[issue46601] macOS installer "Install Certificates.command" fails if pip is not installed
Chris Drake added the comment: So it looks like a dependency error in the installer then? It obviously makes no sense for pip to required before the python installer can work - chicken-and-egg issue - the installer should install what it needs of course, which I guess includes pip if that's really needed at this stage... -- ___ Python tracker <https://bugs.python.org/issue46601> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue46601] Instructions do not work
New submission from Chris Drake : See https://github.com/python/pythondotorg/issues/1774#issuecomment-1025250329 -- components: macOS messages: 412257 nosy: cryptophoto, ned.deily, ronaldoussoren priority: normal severity: normal status: open title: Instructions do not work versions: Python 3.11 ___ Python tracker <https://bugs.python.org/issue46601> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue42472] security hole in eval()
Chris Drake added the comment: The specification specifically allows for the restriction of access to globals via the second argument to eval. While Christian and Victor make interesting, albeit suicidal, comments and references to other efforts, the fact remains that this is a violation of the standard, and is an exploitable security issue. It's worth noting that the 1980's are long over now - people take security seriously these days, even when it's inconvenient. The fix seems ridiculously trivial for what it's worth; introduce a flag that honors the intent of the second argument. -- ___ Python tracker <https://bugs.python.org/issue42472> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue42472] security hole in eval()
New submission from Chris Drake : This should not work:- python3.7 -c 'print(eval("().__class__.__base__.__subclasses__()[-1].__init__.__globals__",{"__builtins__": {}},{"__builtins__": {}}))' and should be properly fixed. -- messages: 381892 nosy: cryptophoto priority: normal severity: normal status: open title: security hole in eval() type: security versions: Python 3.7 ___ Python tracker <https://bugs.python.org/issue42472> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue40526] documentation bad on asyncio
New submission from Chris Drake : > The sample on this page is not demonstrating anything asynchronous: > https://docs.python.org/3/library/asyncio.html Put something that is relevant please. e.g. import asyncio import time async def say_after(delay, what): await asyncio.sleep(delay) print(what) async def main(): print(f"started at {time.strftime('%X')}") await say_after(2, 'world') await say_after(1, 'hello') print(f"finished at {time.strftime('%X')}") asyncio.run(main()) -- components: asyncio messages: 368223 nosy: asvetlov, cnd, yselivanov priority: normal severity: normal status: open title: documentation bad on asyncio versions: Python 3.9 ___ Python tracker <https://bugs.python.org/issue40526> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com