subject:"\[issue10510\] distutils.command.upload\/register HTTP message headers\: bad line termination"

[issue10510] distutils.command.upload/register HTTP message headers: bad line termination

2010-11-22 Thread Brian Jones


New submission from Brian Jones :

In trying to write a PyPI service, I of course need to support the registration 
and upload features of setup.py, which uses distutils for those actions. One 
thing making this a bit more difficult than need be is the fact that 
distutils.command.register and distutils.command.upload both use bare line 
feeds as a line terminator in the HTTP message headers. While there are 
probably tolerant servers out there, I think this behavior should be considered 
a bug in light of the HTTP spec, which reads: 

"The line terminator for message-header fields is the sequence CRLF. However, 
we recommend that applications, when parsing such headers, recognize a single 
LF as a line terminator and ignore the leading CR."

The second sentence can be interpreted in multiple ways that either agree with 
or contradict the first sentence, but the first sentence is at least perfectly 
clear, and I'd like to see "\r\n" added to the beginning of (specifically in 
this case) the Content-Disposition headers assembled by 
distutils.command.upload and distutils.command.register.  

The change involves taking identical lines in each file that currently look 
like this: 


   title = '\nContent-Disposition: form-data; name="%s"' % key

...and making them look like this: 


   title = '\r\nContent-Disposition: form-data; name="%s"' % key

The result is that servers which do not support a lax adherence to the protocol 
will still be able to support users of distutils in Python 2.6, 2.7, and 3.1 
(and maybe others).

--
messages: 122192
nosy: Brian.Jones
priority: normal
severity: normal
status: open
title: distutils.command.upload/register HTTP message headers: bad line 
termination
type: behavior
versions: Python 2.6, Python 2.7, Python 3.1

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue10510] distutils.command.upload/register HTTP message headers: bad line termination

2010-11-23 Thread Éric Araujo


Éric Araujo  added the comment:

Thank you for the report.  This is how I understand the part of the spec you 
quoted: Strictly valid HTTP uses CRLF, but servers and clients should be 
liberal in what they accept and deal with LF too.  Senthil, do you agree with 
that?

There are a small number of PyPI-like servers out there which seem to deal fine 
with what distutils produces.  We have strong backward compatibility 
constraints in distutils, so we try to make the less changes possible to fix 
bugs.  Because we’ve haven’t had this reported by those other servers before, 
I’m tempted to reject this report.  The good part is that since you’re still 
writing the server, you can change its code to follow Postel’s Law and be 
liberal in what you accept.  Does that sound acceptable to you?

Best regards

--
assignee:  -> eric.araujo
components: +Distutils, Distutils2
nosy: +eric.araujo, orsenthil, tarek
versions: +3rd party, Python 3.2 -Python 2.6

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue10510] distutils.command.upload/register HTTP message headers: bad line termination

2010-11-23 Thread Brian Jones


Brian Jones  added the comment:

In truth, I don't personally know if the other PyPI server implementations also 
have to work around this issue. Other comments on that are welcome. 

As for my own implementation, I've implemented a workaround to this, but I'm 
working around and reimplementing what is otherwise a feature built into the 
server (and every other one). 

I believe the suggested change makes the world a better place, and having 
administered several different web servers, I can't imagine ill effects from 
making the change. Web servers support *at least* the standard. Any ill effects 
we might imagine are, at least for my part, pure speculation. I, on the other 
hand, have found a real-life problem now :) 

I guess in the end I think that servers are more likely to err on the side of 
strict HTTP than make allowances for every "SHOULD" in the protocol spec, and 
leaving things as-is relies on a "SHOULD", which I submit is incorrect 
behavior, and therefore a bug. 

It's not like a fix is going to magically improve my life, as I'll have to 
support older buggy versions anyway, but making the change now can help grease 
the wheels for future implementations who won't have to hit this hurdle. 

My $.02.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue10510] distutils.command.upload/register HTTP message headers: bad line termination

2010-11-23 Thread Senthil Kumaran


Senthil Kumaran  added the comment:

I think, it is better that  distutils.command.register and
distutils.command.upload  use CRLF as the line terminator for header
values.
It just helps in many cases, we can safely side by this case, but not
relying LR or CR only may not be always possible.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue10510] distutils.command.upload/register HTTP message headers: bad line termination

[issue10510] distutils.command.upload/register HTTP message headers: bad line termination

[issue10510] distutils.command.upload/register HTTP message headers: bad line termination

[issue10510] distutils.command.upload/register HTTP message headers: bad line termination

4 matches

Site Navigation

Mail list logo

Footer information