Re: [Python-Dev] Python 3.7: Require OpenSSL >=1.0.2 / LibreSSL >= 2.5.3
Correct me if I'm wrong, but Python3 on osx bundles openssl since Apple has deprecated (and no longer ships the header files for) the version shipped with recent versions of osx. Perhaps this is an option to support the various flavors of Linux as well? m On Sun, Jan 14, 2018 at 02:48:49AM +, Paul G wrote: >One thing to note is that if getting Travis working with Python 3.7 is a >pain, a huge number of libraries on PyPI probably just won't test against >Python 3.7, which is not a great situation to be in. > >It's probably worth contacting Travis to give them a head's up and see how >likely it is that they'll be able to support Python 3.7 if it requires a >newer version of these libraries. > >On January 14, 2018 2:16:53 AM UTC, Brett Cannon wrote: > > On Sat, Jan 13, 2018, 14:45 Christian Heimes, > wrote: > >On 2018-01-13 21:02, Brett Cannon wrote: >> +1 from me as well for the improved security. > >Thanks, Brett! > >How should we handle CPython's Travis CI tests? The 14.04 boxes have >OpenSSL 1.0.1. To the best of my knowledge, Travis doesn't offer >16.04. >We could either move to container-based testing with a 16.04 >container, >which would give us 1.0.2 Or we could compile our own copy of OpenSSL >with my multissl builder and use some rpath magic. > >In order to test all new features, Ubuntu doesn't cut it. Even current >snapshot of Ubuntu doesn't contain OpenSSL 1.1. Debian Stretch or >Fedora >would do the trick, though. > >Maybe Barry's work on official test container could leveraged testing? > > My guess is we either move to containers on Travis, see if we can > manually install -- through apt or something -- a newer version of > OpenSSL, or we look at alternative CI options. > -Brett > >Regards, >Christian > ___ > Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/matt%40vazor.com -- Matt Billenstein m...@vazor.com http://www.vazor.com/ ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Python 3.7: Require OpenSSL >=1.0.2 / LibreSSL >= 2.5.3
On Sun, Jan 14, 2018 at 10:54:57AM -0500, Ned Deily wrote: > On Jan 14, 2018, at 08:39, Christian Heimes wrote: > > On 2018-01-14 09:24, Matt Billenstein wrote: > >> Correct me if I'm wrong, but Python3 on osx bundles openssl since Apple has > >> deprecated (and no longer ships the header files for) the version shipped > >> with > >> recent versions of osx. > >> > >> Perhaps this is an option to support the various flavors of Linux as well? > > > > AFAK Apple has decided to compile and statically link CPython's ssl with > > an ancient, customized LibreSSL version. Cory posted [1] a couple of > > months ago > > What Matt is likely thinking of is the Python 3 versions provided by the > python.org macOS binary installers where we do build and link with our > own 1.0.2 (and soon 1.1.0 for 3.7) versions of OpenSSL. Yes, referring to the Python3 python.org installers -- I'm seeing this practice of bundling libs (particularly ssl) become more common as operating system support lags behind. In my mind it becomes easier to bundle deps in a binary installer across the board (Linux, OSX, Windows) rather than rely on whatever version the operating system provides. m -- Matt Billenstein m...@vazor.com http://www.vazor.com/ ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] OS-X builds for 3.7.0
On Tue, Jan 30, 2018 at 09:42:07AM -0800, Chris Barker wrote: >IT dept has been making me upgrade, so I"m going to guess 10.8 or newer... OSX is in a sad state linking to system libs on the later releases -- maybe 10.11 and on, not sure of the exact release -- they stopped shipping the headers for things like ssl and ffi since they don't want 3rd parties linking to deprecated versions of those libraries versus, in the case of ssl, their newer security framework. Recommendation is to bundle what you need if you're not using the framework -- something to think about. thx m -- Matt Billenstein m...@vazor.com http://www.vazor.com/ ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Move ensurepip blobs to external place
As i recall git LFS makes storing large binary objects in some external object storage fairly seamless - might be a good fit for keeping the same workflow and not bloating the repo. M -- Matt Billenstein m...@vazor.com Sent from my iPhone 6 (this put here so you know I have one) > On Mar 24, 2018, at 8:27 PM, Nick Coghlan wrote: > >> On 25 March 2018 at 06:52, Ned Deily wrote: >> On Mar 24, 2018, at 16:13, Steve Dower wrote: >> > Or we could just pull the right version directly from PyPI? (Note that >> > updating the version should be an explicit step, as it is today, but the >> > file should be identical to what’s on PyPI, right? And a urlretrieve is >> > easier than pulling from a git repo.) >> >> I think the primary original rationale for having the pip wheel and its >> dependencies checked into the cpython repo was so that users would be able >> to install pip even if they did not have an Internet connection. But >> perhaps that requirement can be relaxed a bit if we say that the necessary >> wheels are vendored into all of our downloadable release items, that is, >> included in the packaging of source release files (the various tarballs) and >> the Windows and macOS binary installers. The main change would likely be >> making ensurepip a bit smarter to download if the bundled wheels are not >> present in the source directory. Assuming that people building from a >> cpython repo need to have a network connection if they want to run >> ensurepip, at least for the first time, is probably not an onerous >> requirement. > > Right, having the wheels in the release artifacts is a requirement, as is > having them available for use when running the test suite, but having them in > the git repo isn't. > > Adding them directly to the repo was just the simplest approach to getting > ensurepip working, since it didn't require any changes to the build process. > > Cheers, > Nick. > > -- > Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia > ___ > Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/matt%40vazor.com ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] RFC: PEP 460: Add bytes % args and bytes.format(args) to Python 3.5
On Wed, Jan 08, 2014 at 07:12:06PM +0100, Stefan Behnel wrote:
> Why can't someone write a third-party library that does what these projects
> need, and that works in both Py2 and Py3, so that these projects can be
> modified to use that library and thus get on with their porting to Py3?
Apologies if this is out of place and slightly OT and soap-boxey...
Does it not strike anyone here how odd it is that one would need a library to
manipulate binary data in a programming language with "batteries included" on a
binary computer? And maybe you can do it with existing facilities in both
versions of Python, although in python3, I need to understand what bytes,
format, ascii, and surrogateescape mean - among other things.
I started in Python blissfully unaware of unicode - it was a different time for
sure, but what I knew from C worked pretty much the same in Python - I could
read some binary data out of a file, twiddle some bits, and write it back out
again without any of these complexities - life was good and granted I was
naive, but it made Python approachable for me and I enjoyed it. I stuck with
it and learned about unicode and the complexities of encoding data and now I'm
astonished at how many professional programmers don't know the slightest bit
about it and how horribly munged some data you can consume on the web might be
- I agree it's all quite a mess.
So now I'm getting more serious about Python3 and my fear is that the
development community (python3) has fractured from the user community (python2)
in that they've built something that solves their problems (to oversimplify
lets say a webapp) - sure, a bunch of stuff got fixed along the way and we gave
the users division they would expect (3/2 == 1.5), but somewhere what I felt
was more like a hobbyist language has become big and complex and "we need to
protect our users from doing the wrong thing."
And I think everyone was well intentioned - and python3 covers most of the
bases, but working with binary data is not only a "wire-protocol programmer's"
problem. Needing a library to wrap bytesthing.format('ascii',
'surrogateescape')
or some such thing makes python3 less approachable for those who haven't
learned that yet - which was almost all of us at some point when we started
programming.
I appreciate everyone's hard work - I'm confident the community will cross the
2-3 chasm and I hope we preserve the approachability I first came to love about
Python when I started using it for all sorts of applications.
thx
m
--
Matt Billenstein
m...@vazor.com
http://www.vazor.com/
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
[Python-Dev] Re: What to do about invalid escape sequences
On Mon, Aug 05, 2019 at 04:22:50AM -, raymond.hettin...@gmail.com wrote: > This once seemed like a reasonable and innocuous idea to me; however, I've > been using the 3.8 beta heavily for a month and no longer think it is a good > idea. The warning crops up frequently, often due to third-party packages > (such as docutils and bottle) that users can't easily do anything about. Perhaps those packages could be flagged now via pylint and problems raised with the respective package maintainers before the actual 3.8 release? Checking the top 100 or top 1000 packages on PyPI? m -- Matt Billenstein m...@vazor.com http://www.vazor.com/ ___ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/ZS5B2EOCBTJGSHMVTL4ZXNEEGGBL2RN6/
[Python-Dev] Re: What to do about invalid escape sequences
On Tue, Aug 06, 2019 at 04:32:04PM +, Matt Billenstein wrote: > Perhaps those packages could be flagged now via pylint and problems raised > with > the respective package maintainers before the actual 3.8 release? Checking > the > top 100 or top 1000 packages on PyPI? fwiw, ran pylint on the top 100 pypi pkgs from: https://hugovk.github.io/top-pypi-packages/top-pypi-packages-30-days.json The list of packages is pretty small: https://gist.github.com/mattbillenstein/ad862d032b8575f8d6e08384850f2223 but some have quite a few errors... m -- Matt Billenstein m...@vazor.com http://www.vazor.com/ ___ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/TKDVLMRD4NRNQD3X3GYKSG5D2I3AKPBO/
Re: [Python-Dev] Snap Python for simple distribution across multiple Linux distros
On Tue, May 16, 2017 at 11:31:42AM +0100, Martin Wimpress wrote: > Is there someone here who'd be interested in doing the same for Python? Do snaps support Windows and/or MacOS? m -- Matt Billenstein m...@vazor.com http://www.vazor.com/ ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] socketserver ForkingMixin waiting for child processes
Common pattern I've used is to wait a bit, then send a kill signal. M -- Matt Billenstein m...@vazor.com Sent from my iPhone 6 (this put here so you know I have one) > On Aug 11, 2017, at 5:44 AM, Victor Stinner wrote: > > Hi, > > I'm working on reducing the failure rate of Python CIs (Travis CI, > AppVeyor, buildbots). For that, I'm trying to reduce test side effects > using "environment altered" warnings. This week, I worked on > support.reap_children() which detects leaked child processes (usually > created with os.fork()). > > I found a bug in the socketserver module: it waits for child processes > completion, but only in non-blocking mode. If a child process takes > too long, the server will never reads its exit status and so the > server leaks "zombie processes". Leaking processes can increase the > memory usage, spawning new processes can fail, etc. > > => http://bugs.python.org/issue31151 > > I changed the code to call waitpid() in blocking mode on each child > process on server_close(), to ensure that all children completed when > on server close: > > https://github.com/python/cpython/commit/aa8ec34ad52bb3b274ce91169e1bc4a598655049 > > After pushing my change, I'm not sure anymore if it's a good idea. > There is a risk that server_close() blocks if a child is stuck on a > socket recv() or send() for some reasons. > > Should we relax the code by waiting a few seconds (problem: hardcoded > timeouts are always a bad idea), or *terminate* processes (SIGKILL on > UNIX) if they don't complete fast enough? > > I don't know which applications use socketserver. How I can test if it > breaks code in the wild? > > At least, I didn't notice any regression on Python CIs. > > Well, maybe the change is ok for the master branch. But I would like > your opinion because now I would like to backport the fix to 2.7 and > 3.6 branches. It might break some applications. > > If we *cannot* backport such change to 2.7 and 3.6 because it changes > the behaviour, I will fix the bug in test_socketserver.py instead. > > What do you think? > > Victor > ___ > Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/matt%40vazor.com ___ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
[Python-Dev] Re: python3 -bb and hash collisions
On Tue, Sep 10, 2019 at 10:42:52AM -0400, Daniel Holth wrote: > I stopped using Python 3 after learning about str(bytes) by finding it in my > corrupted database. Ever since then I've been anxious about changing to the > new > language, since it makes it so easy to convert from bytes to unicode by > accident without specifying a valid encoding. So I would like to see a future > where str(bytes) is effectively removed. I started working on a pull request > that adds an API to toggle str(bytes) at runtime with a thread local (instead > of requiring a command line argument), so you could do with no_str_bytes(): if > you were worried about the feature, but got a bit stuck in the internals. How is this different than all the str -> unicode bugs we had in python2? If you have special needs, you can always monkey-patch it in plain python code by overriding __builtins__.str with something that asserts the given arg is not bytes. m -- Matt Billenstein m...@vazor.com http://www.vazor.com/ ___ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/J3MLBIRRUSHO7TSTZ54FFYQZBJBVJCMY/
[Python-Dev] Re: python3 -bb and hash collisions
On Fri, Sep 13, 2019 at 08:37:26AM +1000, Cameron Simpson wrote:
> On 10Sep2019 10:42, Daniel Holth wrote:
> [...]
> > I stopped using Python 3 after learning about str(bytes) by finding it
> > in
> > my corrupted database. [...]
>
> Could you outline how this happened to you?
Not the OP, but I've actually seen something like this happen in postgres, but
it's postgres doing the adaptation of bytea into a text column, not python str
afaict:
>>> conn = psycopg2.connect(...)
>>>
>>> with conn.cursor() as cursor:
... cursor.execute('update note set notes=%s where id=%s returning notes',
('hi there', 'NwMVUksheafn'))
... cursor.fetchall()
... cursor.execute('update note set notes=%s where id=%s returning notes',
(b'hi there', 'NwMVUksheafn'))
... cursor.fetchall()
...
[{'notes': 'hi there'}]
[{'notes': '\\x6869207468657265'}]
We were storing the response of an api request from requests and had grabbed
response.content (bytes) instead of response.text (str). I was still able to
decode the original data from this bytes representation, so not ideal, but no
data lost.
I did wish this sorta thing had raised an error instead of doing what it did.
m
--
Matt Billenstein
m...@vazor.com
http://www.vazor.com/
___
Python-Dev mailing list -- python-dev@python.org
To unsubscribe send an email to python-dev-le...@python.org
https://mail.python.org/mailman3/lists/python-dev.python.org/
Message archived at
https://mail.python.org/archives/list/python-dev@python.org/message/CXFLFI3I3J4OQBAYLHRZSFFDU46Y4EGW/
Re: [Python-Dev] Status of json (simplejson) in cpython
On Fri, Apr 15, 2011 at 05:03:55PM -0700, Bob Ippolito wrote: > On Fri, Apr 15, 2011 at 4:12 PM, Antoine Pitrou wrote: > > On Fri, 15 Apr 2011 14:27:04 -0700 > > Bob Ippolito wrote: > >> On Fri, Apr 15, 2011 at 2:20 PM, Antoine Pitrou > >> wrote: > > > > Well, here's a crude microbenchmark. I'm comparing 2.6+simplejson 2.1.3 > > to 3.3+json, so I'm avoiding integers: > > > > * json.dumps: > > > > $ python -m timeit -s "from simplejson import dumps, loads; \ > > ?? ??d = dict((str(i), str(i)) for i in range(1000))" \ > > ?? "dumps(d)" > > > > - 2.6+simplejson: 372 usec per loop > > - 3.2+json: 352 usec per loop > > > > * json.loads: > > > > $ python -m timeit -s "from simplejson import dumps, loads; \ > > ?? ??d = dict((str(i), str(i)) for i in range(1000)); s = dumps(d)" \ > > ?? ??"loads(s)" > > > > - 2.6+simplejson: 224 usec per loop > > - 3.2+json: 233 usec per loop > > > > > > The runtimes look quite similar. > > That's the problem with trivial benchmarks. With more typical data > (for us, anyway) you should see very different results. Slightly less crude benchmark showing simplejson is quite a bit faster: http://pastebin.com/g1WqUPwm 250ms vs 5.5s encoding and decoding an 11KB json object 1000 times... m -- Matt Billenstein m...@vazor.com http://www.vazor.com/ ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Status of json (simplejson) in cpython
On Fri, Apr 15, 2011 at 05:03:55PM -0700, Bob Ippolito wrote: > On Fri, Apr 15, 2011 at 4:12 PM, Antoine Pitrou wrote: > > On Fri, 15 Apr 2011 14:27:04 -0700 > > Bob Ippolito wrote: > >> On Fri, Apr 15, 2011 at 2:20 PM, Antoine Pitrou > >> wrote: > > > > Well, here's a crude microbenchmark. I'm comparing 2.6+simplejson 2.1.3 > > to 3.3+json, so I'm avoiding integers: > > > > * json.dumps: > > > > $ python -m timeit -s "from simplejson import dumps, loads; \ > > ?? ??d = dict((str(i), str(i)) for i in range(1000))" \ > > ?? "dumps(d)" > > > > - 2.6+simplejson: 372 usec per loop > > - 3.2+json: 352 usec per loop > > > > * json.loads: > > > > $ python -m timeit -s "from simplejson import dumps, loads; \ > > ?? ??d = dict((str(i), str(i)) for i in range(1000)); s = dumps(d)" \ > > ?? ??"loads(s)" > > > > - 2.6+simplejson: 224 usec per loop > > - 3.2+json: 233 usec per loop > > > > > > The runtimes look quite similar. > > That's the problem with trivial benchmarks. With more typical data > (for us, anyway) you should see very different results. Slightly less crude benchmark showing simplejson is quite a bit faster: http://pastebin.com/g1WqUPwm 250ms vs 5.5s encoding and decoding an 11KB json object 1000 times... m -- Matt Billenstein m...@vazor.com http://www.vazor.com/ ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Status of json (simplejson) in cpython
On Sat, Apr 16, 2011 at 01:30:13PM +0200, Antoine Pitrou wrote: > On Sat, 16 Apr 2011 00:41:03 + > Matt Billenstein wrote: > > > > Slightly less crude benchmark showing simplejson is quite a bit faster: > > > > http://pastebin.com/g1WqUPwm > > > > 250ms vs 5.5s encoding and decoding an 11KB json object 1000 times... > > This doesn't have much value if you don't say which version of Python > you ran json with. You should use 3.2, otherwise you might miss some > optimizations. Yes, that was 2.6.5 -- 3.2 native json is comparable to simplejson here taking about 330ms... m -- Matt Billenstein m...@vazor.com http://www.vazor.com/ ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Status of json (simplejson) in cpython
On Sun, Apr 17, 2011 at 08:22:20AM +0200, Stefan Behnel wrote: > Matt Billenstein, 17.04.2011 00:47: > >On Sat, Apr 16, 2011 at 01:30:13PM +0200, Antoine Pitrou wrote: > >>On Sat, 16 Apr 2011 00:41:03 + > >>Matt Billenstein wrote: > >>> > >>>Slightly less crude benchmark showing simplejson is quite a bit faster: > >>> > >>>http://pastebin.com/g1WqUPwm > >>> > >>>250ms vs 5.5s encoding and decoding an 11KB json object 1000 times... > >> > >>This doesn't have much value if you don't say which version of Python > >>you ran json with. You should use 3.2, otherwise you might miss some > >>optimizations. > > > >Yes, that was 2.6.5 -- 3.2 native json is comparable to simplejson here > >taking > >about 330ms... > > From the POV of CPython 3.2, is "native" Python or C? "Native" as in the version that ships with 3.2. And actually I think my test with 2.6.5 wasn't using the C extension for some reason so that 5.5s number isn't right -- a fresh build of 2.7.1 gives me a runtime of around 350ms. m -- Matt Billenstein m...@vazor.com http://www.vazor.com/ ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
[Python-Dev] Re: Why doesn't venv also install python3*-config?
On Wed, Jan 08, 2020 at 12:26:39PM +0100, Musbur wrote: > I'm experimenting with package development on different versions of Python > in different virtualenvs. After running "make" I don't do "make install", > but rather I set up virtualenvs by running /path/to/source/python -m venv > env_dir. I'd suggest https://github.com/pyenv/pyenv -- this handles this more seamlessly. m -- Matt Billenstein m...@vazor.com http://www.vazor.com/ ___ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/DL45OWIVYPZLKMLVSYISPG2XNY2S3PE7/ Code of Conduct: http://python.org/psf/codeofconduct/
[Python-Dev] MacOS pkg bundles openssl, but doesn't include a cert bundle?
Hi, installing the latest 2.7.16 MacOS installer, functions in urllib will attempt to load trusted certs from: /Library/Frameworks/Python.framework/Versions/2.7/etc/openssl/cert.pem But this file is not shipped with the installer package - this makes urlretrieve and friends fail on https hosts - perhaps the installer should ship a bundle or enable using something like certifi if it's installed? AFAIK Apple has deprecated openssl libs as shipped with the OS a long time ago and only support their proprietary framework crypto apis and on MacOS Catalina and newer. thx m -- Matt Billenstein m...@vazor.com http://www.vazor.com/ ___ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/F4NRIGHUOJVWQAOHJEOOF3AQBB76VNGD/ Code of Conduct: http://python.org/psf/codeofconduct/
[Python-Dev] Re: MacOS pkg bundles openssl, but doesn't include a cert bundle?
Thanks Ned - confirmed that works in 2.7.17 - maybe it was there in 2.7.16 and I just overlooked that messaging in the last step. m On Mon, Mar 23, 2020 at 09:11:09PM -0400, Ned Deily wrote: > On Mar 23, 2020, at 20:30, Matt Billenstein via Python-Dev > wrote: > > Hi, installing the latest 2.7.16 MacOS installer, functions in urllib > > will attempt to load trusted certs from: > > > > /Library/Frameworks/Python.framework/Versions/2.7/etc/openssl/cert.pem > > > > But this file is not shipped with the installer package - this makes > > urlretrieve and friends fail on https hosts - perhaps the installer > > should ship a bundle or enable using something like certifi if it's > > installed? > > Python 2.7.17 is the most recent 2.7.x release. You should be using it > instead of 2.7.16. > > When you open one of the current macOS Installer packages from python.org, > the first (Welcome) display includes the following text: > > "At the end of this install, click on Install Certificates to install a set > of current SSL root certificates." > > The second display (ReadMe) in the Installer includes the following section: > > "Certificate verification and OpenSSL > > This package includes its own private copy of OpenSSL 1.0.2. The trust > certificates in system and user keychains managed by the Keychain Access > application and the security command line utility are not used as defaults by > the Python ssl module. A sample command script is included in > /Applications/Python 2.7 to install a curated bundle of default root > certificates from the third-party certifi package > (https://pypi.org/project/certifi/). Double-click on Install Certificates to > run it. > > The bundled pip has its own default certificate store for verifying download > connections." > > By default, a copy of that ReadMe is saved as a file in /Application/Python > 2.7/ should you need to refer to it, along with the "Install > Certificates.command" file. > > We do not currently ship a set of certificates with the installer directly > because any of them could be replaced or invalidated over the lifetome of the > installer package. > > Hope that helps. > > > -- > Ned Deily > n...@python.org -- [] -- Matt Billenstein m...@vazor.com http://www.vazor.com/ ___ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/27TF36AURBYJZW2LLGRYGL3GMI6XZZ4W/ Code of Conduct: http://python.org/psf/codeofconduct/
[Python-Dev] Re: PEP 617: New PEG parser for CPython
On Thu, Apr 02, 2020 at 05:17:31PM -0700, Guido van Rossum wrote: > On Thu, Apr 2, 2020 at 4:20 PM Nathaniel Smith wrote: > > If the AST is supposed to be the same, then would it make sense to > temporarily – maybe just during the alpha/beta period – always run > *both* parsers and confirm that they match? > > > That's not a bad idea! https://github.com/we-like-parsers/cpython/issues/33 Even just running it in a dev build against the corpus of the top few thousand packages on pypi might give enough confidence -- I had a script to download the top N packages and run some script over the python files contained therein, but I can't seem to find it atm. m -- Matt Billenstein m...@vazor.com http://www.vazor.com/ ___ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/YCL5HQIV5YIRPZ5VCKV6B7U5XCECFAW2/ Code of Conduct: http://python.org/psf/codeofconduct/
[Python-Dev] Re: PEP 617: New PEG parser for CPython
On Thu, Apr 02, 2020 at 08:57:30PM -0700, Guido van Rossum wrote: > On Thu, Apr 2, 2020 at 7:55 PM Matt Billenstein wrote: > > Even just running it in a dev build against the corpus of the top few > thousand packages on pypi might give enough confidence -- I had a script > to download the top N packages and run some script over the python files > contained therein, but I can't seem to find it atm. > > > We got that. Check https://github.com/gvanrossum/pegen/tree/master/scripts -- > look at download_pypi_packages.py and test_pypi_packages.py. Very nice! m -- Matt Billenstein m...@vazor.com http://www.vazor.com/ ___ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/Q5DY4ZNCB7GYGIL5LUWJFJ7GLL5EJMW2/ Code of Conduct: http://python.org/psf/codeofconduct/
