[Python-Dev] debugging test_importlib.test_bad_traverse - script status is SUCCESS - but FAIL is expected.

I read the discussion related to issue32374. That seems to be sure that other events that could cause the test to fail (i.e., the program executes successfully) are caught early, and/or ignored so that the program fails - and the test succeeds. I am having trouble figuring out why the script below

Re: [Python-Dev] Official citation for Python

Jacqueline Kazil writes: > I thought I could take two to three concrete formats and user test > there and report on how community members who would be using the > citation feel. +1 ___ Python-Dev mailing list Python-Dev@python.org https://mail.pytho

Re: [Python-Dev] SEC: Spectre variant 2: GCC: -mindirect-branch=thunk -mindirect-branch-register

Hi, Please don't cross-post so heavily. python-dev is sufficient for this. If you want to push this forward, I suggest you measure performance of Python compiled with and without the Spectre mitigation options, and report the results here. That will help vendors and packagers decide whether t

[Python-Dev] Nearly - all tests PASS for AIX

Dear all, The last two months I have spent nearly all my free time to cleanup "a frustration" - from my side - the long list of failing tests for AIX (there were nearly 20 when I started). atm - I am stuck on one - test_importlib (mail elsewhere), and the one I just finished (test_httpservers) ma

Re: [Python-Dev] SEC: Spectre variant 2: GCC: -mindirect-branch=thunk -mindirect-branch-register

I investigated this thoroughly some time ago (when the MSVC flags became available) and determined (with the help of some of the original Spectre/Meltdown investigation team) that there is no significant value in enabling these flags for Python. It boiled down to: * Python allows arbitrary cod

Re: [Python-Dev] Official citation for Python

On 2018-09-17 05:05, Jeremy Hylton wrote: I wanted to start with an easy answer that is surely unsatisfying: http://blog.apastyle.org/apastyle/2015/01/how-to-cite-software-in-apa-style.html APA style is pretty popular, and it says that standard software doesn't need to be specified. Standard s

Re: [Python-Dev] SEC: Spectre variant 2: GCC: -mindirect-branch=thunk -mindirect-branch-register

On Monday, September 17, 2018, Steve Dower wrote: > I investigated this thoroughly some time ago (when the MSVC flags became > available) and determined (with the help of some of the original > Spectre/Meltdown investigation team) that there is no significant value in > enabling these flags for P

Re: [Python-Dev] SEC: Spectre variant 2: GCC: -mindirect-branch=thunk -mindirect-branch-register

On Mon, Sep 17, 2018 at 2:58 PM Wes Turner wrote: > > I thought I read that RH has a kernel flag for userspace? > "Controlling the Performance Impact of Microcode and Security Patches for CVE-2017-5754 CVE-2017-5715 and CVE-2017-5753 using Red Hat Enterprise Linux Tunables" https://access.redhat

Re: [Python-Dev] SEC: Spectre variant 2: GCC: -mindirect-branch=thunk -mindirect-branch-register

On 17Sep2018 1158, Wes Turner wrote: On Monday, September 17, 2018, Steve Dower > wrote: I investigated this thoroughly some time ago (when the MSVC flags became available) and determined (with the help of some of the original Spectre/Meltdown investiga

Re: [Python-Dev] SEC: Spectre variant 2: GCC: -mindirect-branch=thunk -mindirect-branch-register

Hi Wes, It's great you're passionate about python security, but this is the wrong way to go about it. Spectre is inherently super subtle and confusing, so if there's something that people need to do, then we need a clear, comprehensive write-up of what the threat is and how to address it. Perhaps

Re: [Python-Dev] SEC: Spectre variant 2: GCC: -mindirect-branch=thunk -mindirect-branch-register

To summarize: - CPython may be vulnerable to speculative execution vulnerabilities, but none are known. - In general, CPython is currently too slow for speculative execution exploitation to be practical. - Sandboxed, JIT'ed JS is not too slow for speculative execution exploitation to be practica

Re: [Python-Dev] Request for review: binary op dispatch rules for subclasses

FWIW I wrote up what I recall about the issue and kicked it to the next BDFL: https://bugs.python.org/issue30140#msg325553 On Fri, Sep 14, 2018 at 6:42 PM Stephan Hoyer wrote: > Over a year ago, I made a pull request ( > https://github.com/python/cpython/pull/1325) to fix a long-standing issue >

Re: [Python-Dev] Store startup modules as C structures for 20%+ startup speed improvement?

On Sun, Sep 16, 2018 at 1:24 PM, Antoine Pitrou wrote: > I think it's of limited interest if it only helps with modules used > during the startup sequence, not arbitrary stdlib or third-party > modules. > This should help any use-case that is already using the freeze module already bundled with

[Python-Dev] [help] where to learn how to upgrade from 2.7 to 3

I am having so much fun learning python! I did not install the best version into my mac at first. Now I can't find out how to upgrade, (pip is awesome but not as conversational as I need it to be on the subject). I've downloaded the packages from python.org, installed all sorts of stuff, I configu

[Python-Dev] Late Python 3.7.1 changes to fix the C locale coercion (PEP 538) implementation

Hi Unicode and locales lovers, tl; dr Nick, Ned, INADA-san: I modified 3.7.1 to add a new "-X coerce_c_locale=value" option and make sure that the C locale coercion cannot be when Python in embedded: are you ok with these changes? Before 3.7.0 release, during the implementation of the UTF-8 Mode

Re: [Python-Dev] Late Python 3.7.1 changes to fix the C locale coercion (PEP 538) implementation

On Sep 17, 2018, at 21:20, Victor Stinner wrote: > tl; dr Nick, Ned, INADA-san: I modified 3.7.1 to add a new "-X > coerce_c_locale=value" option and make sure that the C locale coercion > cannot be when Python in embedded: are you ok with these changes? > > > Before 3.7.0 release, during the im

Re: [Python-Dev] [help] where to learn how to upgrade from 2.7 to 3

Python-dev is for development *of* Python, not *in* Python! You want python-list instead. Also, make sure you include some full example code where the error occurs and what exactly is failing. Right now, it's hard for me to tell what exactly is going on... On Mon, Sep 17, 2018, 8:21 PM Avery Rich

Re: [Python-Dev] SEC: Spectre variant 2: GCC: -mindirect-branch=thunk -mindirect-branch-register

I believe this is the article Wes wanted to link to: https://www.thomas-krenn.com/en/wiki/Safety_instructions_for_Meltdown_and_Spectre On Mon, Sep 17, 2018 at 6:10 PM Wes Turner wrote: > > To summarize: > > - CPython may be vulnerable to speculative execution vulnerabilities, but > none are know

Re: [Python-Dev] SEC: Spectre variant 2: GCC: -mindirect-branch=thunk -mindirect-branch-register

On Tue, Sep 18, 2018 at 7:08 AM Wes Turner wrote: > > To summarize: > > - CPython may be vulnerable to speculative execution vulnerabilities, but > none are known. > - In general, CPython is currently too slow for speculative execution > exploitation to be practical. > - Sandboxed, JIT'ed JS i