Re: [Python-Dev] PEP 448 review
On 17 March 2015 at 23:49, Brett Cannon wrote: > > > On Mon, Mar 16, 2015 at 7:11 PM Neil Girdhar wrote: >> >> Hi everyone, >> >> I was wondering what is left with the PEP 448 >> (http://bugs.python.org/issue2292) code review? Big thanks to Benjamin, >> Ethan, and Serhiy for reviewing some (all?) of the code. What is the next >> step of this process? > > > My suspicion is that if no one steps up between now and PyCon to do a > complete code review of the final patch, we as a group will try to get it > done at the PyCon sprints. I have made the issue a release blocker to help > make sure it gets reviewed and doesn't accidentally get left behind. Good idea - I just bumped the PEP 479 issue (http://bugs.python.org/issue22906) similarly, as well as giving it an initial review (Neil had already noted it needed tests for the new behaviour, and the language reference doc updates look surprisingly minimal to me). Cheers, Nick. -- Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] PEP 489: Redesigning extension module loading
On 18 March 2015 at 06:41, Mark Lawrence wrote: > On 16/03/2015 12:38, Petr Viktorin wrote: >> >> Hello, > > > Can you use anything from the meta issue http://bugs.python.org/issue15787 > for PEP 3121 and PEP 384 or will the work that you are doing render > everything done previously redundant? Nothing should break in relation to PEP 3121 or 384, so I think that determination would still need to be made on a case by case basis. Alternatively, it may be possible to update the abitype.py converter to also switch to the new module initialisation hooks (if we can figure out a good way of automating that). Cheers, Nick. -- Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
[Python-Dev] Use ptyhon -s as default shbang for system python executables/daemons
We're starting a discussion in Fedora about setting the default shbang for system python executables and/or daemons to python -s or python -Es (or ?). See also: https://bugzilla.redhat.com/show_bug.cgi?id=1202151 https://fedorahosted.org/fpc/ticket/513 Basically we're wanting to avoid locally installed items causing security issues or other bad behavior, without too adversely affecting users' abilities to work around issues or intentionally alter behavior. It would be good to get some feedback from the broader python community before implementing anything, so I'm asking for feedback here. Thank you, Orion ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Use ptyhon -s as default shbang for system python executables/daemons
On Mar 18, 2015, at 03:46 PM, Orion Poplawski wrote: >We're starting a discussion in Fedora about setting the default shbang for >system python executables and/or daemons to python -s or python -Es (or ?). We've talked about this in Debian/Ubuntu land and the general consensus is that for Python 2, use -Es and for Python 3 use -I (which implies -Es). I'm not sure we're consistent yet in making sure our build tools install these switches in our shebangs, but I'm hoping after Jessie we can make some progress on that. Cheers, -Barry ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Use ptyhon -s as default shbang for system python executables/daemons
2015-03-18 16:46 GMT+01:00 Orion Poplawski : > We're starting a discussion in Fedora about setting the default shbang for > system python executables and/or daemons to python -s or python -Es (or ?). Python 3.4 has -I which is more strict than -Es. It remembers me "Perl suid", /usr/bin/sperl. Maybe we should have a "spython" program which is like "python -I" (so it means adding spython, spython3, spython3.5). Does it work to pass command line options to Python in the shebang? > Basically we're wanting to avoid locally installed items causing security > issues or other bad behavior, without too adversely affecting users' > abilities to work around issues or intentionally alter behavior. > > It would be good to get some feedback from the broader python community > before implementing anything, so I'm asking for feedback here. Personally, instead of having to enable a switch to have a safe Python, I would prefer to have a safe Python by default and enable an option to enter the unsafe mode. But it may break backward compatibility depending on changes made in Python if we take this way. Victor ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Use ptyhon -s as default shbang for system python executables/daemons
On Mar 18, 2015, at 05:31 PM, Victor Stinner wrote:
>Does it work to pass command line options to Python in the shebang?
Yes, but only one "word", thus -Es or -I.
We've often mused about whether it makes sense to have two Pythons on the
system. One for system scripts and another for users. System Python
('/usr/bin/spython' perhaps) would be locked down and only extensible by
system packages. On Debuntu that might mean no /usr/local on sys.path. It
would also have a much more limited set of installed packages, i.e. only those
needed to support system functionality.
/usr/bin/python2 and /usr/bin/python3 then would be user tools, with all the
goodness they currently have.
It's never gotten much farther than musings, but protecting the system against
the weird things people install would be a good thing. OTOH, this feels a lot
like virtual environments so maybe there's something useful to be mined there.
Cheers,
-Barry
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Use ptyhon -s as default shbang for system python executables/daemons
On Wed, Mar 18, 2015 at 12:22:03PM -0400, Barry Warsaw wrote: > On Mar 18, 2015, at 03:46 PM, Orion Poplawski wrote: > > >We're starting a discussion in Fedora about setting the default shbang for > >system python executables and/or daemons to python -s or python -Es (or ?). > > We've talked about this in Debian/Ubuntu land and the general consensus is > that for Python 2, use -Es and for Python 3 use -I (which implies -Es). I'm > not sure we're consistent yet in making sure our build tools install these > switches in our shebangs, but I'm hoping after Jessie we can make some > progress on that. > Interesting, I've cautiously in favor of -s in Fedora but the more I've thought about it the less I've liked -E. It just seems like PYTHONPATH is analagous to LD_LIBRARY_PATH for C programs and PATH for shell scripting. We leave both of those for local admins and users to affect the behaviour of programs if they needed to. Was there some discussion of -E specifically in Debian where it was consciously decided that PYTHONPATH was not analagous or that the benefit risk was different than for those other env vars? -Toshio pgp5en9cOom3v.pgp Description: PGP signature ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Use ptyhon -s as default shbang for system python executables/daemons
> On Mar 18, 2015, at 12:48 PM, Barry Warsaw wrote:
>
> On Mar 18, 2015, at 05:31 PM, Victor Stinner wrote:
>
>> Does it work to pass command line options to Python in the shebang?
>
> Yes, but only one "word", thus -Es or -I.
>
> We've often mused about whether it makes sense to have two Pythons on the
> system. One for system scripts and another for users. System Python
> ('/usr/bin/spython' perhaps) would be locked down and only extensible by
> system packages. On Debuntu that might mean no /usr/local on sys.path. It
> would also have a much more limited set of installed packages, i.e. only those
> needed to support system functionality.
>
> /usr/bin/python2 and /usr/bin/python3 then would be user tools, with all the
> goodness they currently have.
>
> It's never gotten much farther than musings, but protecting the system against
> the weird things people install would be a good thing. OTOH, this feels a lot
> like virtual environments so maybe there's something useful to be mined there.
>
> Cheers,
> -Barry
> ___
> Python-Dev mailing list
> Python-Dev@python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe:
> https://mail.python.org/mailman/options/python-dev/donald%40stufft.io
I’ve long wished that the OS had it’s own virtual environment. A lot of problems
seems to come from trying to cram the things the OS wants with the things that
the user wants into the same namespace.
---
Donald Stufft
PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Use ptyhon -s as default shbang for system python executables/daemons
On Mar 18, 2015, at 02:44 PM, Toshio Kuratomi wrote: >Interesting, I've cautiously in favor of -s in Fedora but the more I've >thought about it the less I've liked -E. It just seems like PYTHONPATH is >analagous to LD_LIBRARY_PATH for C programs and PATH for shell scripting. >We leave both of those for local admins and users to affect the behaviour of >programs if they needed to. It is, and it isn't. It's different because you can always explicitly override the shebang line if needed. So if a local admin really needed to override $PYTHONPATH (though I can't come up with a use case right now), they could just: $ python3 -s /usr/bin/foo >Was there some discussion of -E specifically in Debian where it was >consciously decided that PYTHONPATH was not analagous or that the benefit >risk was different than for those other env vars? I'd have to go digging around the archives. It wasn't a recent discussion IIRC. Cheers, -Barry pgpYnskkCwUKH.pgp Description: OpenPGP digital signature ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Use ptyhon -s as default shbang for system python executables/daemons
On Mar 18, 2015, at 05:51 PM, Donald Stufft wrote: >I’ve long wished that the OS had it’s own virtual environment. A lot of >problems seems to come from trying to cram the things the OS wants with the >things that the user wants into the same namespace. Yep, and those breakages can be difficult to debug. Comment #47 for Bug 123456: "Oh wait, you installed *what?!*" Cheers, -Barry pgpkruqPndrJS.pgp Description: OpenPGP digital signature ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
