Re: [Python-Dev] PEP 493: Redistributor guidance for Python 2.7 HTTPS
On Mon, 6 Jul 2015 14:22:46 +1000 Nick Coghlan wrote: > > The main change from the last version discussed on python-ideas Was it discussed there? That list has become totally useless, I've stopped following it. > * modify the ``ssl`` module to read the ``PYTHONHTTPSVERIFY`` environment > variable when the module is first imported into a Python process Have you passed that by RedHat's security experts? Regards Antoine. ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] [RELEASED] Python 3.5.0b3 is now available
Thanks! Looking forward to trying this. I'm not sure where these descriptions come from, or whether they're carried over from b2 to b3 etc, but one small note on this bullet point: * PEP 471, os.scandir(), a faster alternative to os.walk() This isn't quite correct. os.scandir() is actually an alternative to os.listdir(), which is also used to speed up os.walk(). -Ben On Sun, Jul 5, 2015 at 1:20 PM, Larry Hastings wrote: > > > On behalf of the Python development community and the Python 3.5 release > team, I'm relieved to announce the availability of Python 3.5.0b3. > > Python 3.5 has now entered "feature freeze". By default new features may > no longer be added to Python 3.5. > > This is a preview release, and its use is not recommended for production > settings. > > An important reminder for Windows users about Python 3.5.0b3: if > installing Python 3.5.0b2 as a non-privileged user, you may need to > escalate to administrator privileges to install an update to your C runtime > libraries. > > > You can find Python 3.5.0b2 here: > > https://www.python.org/downloads/release/python-350b3/ > > Happy hacking, > > > */arry* > > ___ > Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/benhoyt%40gmail.com > > ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] PEP 493: Redistributor guidance for Python 2.7 HTTPS
On 6 Jul 2015 20:23, "Antoine Pitrou" wrote: > > On Mon, 6 Jul 2015 14:22:46 +1000 > Nick Coghlan wrote: > > > > The main change from the last version discussed on python-ideas > > Was it discussed there? That list has become totally useless, I've > stopped following it. > > > * modify the ``ssl`` module to read the ``PYTHONHTTPSVERIFY`` environment > > variable when the module is first imported into a Python process > > Have you passed that by RedHat's security experts? Yeah, they were the ones that finally persuaded me that this design was reasonable. If I understood their explanation correctly, the gist is that if you're running with elevated permissions while allowing arbitrary processes to set environment variables, you've already opened up so many attack vectors that the only reasonable defence is "don't do that", and hence higher level design decisions like sudo running in root's environment, not the individual user's. Since having the selective downgrade option available makes it easier to justify the default security *up*grade, it works out as a net win. However, I did just realise there's a bug in the current definition of that feature - it should respect the "ignore environment" flag, but it's currently specified as being unconditional. Cheers, Nick. > > Regards > > Antoine. > > > ___ > Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: https://mail.python.org/mailman/options/python-dev/ncoghlan%40gmail.com ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] PEP 493: Redistributor guidance for Python 2.7 HTTPS
On Mon, 6 Jul 2015 23:22:09 +1000 Nick Coghlan wrote: > On 6 Jul 2015 20:23, "Antoine Pitrou" wrote: > > > > On Mon, 6 Jul 2015 14:22:46 +1000 > > Nick Coghlan wrote: > > > > > > The main change from the last version discussed on python-ideas > > > > Was it discussed there? That list has become totally useless, I've > > stopped following it. > > > > > * modify the ``ssl`` module to read the ``PYTHONHTTPSVERIFY`` > environment > > > variable when the module is first imported into a Python process > > > > Have you passed that by RedHat's security experts? > > Yeah, they were the ones that finally persuaded me that this design was > reasonable. If I understood their explanation correctly, the gist is that > if you're running with elevated permissions while allowing arbitrary > processes to set environment variables, you've already opened up so many > attack vectors that the only reasonable defence is "don't do that", and > hence higher level design decisions like sudo running in root's > environment, not the individual user's. Since having the selective > downgrade option available makes it easier to justify the default security > *up*grade, it works out as a net win. Thank you. Then I'm ok with the PEP. Regards Antoine. ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] What's New editing
Hi Folks, I hereby volunteer to write "What's New for Python 3.5?" if folks on python-dev are fine with me taking the job (i.e. I ran it by Travis, my boss at Continuum, and he's happy to allow me to do that work within my salaried hours... so having time isn't a problem). If this is OK with the powers-that-be, I'll coordinate with David Murray on how best to take over this task from him. Thanks, David... On Sun, Jul 5, 2015 at 8:51 PM, Nick Coghlan wrote: > On 6 July 2015 at 12:42, David Mertz wrote: > > I think I might be able to "volunteer" for the task of writing/editing > the > > "What's New in 3.5" docs. I saw David's comment on it today, so > obviously > > haven't yet had a chance to run it by my employer (Continuum Analytics), > but > > I have a hunch they would allow me to do it at least in large part as > paid > > time. I am experienced as a technical writer, follow python-dev, write > > about new features, but am *not*, however, my self an existing core > > developer. > > I think the last point may be a positive rather than a negative when > it comes to effectively describing new features :) > > > If there is interest in this, or at least it seems plausible, I can run > it > > by my employer tomorrow to see about getting enough time allocated (using > > David Murray's past experience as a guideline for what's likely to be > > needed). > > That would be very helpful! I'd definitely be able to find the time to > review and merge updates, it's the research-and-writing side that > poses a problem for me (appreciating a task is worth doing isn't the > same thing as wanting to do it myself!). > > Cheers, > Nick. > > -- > Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia > -- Keeping medicines from the bloodstreams of the sick; food from the bellies of the hungry; books from the hands of the uneducated; technology from the underdeveloped; and putting advocates of freedom in prisons. Intellectual property is to the 21st century what the slave trade was to the 16th. ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] PEP 493: Redistributor guidance for Python 2.7 HTTPS
On Mon, Jul 6, 2015 at 6:21 AM, Antoine Pitrou wrote: > On Mon, 6 Jul 2015 14:22:46 +1000 > Nick Coghlan wrote: >> >> The main change from the last version discussed on python-ideas > > Was it discussed there? That list has become totally useless, I've > stopped following it. Considering that a useful discussion of a useful PEP occurred there (not to mention other occasionally useful discussions) I'd say that such a value judgment is not only unnecessary but also inaccurate. That's fine if it's uninteresting to you and you don't want to follow it, but let's please avoid judgments on entire mailing lists and, by extension, the people holding conversations there. Thanks, Erik ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] What's New editing
On 05.07.15 20:52, R. David Murray wrote: Just so people aren't caught unawares, it is very unlikely that I will have time to be the final editor on "What's New for 3.5" they way I was for 3.3 and 3.4. I've tried to encourage people to keep What's New up to date, but *someone* should make a final editing pass. Ideally they'd do at least the research Serhiy did last year on checking that there's a mention for all of the versionadded and versionchanged 3.5's in the docs. Even better would be to review the NEWS and/or commit history...but *that* is a really big job these days Many thanks you David for your invaluable work. Here is 3.5 NEWS file cleaned from duplicates in 3.4 NEWS file (i.e. from entries about merged bug fixes). It is much less than unfiltered NEWS file. Hope this will help volunteers. +++ Python News +++ What's New in Python 3.6.0 alpha 1? === Release date: -XX-XX Core and Builtins - Library --- - Issue #24426: Fast searching optimization in regular expressions now works for patterns that starts with capturing groups. Fast searching optimization now can't be disabled at compile time. What's New in Python 3.5.0 beta 4? == Release date: 2015-07-26 Core and Builtins - - Issue #24569: Make PEP 448 dictionary evaluation more consistent. Library --- What's New in Python 3.5.0 beta 3? == Release date: 2015-07-05 Core and Builtins - - Upgrade to Unicode 8.0.0. - Issue #24345: Add Py_tp_finalize slot for the stable ABI. - Issue #24400: Introduce a distinct type for PEP 492 coroutines; add types.CoroutineType, inspect.getcoroutinestate, inspect.getcoroutinelocals; coroutines no longer use CO_GENERATOR flag; sys.set_coroutine_wrapper works only for 'async def' coroutines; inspect.iscoroutine no longer uses collections.abc.Coroutine, it's intended to test for pure 'async def' coroutines only; add new opcode: GET_YIELD_FROM_ITER; fix generators wrapper used in types.coroutine to be instance of collections.abc.Generator; collections.abc.Awaitable and collections.abc.Coroutine can no longer be used to detect generator-based coroutines--use inspect.isawaitable instead. - Issue #24450: Add gi_yieldfrom to generators and cr_await to coroutines. Contributed by Benno Leslie and Yury Selivanov. - Issue #19235: Add new RecursionError exception. Patch by Georg Brandl. Library --- - Issue #24522: Fix possible integer overflow in json accelerator module. - Issue #24408: Fixed AttributeError in measure() and metrics() methods of tkinter.Font. - Issue #14373: C implementation of functools.lru_cache() now can be used with methods. - Issue #8232: webbrowser support incomplete on Windows. Patch by Brandon Milam - Issue #24347: Set KeyError if PyDict_GetItemWithError returns NULL. - Issue #24348: Drop superfluous incref/decref. - Issue #24359: Check for changed OrderedDict size during iteration. - Issue #24368: Support keyword arguments in OrderedDict methods. - Issue #24362: Simplify the C OrderedDict fast nodes resize logic. - Issue #24377: Fix a ref leak in OrderedDict.__repr__. - Issue #24369: Defend against key-changes during iteration. Tests - - Issue #24373: _testmultiphase and xxlimited now use tp_traverse and tp_finalize to avoid reference leaks encountered when combining tp_dealloc with PyType_FromSpec (see issue #16690 for details) Documentation - - Issue #24458: Update documentation to cover multi-phase initialization for extension modules (PEP 489). Patch by Petr Viktorin. Build - What's New in Python 3.5.0 beta 2? == Release date: 2015-05-31 Core and Builtins - - Issue #24284: The startswith and endswith methods of the str class no longer return True when finding the empty string and the indexes are completely out of range. - Issue #24328: Fix importing one character extension modules. - Issue #11205: In dictionary displays, evaluate the key before the value. - Issue #24285: Fixed regression that prevented importing extension modules from inside packages. Patch by Petr Viktorin. Library --- - Issue #24270: Add math.isclose() and cmath.isclose() functions as per PEP 485. Contributed by Chris Barker and Tal Einat. - Issue #16991: Add a C implementation of OrderedDict. - Issue #23934: Fix inspect.signature to fail correctly for builtin types lacking signature information. Initial patch by James Powell. What's New in Python 3.5.0 beta 1? == Release date: 2015-05-24 Core and Builtins - - Issue #24276: Fixed optimization of property descriptor getter. - Issue #24268: PEP 489: Multi-phase extension module initialization. Patch by Petr Viktorin. - Issue #23359: Optimize set object internals by specializing th
Re: [Python-Dev] What's New editing
On Mon, Jul 6, 2015 at 8:38 AM David Mertz wrote: > Hi Folks, > > I hereby volunteer to write "What's New for Python 3.5?" if folks on > python-dev are fine with me taking the job (i.e. I ran it by Travis, my > boss at Continuum, and he's happy to allow me to do that work within my > salaried hours... so having time isn't a problem). > > If this is OK with the powers-that-be, I'll coordinate with David Murray > on how best to take over this task from him. > +1 > > Thanks, David... > > On Sun, Jul 5, 2015 at 8:51 PM, Nick Coghlan wrote: > >> On 6 July 2015 at 12:42, David Mertz wrote: >> > I think I might be able to "volunteer" for the task of writing/editing >> the >> > "What's New in 3.5" docs. I saw David's comment on it today, so >> obviously >> > haven't yet had a chance to run it by my employer (Continuum >> Analytics), but >> > I have a hunch they would allow me to do it at least in large part as >> paid >> > time. I am experienced as a technical writer, follow python-dev, write >> > about new features, but am *not*, however, my self an existing core >> > developer. >> >> I think the last point may be a positive rather than a negative when >> it comes to effectively describing new features :) >> >> > If there is interest in this, or at least it seems plausible, I can run >> it >> > by my employer tomorrow to see about getting enough time allocated >> (using >> > David Murray's past experience as a guideline for what's likely to be >> > needed). >> >> That would be very helpful! I'd definitely be able to find the time to >> review and merge updates, it's the research-and-writing side that >> poses a problem for me (appreciating a task is worth doing isn't the >> same thing as wanting to do it myself!). >> >> Cheers, >> Nick. >> >> -- >> Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia >> > > > > -- > Keeping medicines from the bloodstreams of the sick; food > from the bellies of the hungry; books from the hands of the > uneducated; technology from the underdeveloped; and putting > advocates of freedom in prisons. Intellectual property is > to the 21st century what the slave trade was to the 16th. > ___ > Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/greg%40krypto.org > ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] What's New editing
On 07/06/2015 08:38 AM, David Mertz wrote: I hereby volunteer to write "What's New for Python 3.5?" if folks on python-dev are fine with me taking the job (i.e. I ran it by Travis, my boss at Continuum, and he's happy to allow me to do that work within my salaried hours... so having time isn't a problem). Awesome, thank you to you and Continuum! -- ~Ethan~ ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] What's New editing
On Mon, 06 Jul 2015 21:45:01 +0300, Serhiy Storchaka wrote: > On 05.07.15 20:52, R. David Murray wrote: > > Just so people aren't caught unawares, it is very unlikely that I will have > > time to be the final editor on "What's New for 3.5" they way I was for 3.3 > > and > > 3.4. I've tried to encourage people to keep What's New up to date, but > > *someone* should make a final editing pass. Ideally they'd do at least the > > research Serhiy did last year on checking that there's a mention for all of > > the > > versionadded and versionchanged 3.5's in the docs. Even better would be to > > review the NEWS and/or commit history...but *that* is a really big job these > > days > > Many thanks you David for your invaluable work. > > Here is 3.5 NEWS file cleaned from duplicates in 3.4 NEWS file (i.e. > from entries about merged bug fixes). It is much less than unfiltered > NEWS file. Hope this will help volunteers. That's great. What I did was work from the html-rendered NEWS page, and click through to the issue to figure out whether it was a bug fix or an enhancement. Not having to do that check should speed things up. I seem to recall I did find a couple of things that were screwed up and still bore mentioning in whatsnew, but I doubt that is likely enough to make enough difference to be worth it. I also wound up fixing some incorrect NEWS entries (wrong numbers, English, other errors), but that is not central to the whatsnew project. That activity was probably included in the hours count, though. For David (or whoever): in addition to the obvious task of writing up appropriate entries in What's New, part of what I did was to make sure that all of the relevant documentation entries had the appropriate versionchanged or versionadded tags, and that the new documentation made sense. As I recall, my working rhythm was to write the What's New entry including links to the things that had changed, render the what's new page to html, fix the links, then work through the links to make sure the docs made sense and there were appropriate 'versionxxx' tags. You, of course, may find a different working style more beneficial :). Oh, and work from newest change to oldest change. I did it from oldest to newest and only realized late in the game that was the wrong order, because some changes got undone or modified by later changes :) --David ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Importance of "async" keyword
On 06.07.2015 03:41, Nick Coghlan wrote:
That said, I think there's definitely value in providing a very simple
answer to the "how do I make a blocking call from a coroutine?"
question, so I filed an RFE to add asyncio.blocking_call:
http://bugs.python.org/issue24571
Nice step forward, Nick. Thanks a lot.
I'm less convinced of the value of "asyncio.wait_for_result()", so I
haven't filed an RFE for that one.
I have done that for you, because I feel people need to have a
convenient tool to **bridge both worlds** in either direction:
http://bugs.python.org/issue24578
That is even another issue that came to my mind once in a while but I
forgot to post it here:
How are mature projects are supposed to make the transition to asyncio
when they see performance opportunities in using it?
We have several millions lines of code. I actually imagined we could
simply drop an 'await' once in a while in order to gain from asyncio's
power. As it seems, we need to inconveniently write all sort of wrappers
(unnecessarily from my perspective) to retain existing functionality and
leverage asyncio's strength at the same time in order not to break
anything. That is, in fact, the main reason why I conduct this
discussion. I feel this transition is mostly impossible, very costly or
only possible for new code (where is remains to be seen whether it fits
in the existing codebase).
I also feel I am missing something of the bigger picture and I am not
sure if something like this is planned for the future. But from my
perspective in order to leverage asyncio's power, you need at least two
coroutines running at the same time, right? So, in order to get things
running, I still need some sort of get_event_loop into which I can put
my top-level coroutines.
Assume my venerable business functionality:
def business_old():
content1 = open('big.file').read() # blocks until finished
content2 = open('huge.file').read() # blocks until finished
return content1 + content2
I would like to rewrite/amend it to work asynchronously with minimal
effort such as:
def business_new():
content1 = fork open('big.file').read() # wraps up the calls into
awaitables
content2 = fork open('huge.file').read() # and put them into the
event loop
return content1 + content2 # variables are used =>
await evaluation
I might have missed something but I think you get my point.
Correct me if I am wrong, but inferring from the given example of PEP
492, currently, we would need to do the following:
def business_new_2():
content1 = open('big.file').read() # get us two awaitables/futures
content2 = open('huge.file').read() # ...
# somehow the loop magic
loop = asyncio.get_event_loop()
loop.run_until_complete(content1)
loop.run_until_complete(content2)
try:
loop.run_forever() # might be something different
finally:
loop.close()
return content1.result() + content2.result()
I certainly do not want to put that into our codebase. Especially when
this kind of code block could occur at any level many times in various
functions.
Regards,
Sven
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
[Python-Dev] raw_input prompt not printed on sys.stderr
Hi, While playing with non-standard sys.stdout/stderr, I noticed that the prompt of raw_input was printed on stderr (not sys.stderr) (see Parser/myreadline.c:120). I found an issue (http://bugs.python.org/issue1927) from 2008 talking about changing stderr to stdout. But nobody in the thread seems bothered by the use of stdout/err over the ones in the sys module. So, is there any good reason I might not be aware of that justifies the use of stderr over sys.stderr ? -- Clement "Hakril" Rouault ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] PEP 493: Redistributor guidance for Python 2.7 HTTPS
Cross-posted to redirect discussion. Replies directed to Python-Ideas. Erik Bray writes on Python-Dev: > On Mon, Jul 6, 2015 at 6:21 AM, Antoine Pitrou wrote: > > On Mon, 6 Jul 2015 14:22:46 +1000, Nick Coghlan wrote: > >> > >> The main change from the last version discussed on python-ideas > > > > Was it discussed there? That list has become totally useless, I've > > stopped following it. > > Considering that a useful discussion of a useful PEP occurred there > (not to mention other occasionally useful discussions) I'd say that > such a value judgment is not only unnecessary but also inaccurate. As you point out, the words "totally" and "useless" were unnecessary and inaccurate respectively. However, the gist of his post, that the S/N on Python-Ideas has become substantially lower in the last few months, seems accurate to me. At least two recent threads could have been continued on Python-List, where they would have benefited a lot more users, and they didn't seem profitable on Python-Ideas since it was quite evident that Those Who Know About Python were adamantly opposed to the idea as discussed in the thread, while the proponent kept pushing on that brick wall rather than seeking a way around it. I myself continue to follow Python-Ideas, Nick and other committers are posting here daily, and even Guido manages to pop up occasionally, so that may be no problem (or even a good thing if it results in educating and inviting new committers in the long run). But I think it's worth considering whether it we should cultivate a bit more discipline here. Again, discussion on Python-Ideas, please. ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] What's New editing
FWIW, it took me 100+ hours. Doing this right is a non-trivial undertaking (in modern times, there are an astonishing number of changes per release). That said, it is rewarding work that makes a difference. Raymond [David Murray] I can tell you that 3.4 took me approximately 67 hours according to my time log. That was going through the list prepared by Serhiy, and going through pretty much all of the NEWS entries but not the commit log. I'm a precisionist, so I suspect someone less...ocd...about the details could do it a bit faster, perhaps at the cost of some small amount of accuracy :) ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
