Re: [Python-Dev] Adding NewType() to PEP 484

2016-05-28 Thread cs 

On 28May2016 08:19, Steve Dower  wrote:

Did anyone suggest "distinct type alias"?

Regardless of what name, I'm fairly sure people will call it whatever the 
function to create it is called. So if the function is 
typings.distinguish_type(...), then distinguished will stick.


Just casting an opinion in support of Greg Ewing's remark: I don't think we 
should use the word "alias", regardless of what else is used.


In <5748fb66.7090...@canterbury.ac.nz>, Greg said:

 Steven D'Aprano wrote:
 > TypeAlias? Because A is an alias for int?
 That suggests it's just another name for the same type, but it's not. It's a 
 distinct type as far as the static type checker is concerned


and I agree entirely.

Cheers,
Cameron Simpson 
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

[Python-Dev] Issue 21671: CVE-2014-0224 OpenSSL upgrade to 1.0.1h on Windows required

2014-06-17 Thread Yates, Andy (CS Houston, TX) 
Python Dev,
Andy here. I have a Windows product based on Python and I'm getting hammered to 
release a version that includes the fix in OpenSSL 1.0.1h.  My product is built 
on a Windows system using Python installed from the standard Python installer 
at Python.org.  I would be grateful if I could get some advice on my options. 
Will Python.org be releasing a Windows installer with the fix any time soon or 
will it be at the next scheduled release in November?  If it is November, 
there's no way I can wait that long. Now what?  Would it be best to build my 
own Python? Is it possible to drop in new OpenSSL versions on Windows without 
rebuilding Python?  Looking for some guidance on how to handle these OpenSSL 
issues on Windows.

Thanks!
Andy Yates
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Issue 21671: CVE-2014-0224 OpenSSL upgrade to 1.0.1h on Windows required

2014-06-19 Thread Yates, Andy (CS Houston, TX) 
Thanks for all the good information.  We ended up building _ssl and _hashlib 
and dropping those into the existing Python on our build server.  That seems to 
be working fine. 

>From my perspective ssl libraries are a special case. I think I could handle 
>any other included library having a flaw for weeks or months, but my 
>management and customers are sensitive to releasing software with known ssl 
>vulnerabilities.  For Windows Python it looks like the only option for 
>updating OpenSSL is to build from source. For us that turned out to be no big 
>deal. However, it may be beyond the reach of some, either technically or due 
>to the lack of access to Dev Studio.  There's also some concern that a custom 
>build of Python may not have some secret sauce or complier switch that could 
>cause unexpected behavior.

That said, I'd like to see Python spin within a short period of time after a 
recognized OpenSSL vulnerability is fixed if is statically linked.  This would 
limit exposure to the unsuspecting user who downloads Windows Python from 
Python.org. The next best thing would be to dynamically link to Windows OpenSSL 
DLLs allowing users to drop in which ever version they like.

Thanks again!!

Andy


-Original Message-
From: Python-Dev [mailto:python-dev-bounces+ayates=hp@python.org] On Behalf 
Of Benjamin Peterson
Sent: Tuesday, June 17, 2014 2:07 PM
To: Ned Deily; python-dev@python.org
Subject: Re: [Python-Dev] Issue 21671: CVE-2014-0224 OpenSSL upgrade to 1.0.1h 
on Windows required

On Tue, Jun 17, 2014, at 12:03, Ned Deily wrote:
> In article
> <81f84430ce0242e5bfa5b2264777d...@blupr03mb389.namprd03.prod.outlook.c
> om
> >,
>  Steve Dower  wrote:
> > You'll only need to rebuild the _ssl and _hashlib extension modules 
> > with the new OpenSSL version. The easiest way to do this is to build 
> > from source (which has already been updated for 1.0.1h if you use 
> > the externals scripts in Tools\buildbot), and you should just be 
> > able to drop _ssl.pyd and _hashlib.pyd on top of a normal install.
> 
> Should we consider doing a re-spin of the Windows installers for 2.7.7 
> with 1.0.1h?  Or consider doing a 2.7.8 in the near future to address 
> this and various 2.7.7 regressions that have been identified so far 
> (Issues 21652 and 21672)?

I think we should do a 2.7.8 soon to pick up the openssl upgrade and recent CGI 
security fix. I would like to see those two regressions fixed first, though.
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: https://mail.python.org/mailman/options/python-dev/ayates%40hp.com
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com