Hi,
this just came in. According to Zachary all Windows builds use 1.0.2c.
The version is vulnerable to a critical bug in the CA validation code of
OpenSSL. The bug can be abused to turn any valid server certificate into
a CA cert.
We should consider a security release of Python ASAP.
Alternat
On 2015-07-09 15:29, Christian Heimes wrote:
> Hi,
>
> this just came in. According to Zachary all Windows builds use 1.0.2c.
> The version is vulnerable to a critical bug in the CA validation code of
> OpenSSL. The bug can be abused to turn any valid server certificate into
>
.org/mailman/options/python-dev/brett%40python.org
>>
>>
>> ___
>> Python-Dev mailing list
>> Python-Dev@python.org
>> https://mail.python.org/mailman/listinfo/python-dev
>> Unsubscribe:
>> https://mail.python.org
On 2015-11-17 01:00, Guido van Rossum wrote:
> Hm, making Christian the BDFL-delegate would mean two out of three
> authors *and* the BDFL-delegate all working for Red Hat, which clearly
> has a stake (and IIUC has already committed to this approach ahead of
> PEP approval). SO then i
On 2015-11-24 01:18, Nick Coghlan wrote:
> On 24 November 2015 at 05:35, Christian Heimes wrote:
>> On 2015-11-17 01:00, Guido van Rossum wrote:
>>> Hm, making Christian the BDFL-delegate would mean two out of three
>>> authors *and* the BDFL-delegate all working
On 2015-11-24 00:47, Nick Coghlan wrote:
> Updated version of the PEP posted: https://hg.python.org/peps/rev/8decac213ebf
>
> On 24 November 2015 at 05:35, Christian Heimes wrote:
>> 1) The example implementation of the function doesn't check the
>> sys.flags.igno
tems nobody's cared about since a year that
> started with a '1'?
The platform module has more hilarious comments:
Still needed:
* more support for WinCE
* support for MS-DOS (PythonDX ?)
* support for Amiga and other still unsupported platforms running Python
Christian
__
is local to the current thread. You can simply
use a fixed key like in Modules/_decimal/_decimal.c.
Christian
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mai
w to add a threadlocal value to either the interpreter
>> state or the threadlocal dict that is part of that state, and then how to
>> access the same value from both Python and CPython code. The structs were
>> there but it was just hard to understand. Can someone explain it to me
/ SHAKE: https://bugs.python.org/issue16113
BLAKE2: https://bugs.python.org/issue26798
SHA512/224 / SHA512/256: https://bugs.python.org/issue26834
I like to push the patches during the sprints at PyCon. Please assist
with reviews.
Regards,
Christian
; and analyzed by many teams all around the world. Obvious vulnerabilities
> are quickly found.
Thanks Victor,
minor correction, BLAKE was a finalist in the SHA3 competition, not
BLAKE2. BLAKE2 is an improved version of BLAKE2 with additional features.
Christian
__
On 2016-05-27 03:54, M.-A. Lemburg wrote:
> On 27.05.2016 06:54, Raymond Hettinger wrote:
>>
>>> On May 25, 2016, at 3:29 AM, Christian Heimes wrote:
>>>
>>> I have three hashing-related patches for Python 3.6 that are waiting for
>>> review.
le of additional releases. We can
drop our own SHA3 code as soon as all supported OpenSSL versions have SHA3.
For example when OpenSSL 1.2.0 is going to have SHA3 support, we must
wait until OpenSSL 1.1 and 1.0.2 are no longer supported by OpenSSL.
Christian
__
On 2016-05-27 14:41, M.-A. Lemburg wrote:
> On 27.05.2016 22:58, Ryan Gonzalez wrote:
>> On May 27, 2016 3:04 PM, "Victor Stinner" wrote:
>>>
>>> Le vendredi 27 mai 2016, M.-A. Lemburg a écrit :
The current patch is 1.2MB for SHA-3 - that's pretty heavy for just
a few hash function
On 2016-05-28 14:06, Guido van Rossum wrote:
> But you could choose which implementation to use at compile time based
> on the autoconf output, right?
We compile all modules and then let hashlib decide which implementation
is used. hashlib prefers OpenSSL but falls back to our builtin modules.
For
On 2016-05-28 14:06, Brett Cannon wrote:
> We can always make the test vector file an external download like we do
> for some of the codec tests.
That is actually a great idea! :)
Thanks Brett
___
Python-Dev mailing list
Python-Dev@python.org
https://m
is
> discovered then the only maintenance needed will be to delete the
> current impl and drop-in whatever the new fixed one is.
>
> So +1 to adding SHA-3 and BLAKE to algorithms_guaranteed.
Thanks Nathaniel,
my patches don't add SHA3 and BLAKE2 to algorithms_guaranteed because
Python still suppor
On 2016-05-28 23:51, Victor Stinner wrote:
> Python 3.5 requires a 64 bit signed integer to build. Search for _PyTime
> type in pytime.h ;-)
Awesome! Thanks :)
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/py
lace
header guards (e.g. #ifndef Py_PYTHON_H) with #pragma once
Christian
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
nally we tried to keep
backwards compatibility with older compiler versions. The new features
are tempting enough to deprecate compiler versions that have been
released more than five years ago.
Christian
___
Python-Dev mailing list
Python-Dev@python.org
h
On 2016-06-04 11:59, Guido van Rossum wrote:
> As long as we don't require extension module authors to use them --
> they may have their own compatibility requirements.
On Windows extension modules must be compiled with a specific version of
MSVC any way. For Python 3.6 VS 2015 or newer is a hard
On 2016-06-04 12:07, Guido van Rossum wrote:
> I'm talking about 3rd party extensions. Those may require source
> compatibility with older Python versions. All I'm asking for is to not
> require source-level use of C99 features. Of course requiring a
> specific compiler to work with specific CPytho
On 2016-06-02 11:32, benjamin.peterson wrote:
> https://hg.python.org/cpython/rev/4a9159ea2536
> changeset: 101601:4a9159ea2536
> user:Benjamin Peterson
> date:Thu Jun 02 11:30:18 2016 -0700
> summary:
> replace custom validation logic in the parse module with a simple DFA
> v
oaches to handle trust settings with OpenSSL
means. Eventually MAL had to split up the bundle into multiple files for
each purpuse, see
http://www.egenix.com/company/news/eGenix-pyOpenSSL-Distribution-0.13.2.1.0.1.5.html
We should *really* write a PEP about it, specify all details and get a
proper r
Am 19.10.2013 14:54, schrieb Antoine Pitrou:
> On Sat, 19 Oct 2013 14:25:28 +0200 (CEST)
> christian.heimes wrote:
>>
>> - .. note:: A fast implementation of *pbkdf2_hmac* is only available with
>> - OpenSSL 1.0 and newer. The Python implementation uses an inline
>> - version of :mod
Am 19.10.2013 16:14, schrieb Nick Coghlan:
> At the very least, it would be good if you and/or MAL could review
> the cert verification in pip. PEP 453 makes that kinda important
> :)
Where can I find the code for PEP 453?
___
Python-Dev mailing list
Py
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am 19.10.2013 16:59, schrieb Nick Coghlan:
> It's the cert verification in pip that's relevant - the PEP was
> updated so that ensurepip itself never talks to the internet. So I
> guess that would mean checking the cert verification in pip's
> vend
org/all/builders/AMD64%20Snow%20Leop%203.x/builds/204/steps/compile/logs/stdio
Thanks Nick!
Actually it was http://hg.python.org/cpython/rev/0a26ef834a49. The fix
in http://hg.python.org/cpython/rev/88fac1574049 should have taken care
of the issue.
Sorry for the noise, I
Am 19.10.2013 16:59, schrieb Antoine Pitrou:
> But that's a fringe situation. Any normal build of Python should be
> compiled with OpenSSL support (and any decent binary build is). I think
> the mention in the docs is distracting and will create pointless
> uncertainty in the reader.
HMAC_CTX_copy
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Am 19.10.2013 20:04, schrieb Victor Stinner:
> Does Python officially support opsenssl < 1.0? Which OS uses such
> old version?
>
> On Windows, Python embeds its own copy of openssl for example.
Mac OS X has only OpenSSL 0.9.8 and will not receive
sers
have promised to contribute doc improvements soonish.
AFAIK stat caching and a os.listdir() generator with stat `recycling`
(dirent->d_type) are open issues. I suggest Python 3.4 should ignore
these features for now but prepare the API and documentation for future
e
e it with security note in the ssl module,
os.fork() and release notes.
If you are using fork() and the ssl module in the same application then
you must re-seed the PRNG with ssl.RAND_add() every now and then.
Christian
___
Python-Dev mailing lis
Am 24.10.2013 13:36, schrieb Victor Stinner:
> IMO the best place to fix the bug is in OpenSSL directly: RAND_bytes()
> function of OpenSSL can detect a fork using getpid() and add more
> entropy (in the child or maybe in the parent process). OpenSSL has
> access to entropy sources and knows all mu
Am 26.10.2013 20:58, schrieb benjamin.peterson:
> http://hg.python.org/cpython/rev/4913d0e9be30
> changeset: 86665:4913d0e9be30
> branch: 2.7
> tag: v2.7.6rc1
> user:Benjamin Peterson
> date:Sat Oct 26 14:57:21 2013 -0400
> summary:
> 2.7.6rc1
We need to solve htt
Am 31.10.2013 15:48, schrieb MRAB:
> Has anybody here heard about this, and, if so, is it anything we should
> be thinking about:
>
> How your compiler may be compromising application security
> http://www.itworld.com/security/380406/how-your-compiler-may-be-compromising-application-security
http
cation-security
>
I didnt' see this at first:
STACK was run against a number of systems written in C/C++ and
it found 160 new bugs in the systems tested, including ...
and Python (5).
Has anybody contact us? I neither saw a bug report nor a m
n top of the current code and
PEP 247 API with mandatory length arguments for digst() and hexdigest().
Christian
[1]
http://bristolcrypto.blogspot.de/2013/08/ches-invited-talk-future-of-sha-3.html
[2] http://keccak.noekeon.org/
___
Python-Dev mailing l
SL certs anyway, although some do not correctly handle the certs'
purposes. I have working code for Windows' cert system store that will
land in 3.4. Native Mac OS X hasn't been addressed yet. AIX, HP-UX,
Solaris etc. don't come with CA certs.
Christian
___
d use SPKI
certdigest = sha1(sslsock.getpeercert(True)).digest()
if hostname == "my.host.name" and certdigest == b"abcdef...":
return True
do_other_check(sslsock, hostname)
ctx = SSLContext(PROTOCOL_TLSv1, check_cert_cb)
ctx.verify_mode = CERT_NONE
to CERT_REQUIRED, regardless of the mode configured on
> the wrapped socket.
I don't want to create more confusion between verify_mode and the new
feature, so I didn't use the term "verify" in the method name. Do you
have a good idea for a better name that does not contain ver
---
barrys_special_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
barrys_special_context.load_cert_chain(cert_file, key_file)
con = HTTPSConnection(host, port, barrys_special_context)
With my proposed new option for SSLContext() you also gain full control
over hostname matching and extr
Somehow your mail didn't end up on Python-dev
Am 08.11.2013 00:38, schrieb Nick Coghlan:
> In that case, it sounds like you need *two* new options rather than
> one. "verify_hostname", with the None/True/False behaviour and a
> separate postverify hook.
Mmmh, yes, you are making an intriguing poi
he callback can return a true
value in order to skip hostname matching.
>> The **kwargs make it possible to pass data from the caller of
>> check_cert() to the callback function of the SSLContext instance.
>
> Well, I think such explicit "user data" needn't exist in P
xplicit subset of system services to its apps.
On Linux seccomp may be a feasible way to prevent syscalls. Seccomp
basically can limit the capability of a thread so it can no longer do
certain syscalls. Chrome uses it for sandboxing.
Christian
___
Pyth
ource/browse/trunk/src/libraries/python/nacl.patch
looks rather small and simple. Some of the hacks may not be required in
Python 3.4, too. I'd love to have PNaCl support in Python 3.4!
Christian
___
Python-Dev mailing list
Python-Dev@python.org
htt
Am 15.11.2013 19:07, schrieb jason.coombs:
> http://hg.python.org/cpython/rev/b9c9c4b2effe
> changeset: 87119:b9c9c4b2effe
> user:Andrew Kuchling
> date:Fri Nov 15 13:01:52 2013 -0500
> summary:
> Issue #19544 and Issue #6516: Restore support for --user and --group
> parameter
completely to
provide a better solution.
I appreciate very much that Victor tried his best to fill that old gap.
And after
that breakage happened again, I think it is urgent to have an in-depth
discussion how that
situation should be treated in the future.
--
Christian Tismer
python'
would make sense. And I'm asking the people with better knowledge of
these matters
than I have. (and not asking those who don't... ;-) )
cheers -- Chris
--
Christian Tismer :^) <mailto:tis...@stackless.com>
Software Consulting : Have a brea
Am 20.11.2013 11:07, schrieb Nick Coghlan:
> Christian has indicated he now considers PEP 456, which adds an updated
> and configurable hash algorithm ready for pronouncement
> (http://www.python.org/dev/peps/pep-0456/)
>
> I am happy the PEP and the associated implementat
Am 20.11.2013 12:41, schrieb Victor Stinner:
> 2013/11/20 Victor Stinner :
>> It looks like dict, set and frozenset representation (repr(...))
>> now depends on the platform (probably 32 bit vs 64 bit), even if
>> PYTHONHASHSEED is set. I don't know if it's an issue or not.
>
> In Python 3.3, rep
the "Python 2.8" namespace never will clash
with CPython?
And if not, what do you suggest then?
It will be submitted by end of November, thanks for your quick responses!
all the best -- Chris
--
Christian Tismer :^) <mailto:tis...@stackless.com>
Software Consulting
nloadable and installable Python 2.8 that would
be incompatible with extensions compiled in Pypi would be tough. and I
doubt it could even be done without making your project look bad on
the process.
Can't you just mark it as "visual studio 2010" version instead?
js
-><-
Hey Barry,
On 20.11.13 23:30, Barry Warsaw wrote:
On Nov 20, 2013, at 09:52 PM, Christian Tismer wrote:
Many customers are forced to stick with Python 2.X because of other products,
but they require a Python 2.X version which can be compiled using Visual
Studio 2010 or better. This is
Yes Paul,
On 20.11.13 23:15, Paul Moore wrote:
On 20 November 2013 22:04, Christian Tismer wrote:
My question is not answered at all, sorry Joao!
I did not ask a teacher for his opinion on Stackless, but the community
about the
validity of pep 404.
I don't want a python 2.7 that doe
ark for
> any association with an unofficial 2.8.
Yes, please don't use a name that contains both the strings "Python" and
"2.8". It's going to create lots and lots of confusion. I strongly urge
you to call it "Stackless 2.8" or something similar.
C
Am 21.11.2013 18:57, schrieb Tim Peters:
> Best to change the failing tests. For example, _they_ can sort the
> dict keys if they rely on a fixed order. Sorting in general is a
> dubious idea because it can be a major expense with no real benefit
> for most uses.
I don't consider repr() as a per
On 21/11/13 19:59, Ethan Furman wrote:
On 11/21/2013 10:53 AM, Christian Tismer wrote:
So even if VS2010 exists only in the stackless branch, it is very likely
to get used as CPython VS 2010, and I again have the naming problem ...
What's wrong with calling it CPython VS 2010? And Stac
On 22.11.13 00:53, Antoine Pitrou wrote:
On Thu, 21 Nov 2013 18:43:37 -0500
Barry Warsaw wrote:
On Nov 21, 2013, at 06:36 PM, Terry Reedy wrote:
As usual, 'I am not a lawyer', but if Christian wants to push forward with
using 'Python 2.8', I suggest that he consu
ction will either
crash or not work properly with mixed CRTs. Every CRT has its own errno
TLS, so Python won't see the errno of a CRT100 function like open(2),
see http://bugs.python.org/issue15883 .
I don't understand how a stable Python ABI solves the issue of unstable
CRT ABIs. Are you
On 21/11/13 22:13, Glenn Linderman wrote:
On 11/21/2013 12:23 PM, Christian Tismer wrote:
Maybe I would generate a cpython and spython exe and support them
both in the same distribution?
That sounds cool, if possible.
Hooka Hooka!
Let's see if the nightmares agree :-)
--
Christian T
now for just that.
What I want is a workable CPython path for some customer (!=CCP) to use
for the next (maybe 5) years, and I want to build that now, for good.
I think you have helped me incredibly much, and we need to talk in private.
Cheers -- Chris
--
Christian Tismer :^) <mailt
epr()
must sort its dict keys.
Christian
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
back-door,
and we cannot shut our eyes and pretend "hey it is Stackless",
because that is admittedly close to a fraud.
So even if VS2010 exists only in the stackless branch, it is very likely
to get used as CPython VS 2010, and I again have the naming problem ...
ething different
when going out to the mailing list? Or maybe there is a filter in the
brains?
If one removes the word "Stackless" everywhere, the above text reads
still almost syntactic correctly, but changes it's meaning a lot.
--
Christian Tismer :^) <mailto:tis.
months old
bug report: http://bugs.python.org/issue15206 The uuid module needs a
fork() aware random instance like the tempfile module.
Christian
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubsc
patibility.
Python 3.4 comes with a new function ssl.create_default_context() that
returns a new context with best practice settings and loaded root CA
certs. The settings are TLS 1.0, no weak and insecure ciphers (no MD5,
no RC4), no compression (CRIME attack), CERT_REQUIRED an
t call last):
File "", line 1, in
ValueError: Cannot set verify_mode to CERT_NONE when check_hostname is
enabled.
It's only a limitation of the Python API, getpeercert() returns {} for
an unverified cert. OpenSSL can still returns the cert, though.
Christian
_
Any limitation can be lifted for 3.5 but we can't
make it more restrict in future versions.
And there is ssl.create_default_context(), too. It creates a context
with all security-related bits flipped on.
Christian
___
Python-Dev mailing list
Python-De
Am 30.11.2013 23:16, schrieb Guido van Rossum:
> Sounds good.
>
> Is another change for asyncio needed?
Yes, but just a small one. The match_hostname() call in
selector_events is no longer required in 3.4.
Christian
___
Python-Dev mailing li
8 proposes an idea that
> Daniel Stutzbach originally came up with where we could use __atribute__
> (behind a nicer macro) to help detect refleaks on PyObject* stack
> variables. Would __attribute__ usage be okay in that situation?
+1, too.
Christian
___
missing some vital header files. Please run:
# apt-get build-dep python3.3
to install all required dependencies.
Christian
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
odule. The subprocess makes it a
little bit more complicated to test its behavior.
Christian
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/pytho
when I try manually, the connection times out.
Are you running the VM on Windows? I've seen similar issues on Windows
and Windows as host platform for VMs:
http://bugs.python.org/issue19919
Christian
___
Python-Dev mailing list
Python-Dev@pyth
nd new tests are not new
feature so you are always allowed to add new tests or fix existing tests.
Christian
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/ma
On 16.01.2014 16:57, Guido van Rossum wrote:
> Because somehow you can't have a slot named __doc__ *and* a docstring
> in the class. Try it. (I tried to work around this but didn't get very
> far.)
That's true for all class attributes. You can't have a slot and a class
attribute at the same time.
t's possible to do that with an environment
variable, too. But I recommend against the environment variable because
you may overwrite to operating store.
Christian
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mai
On 22.01.2014 14:55, Donald Stufft wrote:
> As an additional side note, anecdotal evidence and what not, but
> *every* time I bring this up somewhere I get at least one reply
> that looks similar to
> https://twitter.com/ojiidotch/status/425986619879866368
Yeah :(
The ssl module documentation h
On 22.01.2014 14:24, Nick Coghlan wrote:
> On 22 January 2014 23:19, Antoine Pitrou wrote:
>> On Wed, 22 Jan 2014 05:30:40 -0500
>> Donald Stufft wrote:
>>> I would like to propose that a backwards incompatible change be
>>> made to Python to make verification of hostname and certificate
>>> chai
nd
the other crypto guys as soon as I have settled in with my new job and town.
Christian
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
) I proposed to deprecated implicit SSL
context, unverified certs and unverified hostnames all together. But I
was voted down. Donald made a similar attempt half an year ago, too.
Can't we just mark these things as pending deprecated in Python 3.4 so
people start fixing their code *now*?
Chri
On 22.01.2014 15:36, Donald Stufft wrote:
> Last time I tried the reasoning was that Python couldn’t ship root certs
> and we couldn’t get to the OS certs everywhere. Thanks to you this
> is fixed now, so “once more unto the breach”.
The Windows situation is still not perfect, though. I'd love to
ls, not
> just HTTPS (the latter can be handled relatively easily using the
> requests module).
Please count me in!
I see two options to handle Python < 3.4: backport the ssl module or
hope that the "cryptography" library is ready.
Christian
__
On 25.01.2014 10:58, serhiy.storchaka wrote:
> http://hg.python.org/cpython/rev/d4099b8a7d0f
> changeset: 88687:d4099b8a7d0f
> user:Serhiy Storchaka
> date:Sat Jan 25 11:57:59 2014 +0200
> summary:
> Issue #20133: The audioop module now uses Argument Clinic.
>
> files:
> Mod
contain the fix (not verified
yet). Python 2.7 to 3.2 will need a security release, though.
Regards
Christian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJTDEi1AAoJEMeIxMHUVQ1FdAwP/j36bioIzz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 25.02.2014 15:41, Benjamin Peterson wrote:
> I'm not sure why you think it wasn't sent to security@
> https://mail.python.org/mailman/private/psrt/2014-January/001297.html
Because
>
I can't find the mail in my inbox. Perhaps it fell victim to
p
But I don't want it to sound like an advert... Suggestions?
Christian
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
ps://mail.python.org/mailman/listinfo/python-dev)
>>
>
> Unless you're offering all the core-devs free robots. In which case it's
> fine.
Sounds like a good deal to me. :) Can the NAO bot do The Silly Walk
(tm), too? I'm even willing to film and upload movies of
never been properly fixed,
> AFAICT)
True, you may blame me for the situation. Only a handful of people were
interested in the XML issues. I ran out of steam and moved to more sapid
topics, too.
Christian
___
Python-Dev mailing list
Pyth
On 23.03.2014 02:33, Brett Cannon wrote:
> Now I have been reading this thread on my phone and I only have cursory
> understanding of what failure ssl has had as of late, so this might be
> stupid, but what if in Python 3.5 we made it so people passed in an
> explicit SSL object into the relevant A
On 24.03.2014 23:51, Andrew M. Hettinger wrote:
> I thought I'd wait until the 3.4 release before I bothered asking about
> this: http://bugs.python.org/issue20469
>
> I don't think I'm qualified to actually be writing code for the ssl
> module, but is there anything else that I can do to help?
>
. AFAIK the new person in
charge for Windows 2.7 builds just need the certificate to sign the
installer.
Christian
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.or
ot;arguments may be
destroyed by default".
What do you think? Is this bad style and should be noticed somewhere,
or is the caller supposed to protect the arguments, or are my worries
useless?
Thanks & cheers -- Chris
--
Christian Tismer :^) <mailto:tis...@stackless.c
r, and the whole reasoning chain
was pointless, therefore.
Thanks and cheers - Chris
> On Thu, Apr 10, 2014 at 10:12 PM, Christian Tismer
> wrote:
>
>> Hi guys,
>>
>> I tried to find advice for hours, but failed so fer, so here is my
>> question:
>>
>&g
Thank you too, Tres.
Somehow I had a brain shortcut and forgot that
the dict is locally generated, *because* of the stars.
Good to become adjusted and restarted, sorry about the noise.
ciao - Chris
On 11/04/14 05:48, Tres Seaver wrote:
> On 04/10/2014 10:12 PM, Christian Tismer wrote:
>
Hi Chris,
On 11/04/14 21:50, Chris Barker wrote:
> On Thu, Apr 10, 2014 at 7:12 PM, Christian Tismer wrote:
>
>> Then I rather often see things like this:
>>
>> class someclass(object):
>> # note that there is no comment about argument destruction...
>>
On 12.04.14 01:55, Ethan Furman wrote:
> On 04/11/2014 02:01 PM, Christian Tismer wrote:
>>
>> I have these style problems with several modules that I am reluctant to
>> use, therefore. I know that I'm pretty alone with that.
>
> You are not alone in that.
Funny n
van Rossum (python.org/~guido <http://python.org/%7Eguido>)
>
>
> ___
> Python-Dev mailing list
> Python-Dev@python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe:
> https://mail.python.org/mailman/opt
several unnecessary imports by
rearranging some code. AFAIK imports on OSX haven't been optimized yet.
On Linux I get:
$ ./python -c "import sys; print(len(sys.modules))"
34
$ ./python -S -c "import sys; print(len(sys.modules))"
22
Brett, are you an OSX developer? :)
Christian
On 16/04/14 16:35, Antoine Pitrou wrote:
> On Wed, 16 Apr 2014 09:39:34 +0200
> Christian Tismer wrote:
>>
>> I think in cases like hg command line scripts there is no need
>> to import site just for hg scripts.
>
> If you don't import site you won't be
10%), but my
> management at least is very supportive of my participation and keen to
> keep Python running well.
>
Very nice, great to read this.
Welcome from me as well!
cheers - Chris
--
Christian Tismer :^) tis...@stackless.com
Software Consulting : http://www.st
101 - 200 of 1220 matches
Mail list logo
