff by Berker Peksag in branch 'default': Issue #27587: Merge

[issue27587] Issues, reported by PVS-Studio static analyzer

Changes by Berker Peksag : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker

[issue18139] email module should have a way to prepend and insert headers

Changes by Barry A. Warsaw : -- versions: +Python 3.6 -Python 3.4 ___ Python tracker ___

[issue27828] Regression in http.cookies parsing with single key without value

Yuriy Zhuravlev added the comment: >Any RFC I'm looking at says that the value is required, so your syntax is >simply not valid and is rejected by the parser. Perhaps but this cookies sets not by me (maybe JS ads widget or etc). And I can't fix it. I can't auth users because their cookies

Re: The dangerous, exquisite art of safely handing user-uploaded files: Tom Eastman

Random832 : > On Mon, Aug 22, 2016, at 11:40, Chris Angelico wrote: >> Windows has some other issues, including that arbitrary files can >> become executable very easily (eg if %PATHEXT% includes its file >> extension), and since the current directory is always at the >>

Re: Does This Scare You?

On Tue, Aug 23, 2016 at 1:54 AM, eryk sun wrote: > On Mon, Aug 22, 2016 at 1:17 PM, Chris Angelico wrote: >> I tried things like "con.txt" and it simply failed (no such file or >> directory), without printing anything to the console. > > Are you using IDLE or

Re: The dangerous, exquisite art of safely handing user-uploaded files: Tom Eastman (was: Does This Scare You?)

On Tue, Aug 23, 2016 at 1:56 AM, Random832 wrote: >> And any GUI that automatically calculates thumbnails from >> image files (this includes Windows, Mac OS, and more than one Linux >> window manager) could potentially be attacked via a malformed file, >> simply by having

Re: The dangerous, exquisite art of safely handing user-uploaded files: Tom Eastman (was: Does This Scare You?)

On Mon, Aug 22, 2016 at 3:40 PM, Chris Angelico wrote: > Windows has some other issues, including that arbitrary files can > become executable very easily (eg if %PATHEXT% includes its file > extension), cmd uses PATHEXT to augment its search by appending each extension in the

Re: The dangerous, exquisite art of safely handing user-uploaded files: Tom Eastman

On Tue, Aug 23, 2016 at 2:08 AM, Marko Rauhamaa wrote: > Random832 : > >> On Mon, Aug 22, 2016, at 11:40, Chris Angelico wrote: >>> Windows has some other issues, including that arbitrary files can >>> become executable very easily (eg if %PATHEXT%

[issue27539] negative Fraction ** negative int not normalized

Mark Dickinson added the comment: Thanks, all. Closing as fixed. -- resolution: -> fixed stage: commit review -> resolved status: open -> closed ___ Python tracker

[issue27792] bool % int has inconsistent return type.

Mark Dickinson added the comment: Thanks for the patch. I think what we really want here is a call to `long_long` rather than `PyNumber_Long`; `PyNumber_Long` includes all the conversions using `__trunc__`, etc., which we don't need here. -- ___

Re: PEP suggestion: Uniform way to indicate Python language version

On Monday, August 22, 2016 at 2:04:39 AM UTC-4, Random832 wrote: > On Mon, Aug 22, 2016, at 01:35, Steven D'Aprano wrote: > > Could somebody (the OP?) please explain what is the purpose of this > > proposal, what it does, how it works, and when would people use it? > > I think what he wants is a

[issue27128] Add _PyObject_FastCall()

STINNER Victor added the comment: > FYI: I copied your (no-kwargs) implementation over into Cython and I get > around 17% faster calls to Python functions with 2 positional arguments. Hey, cool! It's always cool to get performance enhancement without having to break the C API nor having to

[issue27821] IDLE custom keymaps don't work anymore (Windows, Python 3.6.0a3)

Vedran Čačić added the comment: Neither. I see _two_ rows, lower one is as you quoted. So: --Key Set ( ) Use a Built-in Key Set [IDLE Classic Windows --] (*) Use a Custom Key Set [IDLE Classic Windows --]

[issue27827] pathlib is_reserved fails for some reserved paths on Windows

New submission from Eryk Sun: pathlib._WindowsFlavour.is_reserved assumes Windows uses an exact match up to the file extension for reserved DOS device names. However, this misses cases involving trailing spaces and colons, such as the following examples: Trailing colon: >>>

[issue27128] Add _PyObject_FastCall()

Stefan Behnel added the comment: FYI: I copied your (no-kwargs) implementation over into Cython and I get around 17% faster calls to Python functions with 2 positional arguments. -- ___ Python tracker

[issue27792] bool % int has inconsistent return type.

Mark Dickinson added the comment: > BTW, Mark, do you think the fast path in long_mod is really needed? I agree that the fast paths need looking at; it seems there's a fair bit of redundancy there. But not in this issue, please! -- ___ Python

[issue27809] _PyObject_FastCall(): add support for keyword arguments

STINNER Victor added the comment: @Stefan: Would you mind to review fastcall_kwargs-2.patch please? -- nosy: +scoder ___ Python tracker ___

[issue27809] _PyObject_FastCall(): add support for keyword arguments

STINNER Victor added the comment: Patch version 2: * add a fast-path to fastlocals_dict() when total_args==0 * Extract co_varnames assignement out of the loop (it's a constant) * Cleanup also the code to make it more readable -- Added file:

[issue27828] Regression in cookie parsing with single key without value

New submission from Yuriy Zhuravlev: After I migrated my site to Python 3.5 from 3.4 many users of my site have not been able to login. After small research I found out that users cookies there was a key without value and new Python get empty SimpleCookie result. Example for Python 3.5.2:

[issue27792] bool % int has inconsistent return type.

Roundup Robot added the comment: New changeset d998d87f0aa0 by Mark Dickinson in branch 'default': Issue #27792: force int return type for modulo operations involving bools. https://hg.python.org/cpython/rev/d998d87f0aa0 -- nosy: +python-dev ___

[issue27539] negative Fraction ** negative int not normalized

Roundup Robot added the comment: New changeset 7eea5b87f5fa by Mark Dickinson in branch '3.5': Issue #27539: Fix unnormalised Fraction.__pow__ result for negative exponent and base. Thanks Vedran Čačić. https://hg.python.org/cpython/rev/7eea5b87f5fa New changeset 902e82f71880 by Mark Dickinson

Re: Does This Scare You?

On Mon, Aug 22, 2016 at 8:33 PM, Jon Ribbens wrote: > On 2016-08-22, Steve D'Aprano wrote: >> On Mon, 22 Aug 2016 10:38 am, eryk sun wrote: >>> To me it's scary that this check misses cases because it's trying to >>> be cross-platform

  1   2   >