date:20100623


Mark Dickinson  added the comment:

Ah; sorry for misunderstanding.  Thanks for the explanation, Terry!

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9025] Non-uniformity in randrange for large arguments.

2010-06-23 Thread Raymond Hettinger


Raymond Hettinger  added the comment:

FWIW, here are two approaches to getting an equi-distributed version of 
int(n*random()) where 0 < n <= 2**53.  The first mirrors the approach currently 
in the code.  The second approach makes fewer calls to random().

def rnd1(n):
assert 0 < n <= 2**53
N = 1 << (n-1).bit_length()
r = int(N * random())
while r >= n:
r = int(N * random())
return r

def rnd2(n, N=1<<53):
assert 0 < n <= N
NN = N - (N % n) + 0.0  # largest multiple of n <= N
r = N * random()# a float with an integral value
while r >= NN:
r = N * random()
return int(r) % n

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9046] Python 2.7rc2 doesn't build on Mac OS X 10.4

2010-06-23 Thread Ronald Oussoren


Ronald Oussoren  added the comment:

That (/usr/local/src) explains why I haven't been able to reproduce the 
problem, that worried me a little.

W.r.t. to the SDK:

1) You don't have to use an SDK: use 

 configure --enable-universalsdk=/  MACOSX_DEPLOYMENT_TARGET=10.5

  (or whatever target you wish to support)

2) The SDK should only affect system files, that is anything in /System
   and /usr (except for /usr/local). /Library is not part of the SDK
   and is not affected by SDK settings.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9046] Python 2.7rc2 doesn't build on Mac OS X 10.4

2010-06-23 Thread Marc-Andre Lemburg

Marc-Andre Lemburg  added the comment:

Ronald Oussoren wrote:
> 
> Ronald Oussoren  added the comment:
> 
> That (/usr/local/src) explains why I haven't been able to reproduce the 
> problem, that worried me a little.
> 
> W.r.t. to the SDK:
> 
> 1) You don't have to use an SDK: use 
> 
>  configure --enable-universalsdk=/  MACOSX_DEPLOYMENT_TARGET=10.5
> 
>   (or whatever target you wish to support)

Well, we want to build universal binaries, so we do need the SDK.

> 2) The SDK should only affect system files, that is anything in /System
>and /usr (except for /usr/local). /Library is not part of the SDK
>and is not affected by SDK settings.

Sorry, I should have written /System/Library/. You find Tcl
in /System/Library, but not in
/Developer/SDKs/MacOSX10.4u.sdk/System/Library/

Anyway, this doesn't appear to matter, since setup.py picks up the
files from a different dir: /System/Library/Frameworks/Tk.framework
and that is included in the SDK.

As I said: The fix makes the build work, so it's good enough for
now. In the future all this may will have to be revisited.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9025] Non-uniformity in randrange for large arguments.


Mark Dickinson  added the comment:

Either of these looks good to me.

If the last line of the second is changed from "return int(r) % n" to "return 
int(r) // (N // n)" then it'll use the high-order bits of random()  instead of 
the low-order bits.  This doesn't matter for MT, but might matter for 
subclasses of Random using a different underlying generator.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue7900] posix.getgroups() failure on Mac OS X

2010-06-23 Thread Ronald Oussoren


Ronald Oussoren  added the comment:

Wrt. non-gcc compilers: we do need to worry about those (there have been 
bugreports in the past about using the Intel compiler), but those compilers 
still have to be able to process system headers and Martin's patch basicly adds 
the definition from the system headers to posixmodule.c.

As mentioned on python-dev I'm still not happy about reverting to the previous 
behavior.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue8930] messed up formatting after reindenting

2010-06-23 Thread Stefan Krah


Stefan Krah  added the comment:

Patch for ceval.c. If you agree with the macro indentation (starting
in line 815) I can commit it and port it to the other branches.

--
keywords: +patch
nosy: +skrah
Added file: http://bugs.python.org/file17752/trunk-ceval-indent.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9059] Backwards compatibility

2010-06-23 Thread Raven Demeyer


New submission from Raven Demeyer :

Python 3 is not backwards compatible with Python 2.

Example:
Python 2: print 'foo'
Python 3: print(bar)

Problem:
Code written for Python during version 2 cannot be used/compiled in version 3

Solution:
Just like any decent self-respecting programming language, add backwards 
compatibility.

--
components: Regular Expressions
messages: 108444
nosy: Raven
priority: normal
severity: normal
status: open
title: Backwards compatibility
type: compile error
versions: Python 3.1

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9060] Python/dup2.c doesn't compile on (at least) newlib

2010-06-23 Thread Torne Wuff


New submission from Torne Wuff :

On systems without dup2(), Python tries to compile its own from Python/dup2.c, 
but this file refers to close() without including unistd.h. This causes it to 
not compile with newlib (and possibly other C libraries, presumably it was 
relying on fcntl.h indirectly including it?).

This is probably true of all older versions as well, but Python 2.x doesn't 
appear to actually bother to compile dup2.c even if the system lacks dup2, so 
it doesn't actually cause a build error there.

(building python for a semi-freestanding environment is "fun")

--
components: Interpreter Core
files: fix_dup2.patch
keywords: patch
messages: 108445
nosy: torne
priority: normal
severity: normal
status: open
title: Python/dup2.c doesn't compile on (at least) newlib
type: compile error
versions: Python 3.1
Added file: http://bugs.python.org/file17753/fix_dup2.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9059] Backwards compatibility

2010-06-23 Thread Amaury Forgeot d'Arc


Amaury Forgeot d'Arc  added the comment:

as stated in
http://www.python.org/download/releases/3.1.2/
python 3 is designed to be backwards incompatible.

I suggest you to follow the link "Conversion tool for Python 2.x code".

--
nosy: +amaury.forgeotdarc
resolution:  -> invalid
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9059] Backwards compatibility

2010-06-23 Thread STINNER Victor


STINNER Victor  added the comment:

> Code written for Python during version 2 cannot be 
> used/compiled in version 3

Use 2to3 script to convert your Python2 program to Python3. More information at:
http://docs.python.org/py3k/whatsnew/3.0.html#porting-to-python-3-0

--
nosy: +haypo

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9059] Backwards compatibility

2010-06-23 Thread Ezio Melotti


Ezio Melotti  added the comment:

Python 2 is also forward compatible with several Python 3 features, for example:

>>> from __future__ import print_function
>>> print('foo')
foo

--
components:  -Regular Expressions
nosy: +ezio.melotti
stage:  -> committed/rejected

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue8254] write a configure command

2010-06-23 Thread Éric Araujo


Éric Araujo  added the comment:

5) Should the command write different files per Python version and platform? 
4Suite’s config command does that.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue8930] messed up formatting after reindenting


Antoine Pitrou  added the comment:

Stefan: it's ok with me, thanks.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9060] Python/dup2.c doesn't compile on (at least) newlib


Antoine Pitrou  added the comment:

(as a sidenote, the last significant changes to dup2.c date back from 1994)

--
nosy: +gvanrossum, loewis, pitrou
versions: +Python 3.2

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue8254] write a configure command


Antoine Pitrou  added the comment:

Shouldn't "config" and "configure" have more distinguishable names?
(if I understand correctly, they both are distutils2 commands)

--
nosy: +pitrou

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9025] Non-uniformity in randrange for large arguments.


Antoine Pitrou  added the comment:

This wouldn't be the first time reproduceability is dropped, since reading from 
the docs:

“As an example of subclassing, the random module provides the WichmannHill 
class that implements an alternative generator in pure Python. The class 
provides a backward compatible way to reproduce results from earlier versions 
of Python, which used the Wichmann-Hill algorithm as the core generator.”

Also:

> FWIW, we spent ten years maintaining the ability to reproduce
> sequences.  It has become an implicit promise.

IMO it should either be documented explicitly, or be taken less dearly. There's 
not much value in an "implicit promise" that's only known by a select few.

(besides, as Terry said, I think most people are more concerned by the quality 
of the random distribution than by the reproduceability of sequences)

--
nosy: +pitrou

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue8254] write a configure command

2010-06-23 Thread Éric Araujo


Éric Araujo  added the comment:

4Suite’s DistExt has a config command similar to the new Distutils2 configure 
command described in this bug report. The Distutils config command is an 
unfinished command with use similar to autotools configure scripts. From the 
module docstring:

“a (mostly) empty command class that exists mainly to be sub-classed by 
specific module distributions and applications.  The idea is that while every 
"config" command is different, at least they're all named the same, and users 
always see "config" in the list of standard commands.  Also, this is a good 
place to put common configure-like tasks: "try to compile this C code", or 
"figure out where this header file lives"”.

The module has seen 26 commits in 10 years. I find the name clash confusing too 
for end users and wanted to bring the issue later. If I understand autotools 
correctly, it encompasses both config and configure commands. Since there are 
no conflicts in options or functionality (config.run is a no-op, configure.run 
writes a file), I think dropping config or merging it with configure would make 
a lot of sense. But first things first, configure needs to be reviewed and 
accepted (5 open questions :) and then I’ll propose a merge into a unified 
config command (short names win).

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue8999] Add Mercurial support to patchcheck


Antoine Pitrou  added the comment:

The purpose of patchcheck.py is not obvious to me. If it's meant to be used by 
committers (rather than contributors), than we should wait for the actual hg 
migration and the definition of our new workflow. Also, we might "need" two 
separate scripts: one for individual changesets and one for pushes.

("need" is in quotes because I'm not sure anyone actually uses patchcheck.py)

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue7900] posix.getgroups() failure on Mac OS X

Alexander Belopolsky  added the comment:

Reposting from python-dev. See "os.getgroups() on MacOS X" 
.

"""
On Wed, Jun 23, 2010 at 2:08 AM, Ronald Oussoren  wrote:
..
>>
>>> * [Ronald's proposal] results in posix.getgroups not reflecting results of 
>>> posix.setgroups
>>>
>>
>> This effectively substitutes getgrouplist called on the current user
>> for getgroups.  In 3.x, I believe the correct action will be to
>> provide direct access to getgrouplist which is while not POSIX (yet?),
>> is widely available.
>
> I don't mind adding getgrouplist, but that issue is seperator from this one. 
> BTW. Appearently getgrouplist is posix
> (),
>  although this isn't a
> requirement for being added to the posix module.
>

(The link you provided leads to "Linux Standard Base Core
Specification," which is different from POSIX, but the distinction is
not relevant for our discussion.)

>
> It is still my opinion that the second option is preferable for better 
> compatibility with system tools, even if the patch
> is more complicated and the library function we use can be considered to be 
> broken.

Let me try to formulate what the disagreement is.  There are two
different group lists that can be associated with a running process:
1) The list of current supplementary group IDs maintained by the
system for each process and stored in per-process system tables; and
2) The list of the groups that include the uid under which the process
is running as a member.

The first list is returned by a system call getgroups and the second
can be obtained using system database access functions as follows:

pw = getpwuid(getuid())
getgrouplist(pw->pw_name, ..)

The first list can be modified by privileged processes using setgroups
system call, while the second changes when system databases change.

The problem that _DARWIN_C_SOURCE introduces is that it replaces
system getgroups with a database query effectively making the true
process' list of supplementary group IDs inaccessible to programs.
See source code at
.

The problem is complicated by the fact that OSX true getgroups call
appears to truncate the list of groups to NGROUPS_MAX=16.  Note,
however that it is not clear whether the system call truncates the
list or the underlying process tables are limited to 16 entries and
additional groups are ignored when the process is created.

In my view, getgroups and getgrouplist are two fundamentally different
operations and both should be provided by the os module.  Redefining
os.getgroups to invoke getgrouplist instead of system getgroups on one
particular platform to work around that platform's system call
limitation is not right.
"""

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9061] cgi.escape Can Lead To XSS Vulnerabilities

New submission from Craig Younkins :

The method in question: http://docs.python.org/library/cgi.html#cgi.escape
http://svn.python.org/view/python/tags/r265/Lib/cgi.py?view=markup # at the
bottom
http://code.python.org/hg/trunk/file/3be6ff1eebac/Lib/cgi.py#l1031

"Convert the characters '&', '<' and '>' in string s to HTML-safe sequences.
Use this if you need to display text that might contain such characters in
HTML. If the optional flag quote is true, the quotation mark character ('"') is
also translated; this helps for inclusion in an HTML attribute value, as in . If the value to be quoted might include single- or double-quote
characters, or both, consider using the quoteattr() function in the
xml.sax.saxutils module instead."

cgi.escape never escapes single quote characters, which can easily lead to a
Cross-Site Scripting (XSS) vulnerability. This seems to be known by many, but a
quick search reveals many are using cgi.escape for HTML attribute escaping.

The intended use of this method is unclear to me. Up to and including Mako
0.3.3, this method was the HTML escaping method. Used in this manner,
single-quoted attributes with user-supplied data are easily susceptible to
cross-site scripting vulnerabilities.

While the documentation says "if the value to be quoted might include single-
or double-quote characters... [use the] xml.sax.saxutils module instead," it
also implies that this method will make input safe for HTML. Because this
method escapes 4 of the 5 key XML characters, it is reasonable to expect some
will use it for HTML escaping.

I suggest rewording the documentation for the method making it more clear what
it should and should not be used for. I would like to see the method changed to
properly escape single-quotes, but if it is not changed, the documentation
should explicitly say this method does not make input safe for inclusion in
HTML.

This is definitely affecting the security of some Python web applications. I
already mentioned Mako, but I've found this type of bug in other frameworks and
engines because the creators either called cgi.escape directly or modeled their
own after it.

Craig Younkins

--
assignee: d...@python
components: Documentation, Library (Lib)
messages: 108457
nosy: Craig.Younkins, d...@python
priority: normal
severity: normal
status: open
title: cgi.escape Can Lead To XSS Vulnerabilities
versions: Python 2.5, Python 2.6, Python 2.7, Python 3.1, Python 3.2, Python 3.3

___
Python tracker

___
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9061] cgi.escape Can Lead To XSS Vulnerabilities


Changes by Craig Younkins :


--
type:  -> security

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9062] urllib.urlopen crashes when launched from a thread

2010-06-23 Thread Olivier Berten


New submission from Olivier Berten :

I'm writing SwatchBooker , an app that's 
(among other things) reading some data from the web. When urllib.urlopen is 
called first from within a secondary thread, the app crashes (or freezes). If 
it's been called first from the main thread, there's no problem.

You can reproduce that by downloading 
http://launchpad.net/swatchbooker/trunk/0.7/+download/SwatchBooker-0.7.noinstall.zip

1. Launch swatchbooker.pyw
2. Open from web
3. Select ICI Dulux, Pantone or RAL
4. Cancel
5. Close the program
6. Relaunch swatchbooker.pyw
7. Open from web
8. Choose any swatch from ICI Dulux, Pantone or RAL (Don't click 
ColorCharts.org or Digital Colour Atlas!)
9. OK
10. Crash

For ColorCharts.org and Digital Colour Atlas, the list itself is loaded through 
urllib.urlopen from the main thread so it makes the rest go smoothly...

--
components: None
messages: 108458
nosy: olivier-berten
priority: normal
severity: normal
status: open
title: urllib.urlopen crashes when launched from a thread
versions: Python 2.6

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue8798] tkinter build variants on OSX

2010-06-23 Thread Sridhar Ratnakumar


Changes by Sridhar Ratnakumar :


--
nosy: +hobbs, srid, trentm

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9016] IDLE won't launch (Win XP)

2010-06-23 Thread Jon Seger


Jon Seger  added the comment:

Actually I did do exactly what Martin requested, but then somehow I failed to 
include the output in my message, which doesn't really make sense as a result.  
How embarrassing!  I apologize.  I thought I had included something like the 
following:

C:\Documents and Settings\jon\Desktop>python Lib\idlelib\idle.py
python: can't open file 'Lib\idlelib\idle.py': [Errno 2] No such file or 
directory

Same response with forward or back slashes in the argument.  However, if I give 
python the full path (either with forward or back slashes), then it 
successfully launches IDLE:

C:\Documents and Settings\jon\Desktop>python c:/python25/Lib/idlelib/
idle.py

Now my remark about c:\Python25 being the first item in the path should make 
more sense than it did in the message as I sent it!

Again, this is all with 2.5.4, the installation that DOES launch IDLE when I 
click the desktop icon.  I'll try later today with 2.6.5.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9025] Non-uniformity in randrange for large arguments.

2010-06-23 Thread Senthil Kumaran


Senthil Kumaran  added the comment:

I guess, Antoine wanted to point out this:

"Changed in version 2.3: MersenneTwister replaced Wichmann-Hill as the
default generator."

But as the paragraph points out Python did provide non default WichmanHill
class for generating repeatable sequences with older python.

My brief reading on this topic, does suggest that 'repeatability' is
an important requirement for any PRNG.

--
nosy: +orsenthil

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue5672] Implement a way to change the python process name

2010-06-23 Thread Giampaolo Rodola'


Changes by Giampaolo Rodola' :


___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue8999] Add Mercurial support to patchcheck

2010-06-23 Thread Brett Cannon


Brett Cannon  added the comment:

So patchcheck is meant for both contributors and committers. I originally wrote 
it for me, but it helps make sure the patch is in a reasonable state before 
someone submits a patch.

As for Hg support, enough people seem to run mq on top of svn to make this a 
reasonable thing to add now and to change once the transition occurs.

--
assignee:  -> brett.cannon

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9063] TZ examples in datetime.rst are incorrect


New submission from Alexander Belopolsky :

With python started at the root of the source tree and TZ=US/Eastern in the 
environment,

>>> exec(open('Doc/includes/tzinfo-examples.py').read())
>>> import os
>>> os.environ['TZ']
'US/Eastern'
>>> from datetime import *
>>> x = datetime(2010, 11, 7, 5, tzinfo=timezone.utc)
>>> print(x, x.astimezone(Local), x.astimezone(Eastern))
2010-11-07 05:00:00+00:00 2010-11-07 01:00:00-04:00 2010-11-07 01:00:00-05:00
>>> x.astimezone(Local).dst() == x.astimezone(Eastern).dst() 
False

Note that according to my understanding of the long comment at the end of 
datetimemodule.c, zone conversion from UTC is a well defined operation unless 
there is a bug in tzinfo subclass implementation.

--
assignee: d...@python
components: Documentation
messages: 108462
nosy: belopolsky, d...@python
priority: normal
severity: normal
stage: needs patch
status: open
title: TZ examples in datetime.rst are incorrect
versions: Python 2.7, Python 3.2

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9025] Non-uniformity in randrange for large arguments.


Mark Dickinson  added the comment:

BTW, the Wichmann-Hill code is gone in py3k, so that doc paragraph needs 
removing or updating.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9063] TZ examples in datetime.rst are incorrect


Alexander Belopolsky  added the comment:

The result given when Eastern tzinfo object is used is clearly wrong.  The 
timezone shift should not change the actual time, but

>>> x == x.astimezone(Eastern)
False

while

>>> x == x.astimezone(Local)
True

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9062] urllib.urlopen crashes when launched from a thread

2010-06-23 Thread Senthil Kumaran


Senthil Kumaran  added the comment:

There isn't a problem with urllib with respect to threading as such. 
There are programs and examples which use this module in multi-threading 
environment. 

I could not run your app, I am not on Mac, but some of the changes you could 
try is:
- Not to pollute module namespace with from somemodule import *  ( And in the 
process importing urllib).
- Use the 'import urllib' in each of the module that you using.

If you have specific traceback, post it here. ( An smaller snippet/example to 
reproduce will help). Feel free to reopen the issue if you see that it indeed a 
bug.

--
nosy: +orsenthil
resolution:  -> invalid
stage:  -> committed/rejected
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9025] Non-uniformity in randrange for large arguments.

2010-06-23 Thread Raymond Hettinger


Raymond Hettinger  added the comment:

Thanks guys, I've got it from here.

Some considerations for the PRNG are:
* equidistribution (for quality)
* repeatability from the same seed (even in multithreaded environments)
* quality and simplicity of API (for usability)
* speed (it matters whether a Monte Carlo simulation takes 5 minutes or 30 
minutes).

I'm looking at several ideas:
* updating the new randrange() to use rnd2() algorithm shown above (for 
equidistribution).
* possibly providing a C version of rnd2() and using it in randrange() for 
speed and for thread-safety.
* possibly updating shuffle() and choice() to use rnd2().
* moving the existing randrange() to randrange_quick() -- uses int(n * random) 
for speed and for reproducibility of previously created sequences.  
Alternatively, adding a recipe to the docs for recreating old sequences and not 
cluttering the code with backwards compatibility cruft.

Am raising the priority to normal because I think some effort needs to be made 
to address equidistribution in 3.2.  Will take some time to come-up with a good 
patch that balances quality, simplicity, speed, thread-safety, and 
reproducibility.   

May also consult with Tim Peters who has previously voiced concerns about 
stripping bits off of multiple calls to random() because the MT proofs make no 
guarantees about quality in those cases.  I don't think this is an issue in 
practice, but in theory when we start tossing out some of the calls to 
random(), we're also throwing away the guarantees of a long periodic, 623 
dimensions, uniformity, and equidistribution.

--
priority: low -> normal

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9048] no OS X buildbots in the stable list

2010-06-23 Thread Bill Janssen


Bill Janssen  added the comment:

Bit of a chicken/egg issue here.  Since we haven't had OS X buildbots for very 
long, and the ones we do have represent odd configurations, I think it's 
premature to say that "the port *doesn't* pass the test suite on
a regular manner".  I think it's just as reasonable to say that the developers 
making changes just aren't aware of bad side-effects on OS X.  A good way to 
remedy that would be to make those bad side-effects more apparent, for example 
by adding an OS X buildbot into the "stable" set.

Another issue is that none of the three OS X buildbots now running are really 
good representatives of the technology that most people I know who use OS X 
really use.  That would be an Intel Core 2 Duo machine running Snow Leopard.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9048] no OS X buildbots in the stable list

2010-06-23 Thread Shashwat Anand


Changes by Shashwat Anand :


--
nosy: +l0nwlf

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue8901] Windows registry path not ignored with -E option

2010-06-23 Thread flashk


flashk  added the comment:

Any chance of getting this into 2.7 final? This fix is important for embedding 
Python in Windows applications.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9061] cgi.escape Can Lead To XSS Vulnerabilities


Craig Younkins  added the comment:

Proof of concept:
print "" % cgi.escape("' onload='alert(1);' bad='")

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9063] TZ examples in datetime.rst are incorrect


Alexander Belopolsky  added the comment:

Let's establish what is the correct wall clock sequence around EDT to EST 
transition:

>>> import time
>>> def print_time(s):
...tt = time.localtime(s)
...print(time.strftime('%c %z %Z', tt))

x = datetime(2010, 11, 7, 5)
>>> s = (x - datetime(1970, 1, 1))//timedelta(seconds=1)

>>> for i in range(-3600, 5000, 1200):
...   print_time(s + i)
... 
Sun Nov  7 00:00:00 2010 -0400 EDT
Sun Nov  7 00:20:00 2010 -0400 EDT
Sun Nov  7 00:40:00 2010 -0400 EDT
Sun Nov  7 01:00:00 2010 -0400 EDT
Sun Nov  7 01:20:00 2010 -0400 EDT
Sun Nov  7 01:40:00 2010 -0400 EDT
Sun Nov  7 01:00:00 2010 -0500 EST
Sun Nov  7 01:20:00 2010 -0500 EST

However, neither Local nor Eastern tzinfo instance is capable of reproducing 
this sequence:


>>> for i in range(-3600, 5000, 1200):
...   print(datetime.fromtimestamp(s + i, Eastern).strftime('%c %z %Z'))

Sun Nov  7 00:00:00 2010 -0400 EDT
Sun Nov  7 00:20:00 2010 -0400 EDT
Sun Nov  7 00:40:00 2010 -0400 EDT
Sun Nov  7 01:00:00 2010 -0500 EST
Sun Nov  7 01:20:00 2010 -0500 EST
Sun Nov  7 01:40:00 2010 -0500 EST
Sun Nov  7 01:00:00 2010 -0500 EST
Sun Nov  7 01:20:00 2010 -0500 EST

>>> for i in range(-3600, 5000, 1200):
...   print(datetime.fromtimestamp(s + i, Local).strftime('%c %z %Z'))
 
Sun Nov  7 00:00:00 2010 -0400 EDT
Sun Nov  7 00:20:00 2010 -0400 EDT
Sun Nov  7 00:40:00 2010 -0400 EDT
Sun Nov  7 01:00:00 2010 -0400 EDT
Sun Nov  7 01:20:00 2010 -0400 EDT
Sun Nov  7 01:40:00 2010 -0400 EDT
Sun Nov  7 02:00:00 2010 -0500 EST
Sun Nov  7 02:20:00 2010 -0500 EST

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9048] no OS X buildbots in the stable list


Martin v. Löwis  added the comment:

> Bit of a chicken/egg issue here.  Since we haven't had OS X buildbots
> for very long, and the ones we do have represent odd configurations,
> I think it's premature to say that "the port *doesn't* pass the test
> suite on a regular manner".

And I didn't mean that literally. Rather, I meant "the build slave that 
you are proposing to add to the stable list don't pass the test suite on 
a regular manner" - it's ultimately the individual slave (OS, compiler 
installation, buildbot version, network connectivity) that can be 
questioned for stability.

So that's not really a chicken-and-egg problem. If people keep working 
on the OSX port, they might ultimately arrive in a state where even the 
odd configurations become stable.

> I think it's just as reasonable to say
> that the developers making changes just aren't aware of bad
> side-effects on OS X.  A good way to remedy that would be to make
> those bad side-effects more apparent, for example by adding an OS X
> buildbot into the "stable" set.

I am not convinced that this is a good way. First, they are all 
volunteers, so they chose to do whatever they like to do. Then, even if 
they *are* willing to fix OSX problems, they might never look at the 
buildbot results. So any estimation of the effect that the proposed 
change might have is pure guessing.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue7951] Should str.format allow negative indexes when used for getitem access?

2010-06-23 Thread Kamil Kisiel


Kamil Kisiel  added the comment:

While I agree this functionality isn't strictly necessary I think it makes 
sense from a semantic point of view. I ran in to this issue today while writing 
some code and I simply expected the negative syntax to work, given that the 
format string syntax otherwise very closely resembles standard array and 
attribute access.

It would be nice to see this make it in eventually for consistency's sake.

--
nosy: +kisielk

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9061] cgi.escape Can Lead To XSS Vulnerabilities

2010-06-23 Thread Senthil Kumaran

Senthil Kumaran  added the comment:

On Wed, Jun 23, 2010 at 03:46:35PM +, Craig Younkins wrote:
> cgi.escape never escapes single quote characters, which can easily
> lead to a Cross-Site Scripting (XSS) vulnerability. This seems to be
> known by many, but a quick search reveals many are using cgi.escape
> for HTML attribute escaping.

cgi.escape is for HTML attribute escaping only.  I guess, you should
explain or point out to resources where 'single quotes' representation
in a non-entity format in a HTML page has lead to XSS.

> The intended use of this method is unclear to me. 

Escape HTML characters (most commonly), >,<, & and ". And mostly when
constructing responses where these characters are literally required.

> While the documentation says "if the value to be quoted might
> include single- or double-quote characters... [use the]
> xml.sax.saxutils module instead," it also implies that this method
> will make input safe for HTML. Because this method escapes 4 of the

"More suitable" for HTML would be the correct interpretation rather
make the "input safe". You might check the reference documentation
leading to xml.sax.saxutils.

> I suggest rewording the documentation for the method making it more
> clear what it should and should not be used for. 

The very next paragraph seems to address the security considerations
while using the cgi module itself, rather than limiting it to
cgi.escape. It says that:

"To be on the safe side, if you must pass a string gotten from a form
to a shell command, you should make sure the string contains only
alphanumeric characters, dashes, underscores, and periods."

With respect your bug report:

1. Any doc change suggestions you propose?  (After pointing out the
resources requested in first para)

2. If cgi.escape needs to escape single quotes, what should it be as:
lsquo/rsquo (for XHTML) and ' or ' for Others?

--
nosy: +orsenthil

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9048] no OS X buildbots in the stable list


Changes by Alexander Belopolsky :


--
assignee:  -> ronaldoussoren
components: +Macintosh -None

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue8930] messed up formatting after reindenting

2010-06-23 Thread Stefan Krah


Stefan Krah  added the comment:

Antoine, thanks. ceval.c fixes committed in r82177, r82179, r82181
and r82182.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9061] cgi.escape Can Lead To XSS Vulnerabilities


Craig Younkins  added the comment:

> cgi.escape is for HTML attribute escaping only.

It is not safe for HTML attribute escaping because it does not encode single 
quotes.

> "More suitable" for HTML would be the correct interpretation rather make the 
> "input safe".

"More suitable, but not quite secure"

Regardless of the intended use of this method, many many people are using it 
for insecure HTML entity escaping.

> you should explain or point out to resources where 
> 'single quotes' representation in a non-entity format 
> in a HTML page has lead to XSS.

print "" % cgi.escape("' onload='alert(1);' bad='")

> The very next paragraph seems to address the security considerations
> while using the cgi module itself, rather than limiting it to
> cgi.escape. It says that:
> "To be on the safe side, if you must pass a string gotten from a form
> to a shell command, you should make sure the string contains only
> alphanumeric characters, dashes, underscores, and periods."

The security concerns related to output on the web are very different from the 
concerns related sending user input to a shell command. The needed escaping is 
completely different. Also, the security advice above is woefully inadequate. 

> Any doc change suggestions you propose?

Convert the characters '&', '<' and '>' in string s to their HTML entity 
encoded values. If the optional flag quote is true, the double-quotation mark 
character ('"') is also encoded. Note that the output of this method is not 
safe to put in an HTML attribute because it does not escape single quotes. If 
the value to be quoted might include single- or double-quote characters, or 
both, consider using the quoteattr() function in the xml.sax.saxutils module 
instead.

> If cgi.escape needs to escape single quotes, what should it be as:
> lsquo/rsquo (for XHTML) and ' or ' for Others?

Sorry, I should have included that in the OP. It should escape to ' 
It is also advised to escape the forward slash character ('/') to /

See OWASP.org for an explanation of the complexities of the escaping:
http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9064] pdb enhancement up/down traversals

2010-06-23 Thread Andrew Valencia


New submission from Andrew Valencia :

In very deep stack traces (like runaway recursion) it can be a pain to get up 
to the top of the stack to see what kicked it off.  I've enhanced up/down to 
take a numeric argument for the number of positions to traverse, or -1 to go to 
the top/bottom.  Sample patch included.

--
components: Demos and Tools
files: pdb_up.pat
messages: 108476
nosy: vandyswa
priority: normal
severity: normal
status: open
title: pdb enhancement up/down traversals
type: feature request
versions: Python 2.6
Added file: http://bugs.python.org/file17754/pdb_up.pat

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue8999] Add Mercurial support to patchcheck


Antoine Pitrou  added the comment:

> As for Hg support, enough people seem to run mq on top of svn to make
> this a reasonable thing to add now and to change once the transition
> occurs.

Yes, but the question is what workflow it should assume. If you are
running mq for example (or pbranch, or doing local named branches),
using a simple "hg status" of the working copy will not do the right
thing.

(and, by the way, you can't assume mq is the favourite workflow out of
there: I for example use clones + local named branches instead)

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9025] Non-uniformity in randrange for large arguments.


Antoine Pitrou  added the comment:

> Some considerations for the PRNG are:
> * equidistribution (for quality)
> * repeatability from the same seed (even in multithreaded environments)

I believe a reasonable (com)promise would be to guarantee repeatability
accross a given set of bugfix releases (for example, accross all 2.6.x
releases). We shouldn't necessarily commit to repeatability accross
feature releases, especially if it conflicts with desireable
opportunities for improvement.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue1004] MultiMethods with type annotations in 3000

2010-06-23 Thread Benjamin Peterson


Benjamin Peterson  added the comment:

Let's close for now.

--
nosy: +benjamin.peterson
resolution:  -> postponed
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue8999] Add Mercurial support to patchcheck

2010-06-23 Thread Brett Cannon


Brett Cannon  added the comment:

Good point, Antoine. Then I might leave this patch for now and come back to it 
when we do the Hg transition.

--
assignee: brett.cannon -> 

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9025] Non-uniformity in randrange for large arguments.


Mark Dickinson  added the comment:

> * possibly providing a C version of rnd2()

If recoding in C is acceptable, I think there may be better ( = simpler and 
faster) ways than doing a direct translation of rnd2.

For example, for small k, the following algorithm for randrange(k) suffices:

 - take a single 32-bit deviate (generated using genrand_int32)
 - multiply by k (a 32-by-32 to 64-bit widening multiply) and return
   the high 32-bits of the result, provided that the bottom half
   of the product is <= 2**32 - k (almost always true, for small k).
 - consume extra random words as necessary in the case that the bottom
   half of the product is > 2**32 - k.

I can provide code (with that 3rd step fully expanded) if you're interested in 
this approach.

This is likely to be significantly faster than a direct translation of rnd32, 
since in the common case it requires only: one 32-bit deviate from MT, one 
integer multiplication, one subtraction, and one comparison.  By comparison, 
rnd2 uses (at least) two 32-bit deviates and massages them into a float, before 
doing arithmetic with that float.

Though it's possible (even probable) that any speed gain would be insignificant 
in comparison to the rest of the Python machinery involved in a single 
randrange call.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue7900] posix.getgroups() failure on Mac OS X

2010-06-23 Thread R. David Murray


R. David Murray  added the comment:

I don't know how relevant this is to OS X, but on FreeBSD 6.3, kern.ngroups 
(maximum number of groups a uid may belong to) defaults to 16.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue7900] posix.getgroups() failure on Mac OS X


Martin v. Löwis  added the comment:

> I don't know how relevant this is to OS X, but on FreeBSD 6.3,
> kern.ngroups (maximum number of groups a uid may belong to) defaults
> to 16.

It probably is: "sysctl kern.ngroups" also gives 16 on OSX 10.6.4
(Darwin 10.4.0).

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9048] no OS X buildbots in the stable list

2010-06-23 Thread R. David Murray


R. David Murray  added the comment:

Data point: on #python-dev we get announcements when buildbots (any buildbots, 
not just stable ones) *change state*.  That is, when a buildbot that was 
passing fails, or a buildbot that was failing passes.  We do look at the 
failures, though not all the time (if no one is around or it is one of that 
flaky buildbots that change state often they won't get checked or will get 
checked only randomly).

So, from the #python-dev perspective, the OS X buildbots will only be useful 
once they start being normally green.  Then we'll notice when they go red and, 
if we can, fix it, or open an issue.

--
nosy: +r.david.murray

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9048] no OS X buildbots in the stable list


Antoine Pitrou  added the comment:

> I think it's just as reasonable to say that the developers making
> changes just aren't aware of bad side-effects on OS X.  A good way to
> remedy that would be to make those bad side-effects more apparent, for 
> example by adding an OS X buildbot into the "stable" set.

I can't speak for other developers, but I generally look into the "unstable" 
set when I fear one of my changes might break something (and, sure enough, some 
of the SSL changes I did had to be adapted so that test_ssl pass again on the 
OS X buildots).

--
nosy: +pitrou

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9048] no OS X buildbots in the stable list

2010-06-23 Thread Ronald Oussoren


Ronald Oussoren  added the comment:

Martin: sorry about my first question. My interpretation of your first message 
was that you thought that the OSX port itself wasn't stable, and you've already 
mentioned that you didn't mean to imply that.

I'm unassigning the issue from my as I won't be able to actually move the osx 
buildbots in the stable list, at least not beyond trying to get the OSX port 
rock solid.

Is is possible to get e-mail about changes of buildbot status? I'd be 
interested in two sets of mail: any buildbot failures caused by my checkins and 
state changes for the OSX buildbots.

BTW. None of the buildbots currently test the configuration that is used for 
release builds: a 2-way or 3-way universal framework build.

--
assignee: ronaldoussoren -> nobody
nosy: +nobody

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9025] Non-uniformity in randrange for large arguments.


Mark Dickinson  added the comment:

Just to illustrate, here's a patch that adds a method Random._smallrandbelow, 
based on the algorithm I described above.

--
Added file: http://bugs.python.org/file17755/_smallrandbelow.diff

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9020] 2.7: eval hangs on AIX


Antoine Pitrou  added the comment:

> I checked every usage of Py_IS* in the tree and this is an isolated
> case. So I think it's better to do the check explicitly and add a
> comment to the Py_IS* macros.
> 
> 
> Does the patch look good?

Nice. I suppose Py_CHARMASK still needs fixing for the general case,
though).

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9048] no OS X buildbots in the stable list


Martin v. Löwis  added the comment:

> Is is possible to get e-mail about changes of buildbot status? I'd be
> interested in two sets of mail: any buildbot failures caused by my
> checkins and state changes for the OSX buildbots.

Buildbot failure reports are sent to python-checkins. In theory, at 
least; I think that isn't working very well.

Sending them to individual developers might be tricky. IOW, don't expect 
to see this happen within the next months unless somebody else 
volunteers to look into the buildbot configuration.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9048] no OS X buildbots in the stable list


Antoine Pitrou  added the comment:

> Buildbot failure reports are sent to python-checkins. In theory, at 
> least; I think that isn't working very well.

ISTR we disabled them because there was too much churn from both
unreliable buildbots and unreliable tests, which made the noise annoying
and useless (everyone was ignoring failure notifications, I think).

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue8852] _socket fails to build on OpenSolaris x64

2010-06-23 Thread David Kirkby


David Kirkby  added the comment:

Has anyone done anything about fixing this issue? The patch I attached appears 
to allow _socket to build on OpenSolaris and when I run the test suite, there 
is no failure of _socket. 

I've just downloaded the latest source code for the 3.1.2, 2.6.5 and 
Python-2.7rc2. All three have this problems, so it needs fixing. 

As far as I can ascertain, the patch socketmodule.c.patch solves it. 

Dave

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9051] Cannot pickle timezone instances


Alexander Belopolsky  added the comment:

Committed in r82184.  Leaving the issue open pending a more thorough review of 
pickling in datetime module.

--
keywords:  -easy, patch
priority: normal -> low

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9065] tarfile: default root:root ownership is incorrect.

2010-06-23 Thread Justin Bronder


New submission from Justin Bronder :

According to the tar spec [1], uname/gname should only be filled
when they have successfully been resolved from the uid/gid.  The
tarfile module incorrectly defaults to root:root in this case.

A patch against svn trunk r82183 is included.  All tarfile unit
tests still pass with this patch.  I did not include a new unit
test as chown() is required.

Example using tarfile:
$ ls -l tarfile_user
-rw-r--r-- 1 65533 jbronder 0 2010-06-23 17:44 tarfile_user
$ python -c "import tarfile;a = tarfile.open('bleh.tar', 
'w:');a.add('tarfile_user');a.list()"
-rw-r--r-- root/jbronder  0 2010-06-23 17:44:55 tarfile_user

Example using GNU tarball:
$ tar -cf bleh.tar tarfile_user
$ python -c "import tarfile;a = tarfile.open('bleh.tar').list()"
-rw-r--r-- 65533/jbronder  0 2010-06-23 17:44:55 tarfile_user

1. http://www.gnu.org/software/tar/manual/tar.html#SEC170

--
files: python-2.7-tarfile-uid-gid.patch
keywords: patch
messages: 108493
nosy: jsbronder
priority: normal
severity: normal
status: open
title: tarfile:  default root:root ownership is incorrect.
versions: Python 2.5, Python 2.7
Added file: http://bugs.python.org/file17756/python-2.7-tarfile-uid-gid.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9065] tarfile: default root:root ownership is incorrect.

2010-06-23 Thread Justin Bronder


Changes by Justin Bronder :


--
components: +Library (Lib)
versions: +Python 2.6

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue8852] _socket fails to build on OpenSolaris x64


Martin v. Löwis  added the comment:

> Has anyone done anything about fixing this issue?

AFAICT, nobody did.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9025] Non-uniformity in randrange for large arguments.

2010-06-23 Thread Raymond Hettinger


Raymond Hettinger  added the comment:

Antoine, there does need to be repeatablity; there's no question about that.  
The open question for me is how to offer that repeatability in the cleanest 
manner.

People use random.seed() for reproducible tests.  They need it to have their 
studies become independently validatable, etc.  Some people are pickling the 
state of the RNG and need to restart where they left off, etc.

Mark, thanks for the alternative formulation.  I'll take a look when I get a 
chance.

I've got it from here.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue8852] _socket fails to build on OpenSolaris x64

2010-06-23 Thread David Kirkby


David Kirkby  added the comment:

Is there anything I can do to get someone to do something about it? I would 
have thought with a patch, it would not be hard for someone to fix.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue8413] String interpolation doesn't work with sys.version_info

2010-06-23 Thread Arfrever Frehtes Taifersar Arahesis


Arfrever Frehtes Taifersar Arahesis  added the comment:

Should this regression block final release of 2.7 or can it be fixed in e.g. 
2.7.1?

--
nosy: +benjamin.peterson

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9025] Non-uniformity in randrange for large arguments.

2010-06-23 Thread STINNER Victor


STINNER Victor  added the comment:

randint.py: another algorithm to generate a random integer in a range. It uses 
only operations on unsigned integers (no evil floatting point number). It calls 
tick() multiple times to generate enough entropy. It has an uniform 
distribution (if the input generator has an uniform distribution).

tick() is simply the output of the Mersenne Twister generator. The algorithm 
can be optimized (especially the part computing ndigits and scale).

--
Added file: http://bugs.python.org/file17757/randint.py

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9025] Non-uniformity in randrange for large arguments.


Antoine Pitrou  added the comment:

> Antoine, there does need to be repeatablity; there's no question about
> that.

Well, that doesn't address my proposal of making it repeatable accross
bugfix releases only. There doesn't seem to be a strong use case for
perpetual repeatability.

If some people really need perpetual repeatability, I don't understand
how they can rely on Python anyway, since we don't make any such promise
explicitly (or do they somehow manage to read in your mind?). So,
realistically, they should already be using their custom-written
deterministic generators.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue1172711] long long support for array module

2010-06-23 Thread Craig McQueen


Craig McQueen  added the comment:

So it looks as though this isn't going in to Python 2.7.

How about 3.x?

--
nosy: +cmcqueen1975

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9066] Standard type codes for array.array, same as struct

2010-06-23 Thread Craig McQueen


New submission from Craig McQueen :

The type codes for array.array are platform-dependent.

The type codes are similar to those for the struct module. It would be helpful 
for array.array to adopt the struct module's "=" format specifier prefix, to 
specify "standard" sizes. E.g.

array_object = array.array("=L")  # 4-byte elements on all platforms

--
components: Library (Lib)
messages: 108501
nosy: cmcqueen1975
priority: normal
severity: normal
status: open
title: Standard type codes for array.array, same as struct
type: feature request
versions: Python 3.2, Python 3.3

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue8852] _socket fails to build on OpenSolaris x64