Re: [Python-Dev] hg verify warnings
> warning: copy source of 'Modules/_threadmodule.c' not in parents of > 60ad83716733 > warning: copy source of 'Objects/bytesobject.c' not in parents of 64bb1d258322 > warning: copy source of 'Objects/stringobject.c' not in parents of > 357e268e7c5f These revisions are all from Benjamin. So I conclude that he was once using an now-ancient version of hg. Regards, Martin ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Should urlencode() sort the query parameters (if they come from a dict)?
On Sat, Aug 18, 2012 at 1:55 PM, Glenn Linderman wrote: > > On 8/18/2012 11:47 AM, MRAB wrote: > > I vote -0. The issue can also be addressed with a small and simple > helper function that wraps urlparse and compares the query parameter. Or > you cann urlencode() with `sorted(qs.items)` instead of `qs` in the > application. > > > Hm. That's actually a good point. > > > Seems adequate to me. Most programs wouldn't care about the order, because > most web frameworks grab whatever is there in whatever order, and present it > to the web app in their own order. > > Programs that care, or which talk to web apps that care, are unlikely to want > the order from a non-randomized dict, and so have already taken care of > ordering issues, so undoing the randomization seems like a solution in search > of a problem (other than for poorly written test cases). > I am of the same thought too. Changing a behavior based on the test case expectation, no matter if the behavior is a harmless change is still a change. Coming to the point testing query string could be useful in some cases and then giving weightage to the change seems interesting use case, but does not seem to warrant a change. I think, I like Christian Heimes suggestion that a wrapper to compare query strings would be useful and in Guido's original test case, a tittle test code change would have been good. Looks like Guido has withdrawn the bug report too. -- Senthil ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] hg verify warnings
Antoine Pitrou wrote: > > warning: copy source of 'Modules/_threadmodule.c' not in parents of > > 60ad83716733 > > I don't get that problem on the master server, nor on two other > machines with fresh clones and different hg versions. I suggest you > re-try cloning and, if the issue persists, report it on the Mercurial > mailing-list. Okay, this only occurs if the ~/.hgrc contains "verbose = True". I found a post from Matt Mackall where he says that this only happens with repos that were started with "now-ancient" versions of hg: http://permalink.gmane.org/gmane.comp.version-control.mercurial.general/23195 So it looks like a known issue, see also: https://bugzilla.mozilla.org/show_bug.cgi?id=644904 Stefan Krah ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] hg verify warnings
On Sun, 19 Aug 2012 11:11:34 +0200 Stefan Krah wrote: > Hello, > > In a fresh clone, I'm getting a couple of warnings in `hg verify`. Perhaps > someone familiar with Mercurial could take a brief look: > > repository uses revlog format 1 > checking changesets > checking manifests > crosschecking files in changesets and manifests > checking files > warning: copy source of 'Modules/_threadmodule.c' not in parents of > 60ad83716733 > warning: copy source of 'Objects/bytesobject.c' not in parents of 64bb1d258322 > warning: copy source of 'Objects/stringobject.c' not in parents of > 357e268e7c5f > 9754 files, 78648 changesets, 175109 total revisions > 3 warnings encountered! I don't get that problem on the master server, nor on two other machines with fresh clones and different hg versions. I suggest you re-try cloning and, if the issue persists, report it on the Mercurial mailing-list. Regards Antoine. -- Software development and contracting: http://pro.pitrou.net ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Should urlencode() sort the query parameters (if they come from a dict)?
On Sun, 19 Aug 2012 20:55:31 +0900 "Stephen J. Turnbull" wrote: > Antoine Pitrou writes: > > > That's unsubstantiated. > > Sure. If I had a CVE, I would have posted it. Ok, so you have no evidence. Regards Antoine. ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Should urlencode() sort the query parameters (if they come from a dict)?
Joao S. O. Bueno writes: > Ageeded that "any way one thinks about it" is far too strong a claim - > but I still hold to the point. Maybe "most ways one thinks about it" > :-) . 100% agreement now. ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Should urlencode() sort the query parameters (if they come from a dict)?
Antoine Pitrou writes: > That's unsubstantiated. Sure. If I had a CVE, I would have posted it. > Give an example of how sorted URLs compromise security. That's not how you think about security; the right question about sorted URLs is "how do you know that they *don't* compromise security?" We know that mishandling URLs *can* compromise security (eg, via bugs in directory traversal). But you know that. What you presumably mean here is "why do you think randomly changing query parameter order in URLs is more secure than sorted order?" The answer to that is that since the server can't depend on order, it *must* handle more configurations of parameters by design (and presumably in implementation and testing), and therefore will be robust against more kinds of parameter configurations. Eg, there will be no temptation to optimize processing by handling parameters in sorted order. Is this a "real" danger? Maybe not. But every unnecessary regularity in inputs that a program's implementation depends on is a potential attack vector via irregular inputs. Remember, I was responding to a claim that sorted order is *always* better. That's a dangerous kind of claim to make about anything that could be input to an Internet server. Steve ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] 3.3 str timings
Wiadomość napisana przez Antoine Pitrou w dniu 18 sie
2012, o godz. 23:27:
> On Sat, 18 Aug 2012 17:17:14 -0400
> Terry Reedy wrote:
>> The issue came up in python-list about string operations being slower in
>> 3.3. (The categorical claim is false as some things are actually
>> faster.) Some things I understand, this one I do not.
>>
>> Win7-64, 3.3.0b2 versus 3.2.3
>> print(timeit("c in a", "c = '…'; a = 'a'*1000+c")) # ord(c) = 8230
>> # .6 in 3.2, 1.2 in 3.3
>
> I get opposite numbers:
Me too. 3.2 is slower for me in every case. Mac OS X 10.8.
--
Best regards,
Łukasz Langa
Senior Systems Architecture Engineer
IT Infrastructure Department
Grupa Allegro Sp. z o.o.
http://lukasz.langa.pl/
+48 791 080 144
___
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
[Python-Dev] hg verify warnings
Hello, In a fresh clone, I'm getting a couple of warnings in `hg verify`. Perhaps someone familiar with Mercurial could take a brief look: repository uses revlog format 1 checking changesets checking manifests crosschecking files in changesets and manifests checking files warning: copy source of 'Modules/_threadmodule.c' not in parents of 60ad83716733 warning: copy source of 'Objects/bytesobject.c' not in parents of 64bb1d258322 warning: copy source of 'Objects/stringobject.c' not in parents of 357e268e7c5f 9754 files, 78648 changesets, 175109 total revisions 3 warnings encountered! Stefan Krah ___ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
