Nick Coghlan added the comment:
Dave, sending this one back in your direction. Is there a relevant difference
between rpmbuild in RHEL6 and rpmbuild in current Fedora?
--
assignee: eric.araujo -> dmalcolm
___
Python tracker
<http://bugs.pyth
New submission from Nick Coghlan :
Command line documentation for pyvenv must be provided under
http://docs.python.org/dev/using/index.html before 3.3 is released.
--
assignee: docs@python
components: Documentation
messages: 161815
nosy: docs@python, ncoghlan, vinay.sajip
priority
New submission from Nick Coghlan :
Command line documentation for pysetup must be provided under
http://docs.python.org/dev/using/index.html before 3.3 is released.
--
messages: 161816
nosy: eric.araujo, ncoghlan, tarek
priority: deferred blocker
severity: normal
stage: needs patch
New submission from Nick Coghlan :
The following docs should be updated based on the automatic PATH manipulation
in the updated installer:
http://docs.python.org/dev/using/windows.html#using-python-on-windows
The section on script execution should also mention the -m switch and the
section on
Changes by Nick Coghlan :
--
superseder: -> Document the path option in the Windows installer
___
Python tracker
<http://bugs.python.org/issue14941>
___
___
Py
Nick Coghlan added the comment:
See #14941 for a couple of other issues I noticed with the current Windows docs
(specifically, -m means finding the stdlib location could probably be
de-emphasised and the docs on compiling should be replaced with a reference to
the devguide)
--
nosy
Nick Coghlan added the comment:
No, we need to start using the Setup & Usage docs *more*, not less.
All tools with useful command line behaviour (especially those that are
directly installed as scripts) should eventually be documented here.
The fact this has historically been avoided i
Nick Coghlan added the comment:
See my reply on #14939. We need to start getting command line usage information
*out* of the standard library reference and documenting it here.
--
nosy: +ncoghlan
___
Python tracker
<http://bugs.python.
Changes by Nick Coghlan :
--
Removed message: http://bugs.python.org/msg161829
___
Python tracker
<http://bugs.python.org/issue14942>
___
___
Python-bugs-list m
Nick Coghlan added the comment:
See my reply on #14939. We need to start getting command line usage information
*out* of the standard library reference and documenting it here.
--
___
Python tracker
<http://bugs.python.org/issue14
New submission from Nick Coghlan :
pydoc is installed as a script by Python. It should be documented under
http://docs.python.org/dev/using/index.html.
--
assignee: docs@python
components: Documentation
messages: 161831
nosy: docs@python, ncoghlan
priority: normal
severity: normal
New submission from Nick Coghlan :
Some stdlib modules have officially documented and supported behaviour when
executed via -m. These should be referenced from the Setup & Usage
documentation at http://docs.python.org/dev/using/index.html
Current candidates:
python -m unittest
pytho
Nick Coghlan added the comment:
I'm sure there's a predecessor to this issue that I intend for this one to
replace, but I can't currently find it in order to mark it as superceded.
--
___
Python tracker
<http://bugs.pyt
Nick Coghlan added the comment:
I think for these it's reasonable to just have an index page that references
out to the individual module docs. Most of them are closely related to using
the module in your own code and/or there's general background info in the
module docs that you
Nick Coghlan added the comment:
No, I mean no new C API at all. Anyone that wants to dynamically create a new
type from C in 3.3 can already just write their own code to make the
appropriate types.new_class() call:
http://docs.python.org/dev/library/types#types.new_class
A simple example
New submission from Nick Coghlan :
The http://docs.python.org/dev/library/types#dynamic-type-creation docs should
have a see also ref to the main class creation docs in the language reference.
Just a reminder to myself so I don't forget to fix it.
--
assignee: ncoghlan
compo
Nick Coghlan added the comment:
Added some review comments. I'm thinking the docs for str.splitlines() could
really do with an update to say explicitly that a trailing newline *doesn't*
append an empty string to the result.
--
___
Pyth
New submission from Nick Coghlan :
The docs for str.splitlines() should explain:
1. That it uses the universal newlines approach to splitting lines
2. That unlike str.split() a trailing empty line is *not* included in the
resulting list
--
assignee: docs@python
components
Nick Coghlan added the comment:
I created #14957 to cover improving the str.splitlines docs.
For this patch, I think Chris is right that it should be using
str.splitlines(True) and joining on "''" instead of "'\n'" so
Nick Coghlan added the comment:
It wouldn't be a PEP, it would be an addition to the embedding docs:
http://docs.python.org/extending/embedding.html
--
___
Python tracker
<http://bugs.python.org/is
Nick Coghlan added the comment:
For the more general breakage due to PYTHONHOME and PYTHONPATH, yeah, global
environment variables are bad, particularly when an OS relies on tools written
in (or embedding) Python.
That's the reason virtualenv (and 3.3's forthcoming venv) are a
Nick Coghlan added the comment:
Now I'm wondering if the problem will also manifest itself on EL rebuilds like
CentOS or Scientific Linux, since that will affect how specific we can get when
it comes to implementing a workaround.
That is, overriding __os_install_post should definitely
Nick Coghlan added the comment:
As Robert noted, the map() and filter() builtins in Python 3 are already lazy
and there's no reason to expand the iterator protocol for this functionality.
Map and filter also have dedicated syntax in the form of comprehensions and
generator expres
New submission from Nick Coghlan :
The current implementation of contextlib.ExitStack [1] actually creates a
nested series of frames when unwinding the callback stack in an effort to
ensure exceptions are chained correctly, just as they would be if using nested
with statements.
It would be
Nick Coghlan added the comment:
History with dictproxy means I'm also OK with "new type by stealth".
Perhaps add some tests to check "type(sys.implementation)()" does something
sane?
--
___
Python tracker
<http:
Nick Coghlan added the comment:
If we don't expose the mechanism behind -E to embedding applications via
the C API, then a non-docs change may be needed. However, writing (or at
least trying to write) the relevant docs is a good way to check whether or
not that is the
Nick Coghlan added the comment:
Sorry, I wasn't clear on what I meant by "chained correctly", and that's the
part that makes this trickier than the way contextlib.nested did it. I'm
referring to the __context__ attribute on exceptions that is set automatically
wh
New submission from Nick Coghlan :
CalledProcessError provides a nice encapsulation for a returncode, the original
command and any partial output. The API should be officially documented so that
third party subprocess.Popen convenience wrappers can use it easily.
--
assignee: docs
New submission from Nick Coghlan :
When adding the test case for #14963, I discovered that contextlib.ExitStack
can't *quite* reproduce the exception handling of nested with statements.
The problem arises when the original exception gets suppressed by one of the
handlers, but an outer ha
Nick Coghlan added the comment:
Interesting - it turns out we can't fully reproduce the behaviour of nested
with statements in ExitStack (see the new reference test I checked in, as well
as #14969)
I added one technically redundant variable to the implementation to make it
more obvi
Nick Coghlan added the comment:
Electronic contributor forms are actually on the PSF wishlist. We'll get there
some day (maybe after the website update).
Getting back to the problem at hand, I think you might be on to something with
the idea of exploiting PEP 409 to handle this. Specifi
Nick Coghlan added the comment:
Ah, you're absolutely right. Interestingly though, the old recursive
implementation appeared to have the same bug, and I'd deliberately used the
recursive approach precisely so that suppressed exceptions *would* get cleared
correctly. I must have
Changes by Nick Coghlan :
--
nosy: +ncoghlan
___
Python tracker
<http://bugs.python.org/issue14965>
___
___
Python-bugs-list mailing list
Unsubscribe:
Nick Coghlan added the comment:
It *was* closed - I inadvertently reopened it with my comment. Fixed :)
--
resolution: -> fixed
stage: test needed -> committed/rejected
status: open -> closed
___
Python tracker
<http://bugs.python.or
Nick Coghlan added the comment:
With a cross link from the header of the module reference to the howto guide, I
think what Sandro posted is good enough for a first draft.
Once the basic content is checked in, then I'll tinker a bit to figure out a
more logical order (and possibly move
Nick Coghlan added the comment:
Hynek's latest patch mostly looks good to me, but I think the "packed" property
on network definitions just needs to go away.
The original ipaddr API that is the basis for ipaddress doesn't really have a
clear distinction between networ
Nick Coghlan added the comment:
Also noting a TODO item here: currently, the address-producing operations on
network objects just produce vanilla address objects of the appropriate
version. My question is, should we have those operations create interface
objects instead?
My current thought
New submission from Nick Coghlan :
The unittest module has some lovely enhanced comparison operations, but they're
currently hard to access outside a test run.
It would be rather convenient if they were split out into a separate base class
so they could be used directly without needi
Nick Coghlan added the comment:
Because that doesn't work in 2.x (it fails with a ValueError due to "runTest"
being missing) and I forgot you had already changed that behaviour to make it
more convenient in 3.x :)
--
resolution: -> out of date
stat
Nick Coghlan added the comment:
A comment above the length check referring back to this issue and the
deliberate decision to allow a timing attack to determine the length of the
expected digest would be handy.
I was just looking at hmac.secure_compare and my thought when reading the
source
Changes by Nick Coghlan :
--
assignee: -> ncoghlan
stage: needs patch -> patch review
___
Python tracker
<http://bugs.python.org/issue13857>
___
___
Pyth
New submission from Nick Coghlan :
Running test_gdb on Fedora 17 produces a litany of the following error:
- warning: File "/home/ncoghlan/devel/py3k/python-gdb.py" auto-loading has been
declined by your `auto-load safe-path' set to
"/usr/share/gdb/auto-load:/usr/lib
Nick Coghlan added the comment:
In addition, we should probably report this as a test skip rather than as a
litany of test failures.
--
components: +Tests
___
Python tracker
<http://bugs.python.org/issue15
New submission from Nick Coghlan :
After upgrading from Fedora 16 -> 17, my previously working trunk build is
getting the following error:
Building '_dbm' extension
gcc -pthread -fPIC -Wno-unused-result -g -O0 -Wall -Wstrict-prototypes
-DHAVE_NDBM_H -IInclude -I. -I./Include
Nick Coghlan added the comment:
Ezra (and anyone interested) may want to take a look at the checked in version
to see some of the changes I made while preparing the patch for commit.
- name changes and slight restructure as discussed on the review
- splitlines() invocation changed as
New submission from Nick Coghlan :
In working on #13857, I noticed that the current regex based implementation of
textwrap.dedent() is limited specifically to ASCII whitespace (tabs and spaces)
with Unix line endings (a line containing solely a Windows "\r\n" line ending
will be
Changes by Nick Coghlan :
--
resolution: -> fixed
stage: patch review -> committed/rejected
status: open -> closed
___
Python tracker
<http://bugs.python.or
Nick Coghlan added the comment:
Technically, it returns -1 (which later gets coerced to an unsigned value).
However, there's no good reason for the inconsistency - the offending line
(663) in main.c should be changed to be:
sts = (RunModule(module, 1) != 0);
It is currently
Nick Coghlan added the comment:
One brief comment on the wording of the error message: the inconsistent naming
is actually copied from the str.format code.
>>> "{foo} {} {bar}".format(2, foo='fooval', bar='barval')
'fooval 2 barval'
>>>
Changes by Nick Coghlan :
--
versions: +Python 3.4 -Python 3.3
___
Python tracker
<http://bugs.python.org/issue13578>
___
___
Python-bugs-list mailing list
Unsub
Changes by Nick Coghlan :
--
versions: +Python 3.4 -Python 3.3
___
Python tracker
<http://bugs.python.org/issue14803>
___
___
Python-bugs-list mailing list
Unsub
Changes by Nick Coghlan :
--
assignee: docs@python -> ncoghlan
priority: normal -> release blocker
___
Python tracker
<http://bugs.python.org/issue13783>
___
__
Changes by Nick Coghlan :
--
assignee: -> ncoghlan
___
Python tracker
<http://bugs.python.org/issue13062>
___
___
Python-bugs-list mailing list
Unsubscri
Nick Coghlan added the comment:
Meador: I probably won't get to this until the weekend, so go ahead and update
the patch if you have time.
--
___
Python tracker
<http://bugs.python.org/is
Nick Coghlan added the comment:
I was tempted to just add this (perhaps as a -X option) but, on reflection, I'm
going to go with "No, not for 3.3".
I want to take a long hard look at the whole sys.path[0] initialisation process
when I update PEP 395 to account for namespace p
Nick Coghlan added the comment:
Maciej, please read http://mjg59.dreamwidth.org/13061.html
"Secure" vs "not secure" is not a binary state - it's about making attacks
progressively more difficult. Something that is secure against a casual script
kiddie scatter gunning
Changes by Nick Coghlan :
--
status: open -> closed
___
Python tracker
<http://bugs.python.org/issue14035>
___
___
Python-bugs-list mailing list
Unsubscri
Nick Coghlan added the comment:
Can people please stop raising a false dichotomy and using that as an excuse
not to do anything?
The decision is not between "leak some information" and "leak no information".
It is between "leak more information" and "
Nick Coghlan added the comment:
To repeat, the specific feature being proposed for retention is:
* a function called hmac.total_compare() that is clearly documented as being
still vulnerable to timing analysis given a sufficiently sophisticated
attacker, while still being more resistant to
Nick Coghlan added the comment:
I'm not really opposed to writing it in C - I just don't think rewriting it in
C should be a requirement for keeping it. Even in pure Python, it still leaks
less information than the standard compariso
Nick Coghlan added the comment:
This point was discussed in #14532 when the new API was added.
>From http://bugs.python.org/issue14532#msg158045:
"""Given that this issue has affected a lot of security-sensitive third-party
code (keyczar, openid providers, almost every
Nick Coghlan added the comment:
That's why the vulnerable cases are far more likely to be related to
*signature* checking. In those you can generally provide both the hash input
(the message) and the hash target (the purported "signature").
If the signature check uses a
Changes by Nick Coghlan :
--
nosy: +ncoghlan
___
Python tracker
<http://bugs.python.org/issue15075>
___
___
Python-bugs-list mailing list
Unsubscribe:
Nick Coghlan added the comment:
FWIW, Petri's example also explains why leaking the expected length of the
string is considered an acceptable optimisation in most reimplementations of
this signature check comparison: the attacker is assumed to already know the
expected length o
Nick Coghlan added the comment:
As a first step, I'm going to make a change to:
1. Rename the function to "compare_digest"
2. Remove the support for comparing strings
3. Update the documentation to be much clearer about its limitations (including
why it's considered OK
Nick Coghlan added the comment:
As a result of the discussions on #15061, I removed unicode comparison support
altogether in f36af3766a20 (updating the warning on the hexdigest() method
accordingly).
Are folks happy to close this issue on that basis? (I'll raise the question of
a separ
Nick Coghlan added the comment:
OK, the worst aspects (the misleading name and documentation) have been dealt
with, so that leaves the questions of:
1. Avoiding leaking the length information (seems unnecessary, since most
digests are part of protocols where they have a known, published
Nick Coghlan added the comment:
(Ah, the dangers of using a real text editor for edit fields. This got rather
long, but I think it's all still relevant)
I'm persuaded that a C implementation is a good idea in the long run. However,
I *don't* think we should rush the design of
Nick Coghlan added the comment:
+1 Antoine - your patch is better than the status quo, so it makes sense to
apply it.
If Eric can make the other way work in time for 3.3, great, but at least we'll
have a solid fallback position witho
Nick Coghlan added the comment:
Looks like a solid improvement to me.
One minor naming quibble is that "FROZENLESS_LIBRARY_OBJS" hurts my brain -
would you mind switching it to something like "LIBRARY_OBJS_OMIT_FROZEN"?
--
__
New submission from Nick Coghlan :
Currently undocumented: http://docs.python.org/py3k/c-api/gen.html
Public API in a released version of Python:
http://hg.python.org/cpython/file/3.2/Include/genobject.h
--
messages: 163012
nosy: ncoghlan
priority: normal
severity: normal
status: open
Changes by Nick Coghlan :
--
assignee: -> docs@python
components: +Documentation
nosy: +docs@python
versions: +Python 3.2, Python 3.3
___
Python tracker
<http://bugs.python.org/issu
Nick Coghlan added the comment:
This is actually related to the integration between the PEP formatting tools
and the python.org build system (that is, pep2pyramid.py, rather than
genpepindex.py)
I'm inclined to close it as "won't fix" and maybe pass it to the psf-redesig
Nick Coghlan added the comment:
I left the name of the new private API as _PyGen_FetchStopIterationValue. If
anyone wants to make it public, they can raise a new issue to give it a more
appropriate name (and move the definition accordingly).
PyStopIteration_Create is simply gone, replaced by
Changes by Nick Coghlan :
--
assignee: ncoghlan ->
___
Python tracker
<http://bugs.python.org/issue13475>
___
___
Python-bugs-list mailing list
Unsubscri
Nick Coghlan added the comment:
Given the imminent 3.3 beta 1 feature freeze and the fact I would like to
explore Ron's suggestion of a higher level ByteCode object to encapsulate a
sequence of instructions (along with additional information from the code
object), postponing thi
Nick Coghlan added the comment:
I looked into the idea of treating networks as containers of interface objects
rather than addresses - it turns out it gets messy very quickly, because you
definitely want your network address and broadcast address to be ordinary
addresses, so making the host
Nick Coghlan added the comment:
OK, dropping to "deferred blocker" status, as I think the docs are now good
enough for beta 1.
We still want to get the public methods and properties for the various objects
documented during the beta period, though.
I'm not sure how best
Nick Coghlan added the comment:
Patch works for me, and looks pretty safe for other platforms.
--
___
Python tracker
<http://bugs.python.org/issue15044>
___
___
Nick Coghlan added the comment:
I committed the fix to at least get things building again, but this should
probably get a NEWS entry (since builds that would have previously used gdbm
directly will now use it in ndbm compatibility mode instead
Nick Coghlan added the comment:
Added new section to devguide in http://hg.python.org/devguide/rev/9fee8e6c2619
--
resolution: -> fixed
stage: -> committed/rejected
status: open -> closed
___
Python tracker
<http://bugs.python.or
Nick Coghlan added the comment:
Also added an FAQ with the specific ~/.gdbinit entry needed to get it running
in http://hg.python.org/devguide/rev/1d81501be702
I did try adding a similar command directly to the gdb invocation, but, as far
as I can tell, any commands specified as arguments
New submission from Nick Coghlan :
When running the test suite on Fedora 17 (and behind a couple of layers of
NAT), I see the following problems:
Intermittently: skipped "Resource 'cyrus.andrew.cmu.edu' is not available"
Consistently (with a couple of tests updated
Nick Coghlan added the comment:
I suggest a PEP for 3.4 as the best way forward for this.
--
versions: +Python 3.4 -Python 3.3
___
Python tracker
<http://bugs.python.org/issue13
New submission from Nick Coghlan :
When PEP 414 restored support for explicit Unicode literals in Python 3, the
"ur" string prefix was deemed to be a synonym for the "r" prefix.
However, "ur" in 2.x was only kinda-sorta-raw, since it still supported Unicode
e
Changes by Nick Coghlan :
--
priority: normal -> release blocker
___
Python tracker
<http://bugs.python.org/issue15096>
___
___
Python-bugs-list mailing list
Un
Nick Coghlan added the comment:
I'm expecting the "pep2pyramid.py" part to change at the very least.
However, back on topic, I actually hit the limits of my knowledge of the PEP
build process reading that script.
As near as I can tell, PEP 0 should have the same "titl
Nick Coghlan added the comment:
As near as I can tell, pep will hold the string value "0" for the PEP index,
thus the title should still be getting set. That's why I suspect a templating
difference.
--
___
Python tracker
<http
Nick Coghlan added the comment:
My current thoughts are to avoid the usual approach of embedding the method and
property definitions in the class definitions, and instead have separate
sections under [1] for
IP Addresses
IP Interfaces
IP Networks
Inside each of those sections, document the
Nick Coghlan added the comment:
That does look like it will fix the leak, but now I'm actually thinking there's
more code from type_new that should also be executed in the PyType_FromSpec
case.
I mean things like:
- ensuring __new__ is a static method
- ensuring the standard attrib
Changes by Nick Coghlan :
--
nosy: +daniel.urban
___
Python tracker
<http://bugs.python.org/issue15142>
___
___
Python-bugs-list mailing list
Unsubscribe:
New submission from Nick Coghlan :
The PEP 362 implementation has been committed, but the inspect module
documentation still needs to be updated.
--
assignee: docs@python
components: Documentation
messages: 163534
nosy: docs@python, ncoghlan
priority: deferred blocker
severity: normal
Nick Coghlan added the comment:
You're right, I was confusing what happens automatically for classes defined in
Python (i.e. the full treatment in type_new) vs those defined statically (i.e.
just the parts in PyType_Ready).
Given that PyType_FromSpec doesn't currently support i
Changes by Nick Coghlan :
--
nosy: +ncoghlan
___
Python tracker
<http://bugs.python.org/issue15146>
___
___
Python-bugs-list mailing list
Unsubscribe:
Nick Coghlan added the comment:
Attached patch implements both new functions, but I'm going to drop
getgeneratorlocals for now and move that idea to a new issue.
--
Added file: http://bugs.python.org/file26103/issue13062-combined.diff
___
P
New submission from Nick Coghlan :
Extracted from #13062, the proposal is add a simple API to inspect the local
variables of a generator with an associated frame.
--
components: Library (Lib)
messages: 163560
nosy: ncoghlan
priority: normal
severity: normal
stage: needs patch
status
Nick Coghlan added the comment:
The intended use case is for whitebox testing of generator behaviour.
--
___
Python tracker
<http://bugs.python.org/issue15
Nick Coghlan added the comment:
I created #15153 to cover getgeneratorlocals. Attached patch is just for record
keeping purposes - I'll be committing this change shortly.
--
Added file: http://bugs.python.org/file26104/issue13062-getclosurevars
Nick Coghlan added the comment:
True, I didn't follow the bouncing ball far enough. In that, case I think all
that is needed is a comment like:
"subtype_dealloc walks the MRO to call the base dealloc function, so it is OK
to block inheritance o
Nick Coghlan added the comment:
This is why I wanted to close the issue with the pure Python implementation,
and punt on the question of a C accelerator for the moment.
compare_digest is effectively the same as what all the Python web servers and
frameworks do now for signature checking. Yes
3201 - 3300 of 6301 matches
Mail list logo
