Has anyone published a web page or wiki page about what's great about
Python 3.x?
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/archiv
On Jan 23, 2014, at 10:09 PM, Donald Stufft wrote:
>
> On Jan 23, 2014, at 10:06 PM, Stephen J. Turnbull wrote:
>
>> Wes Turner writes:
But if it's only the already security-conscious developers and
managers who go WTF?, and other environments don't do this by default,
I'd cons
On Jan 23, 2014, at 10:06 PM, Stephen J. Turnbull wrote:
> Wes Turner writes:
>>> But if it's only the already security-conscious developers and
>>> managers who go WTF?, and other environments don't do this by default,
>>> I'd consider that a "dangerous curve, slow down" sign.
>>
>> Mitigation
Wes Turner writes:
> > But if it's only the already security-conscious developers and
> > managers who go WTF?, and other environments don't do this by default,
> > I'd consider that a "dangerous curve, slow down" sign.
>
> Mitigations:
>
> **Packaging**
>
> * Upgrade setuptools (dist
On 1/23/2014 12:22 PM, Serhiy Storchaka wrote:
Currently there is a mismatch between documented parameter names in some
methods of regex pattern object.
match(), search(), and fullmatch() (the last was added in 3.4) document first
arguments as "string":
match(string[, pos[, endpos]])
search(str
On 01/22/2014 05:16 AM, M.-A. Lemburg wrote:
On 22.01.2014 13:43, Jesse Noller wrote:
Donald is perfectly right: today, it's trivial to MITM an application
that relies off of the current behavior; this is bad news bears for
users and developers as it means they need domain knowledge to secure
On 01/22/2014 04:15 AM, Donald Stufft wrote:
As I’ve said multiple times, I think it’s fine to send it through the
deprecation process which is still pretty long and gives people
a good chunk of time to update.
Agreed.
--
~Ethan~
___
Python-Dev mail
Currently there is a mismatch between documented parameter names in some
methods of regex pattern object.
match(), search(), and fullmatch() (the last was added in 3.4) document first
arguments as "string":
match(string[, pos[, endpos]])
search(string[, pos[, endpos]])
fullmatch(string[, pos[,
> But if it's only the already security-conscious developers and
> managers who go WTF?, and other environments don't do this by default,
> I'd consider that a "dangerous curve, slow down" sign.
Mitigations:
**Packaging**
* Upgrade setuptools (distribute, zc.buildout)
* Avoid easy_install, p
On 2014-01-22 9:33 AM, Donald Stufft wrote:
> For everything but pip, you’d add it to your OS cert store. Pip doesn’t
> use that so you’d have to use the —cert config.
> What if I don't want that self-signed cert to be trusted by all users on
the system?
Specify a client cert and an appropriate C
On Thu, 23 Jan 2014 06:02:18 +
Kristján Valur Jónsson wrote:
>
> If not already possible, I suggest that we allow the use of a certificate
> validation callback
> (it isn't possible for 2.7, I just hacked in one yesterday to allow me to
> ignore out-date-failure for certificates.)
> Using t
On Thu, 23 Jan 2014 01:45:15 -0500
Scott Dial wrote:
>
> Anecdotally, I already know of a system at work that is using HTTPS
> purely for encryption, because the authentication is done in-band. So, a
> self-signed cert was wholly sufficient. The management tools use a
> RESTful interface over HTT
On 23 January 2014 22:41, "Martin v. Löwis" wrote:
> Am 23.01.14 07:45, schrieb Scott Dial:
>> Anecdotally, I already know of a system at work that is using HTTPS
>> purely for encryption, because the authentication is done in-band. So, a
>> self-signed cert was wholly sufficient. The management t
Am 23.01.14 07:45, schrieb Scott Dial:
> Anecdotally, I already know of a system at work that is using HTTPS
> purely for encryption, because the authentication is done in-band. So, a
> self-signed cert was wholly sufficient. The management tools use a
> RESTful interface over HTTPS for control, bu
Donald Stufft writes:
> As an additional side note, anecdotal evidence and what not, but
> *every* time I bring this up somewhere I get at least one reply
> that looks similar to
> https://twitter.com/ojiidotch/status/425986619879866368
Hey, wait a cotton-picking minute!
Are you telling me t
Cory Benfield writes:
> I'm overwhelmingly, dramatically +1 on this. There's no good
> architectural reason to not use the built-in certificate chains by
> default. I'd like to be in favour of backporting this change to earlier
> Python versions as well, but it feels just a bit too aggressive.
16 matches
Mail list logo
