date:20130905

Re: [Python-Dev] Pre-PEP: Redesigning extension modules

2013-09-05 Thread Stefan Behnel

Antoine Pitrou, 06.09.2013 07:43:
> Proxying wrapper? We shouldn't need that kind of tricks.

The advantage is that it's controlled by the loader, and transparent to the
module itself.

Stefan


___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] windows file closing race condition?

2013-09-05 Thread Antoine Pitrou

On Fri, 06 Sep 2013 06:50:07 +0100
Chris Withers  wrote:
> 
> So, from my perspective, I'm either looking at a bug in shutil.rmtree 
> (which would be trying to delete a directory before deleting its content 
> or failing to delete a file but ignoring an error) or the file object, 
> when being used as a context manager, going through __exit__ without 
> closing the file and releasing the handle.

It seems someone forgot to remove the following snippet from
FileIO.__exit__:

if random.random() > 0.0001:
# Sometimes we leave the fd open, to annoy Chris
os.close(self.fd)

> This happens very infrequently, the OS is Windows 7 and the filesystem 
> is NTFS, if that helps...

It should help indeed:
http://blogs.msdn.com/b/oldnewthing/archive/2012/09/07/10347136.aspx

:-)

Regards

Antoine.


___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Pre-PEP: Redesigning extension modules

2013-09-05 Thread Eric Snow

On Mon, Sep 2, 2013 at 2:16 AM, Antoine Pitrou  wrote:

> I think the biggest challenge here is to propose an API that's simple
> and easy to use (i.e. that doesn't make extension module writing more
> complicated than it currently is).
>

+1


>
> The basic concept of putting custom module objects in sys.modules is
> sound, IMHO.
>
> As for "extension module as a wrapper", though, it shounds like the
> kind of complication I would personally prefer to stay away from. Also,
> it would make extension modules less like Python modules, rather than
> more.
>

It all depends on how useful it would be to be able to safely reload
extension modules from their files.

-eric
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Pre-PEP: Redesigning extension modules

2013-09-05 Thread Eric Snow

On Sat, Aug 31, 2013 at 1:16 PM, Stefan Behnel  wrote:

> Nick Coghlan, 31.08.2013 18:49:
> > This is actually my primary motivation for trying to improve the
> > "can this be reloaded or not?" aspects of the loader API in PEP 451.
>
> I assume you mean that the extension module would be able to clearly signal
> that it can't be reloaded, right? I agree that that's helpful. If you're
> wrapping a C library, then the way that library is implemented might simply
> force you to prevent any attempts at reloading the wrapper module. But if
> reloading is possible at all, it would be even more helpful if we could
> make it really easy to properly support it.
>

 When loader.exec_module() gets called, it should raise ImportError if the
module does not support reloading.

-eric
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

[Python-Dev] windows file closing race condition?

2013-09-05 Thread Chris Withers


Hi All,

Continuous testing is a wonderful thing when it comes to finding weird 
edge case problems, like this one:


http://jenkins.simplistix.co.uk/job/testfixtures-tox/COMPONENTS=zc,PYTHON=3.3,label=windows/149/testReport/junit/testfixtures.tests.test_tempdirectory/TempDirectoryTests/test_check_all_tuple/

  File 
"C:\Jenkins\workspace\testfixtures-tox\e8666d4e\.tox\3.3-zc\lib\site-packages\testfixtures\tempdirectory.py", 
line 323, in __exit__

self.cleanup()
  File 
"C:\Jenkins\workspace\testfixtures-tox\e8666d4e\.tox\3.3-zc\lib\site-packages\testfixtures\tempdirectory.py", 
line 78, in cleanup

rmtree(self.path)
  File 
"C:\Jenkins\workspace\testfixtures-tox\e8666d4e\.tox\3.3-zc\lib\shutil.py", 
line 460, in rmtree

return _rmtree_unsafe(path, onerror)
  File 
"C:\Jenkins\workspace\testfixtures-tox\e8666d4e\.tox\3.3-zc\lib\shutil.py", 
line 362, in _rmtree_unsafe

_rmtree_unsafe(fullname, onerror)
  File 
"C:\Jenkins\workspace\testfixtures-tox\e8666d4e\.tox\3.3-zc\lib\shutil.py", 
line 371, in _rmtree_unsafe

onerror(os.rmdir, path, sys.exc_info())
  File 
"C:\Jenkins\workspace\testfixtures-tox\e8666d4e\.tox\3.3-zc\lib\shutil.py", 
line 369, in _rmtree_unsafe

os.rmdir(path)
OSError: [WinError 145] The directory is not empty: 
'c:\\users\\jenkins\\appdata\\local\\temp\\tmpkeg4d7\\a'


I'm 99% certain my code is correct here, the only place I open files for 
writing in that directory is here:


https://github.com/Simplistix/testfixtures/blob/master/testfixtures/tempdirectory.py#L275

So, from my perspective, I'm either looking at a bug in shutil.rmtree 
(which would be trying to delete a directory before deleting its content 
or failing to delete a file but ignoring an error) or the file object, 
when being used as a context manager, going through __exit__ without 
closing the file and releasing the handle.


This happens very infrequently, the OS is Windows 7 and the filesystem 
is NTFS, if that helps...


Any ideas?

Chris

--
Simplistix - Content Management, Batch Processing & Python Consulting
   - http://www.simplistix.co.uk
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Pre-PEP: Redesigning extension modules

2013-09-05 Thread Eric Snow

On Sat, Aug 24, 2013 at 10:12 PM, PJ Eby  wrote:

> I haven't had a chance to address this on the import-sig discussion
> yet about ModuleSpec, but I would like to just mention that one
> property of the existing module system that I'm not sure either this
> proposal or the ModuleSpec proposal preserves is that it's possible to
> implement lazy importing of modules using standard reload() semantics.
>
> My "Importing" package offers lazy imports by creating module objects
> in sys.modules that are a subtype of ModuleType, and use a
> __getattribute__ hook so that trying to use them fires off a reload()
> of the module.  Because the dummy module doesn't have __file__ or
> anything else initialized, the import system searches for the module
> and then loads it, reusing the existing module object, even though
> it's actually only executing the module code for the first time.
>
> That the existing object be reused is important, because once the
> dummy is in sys.modules, it can also be imported by other modules, so
> references to it can abound everywhere, and we wish only for it to be
> loaded lazily, without needing to trace down and replace all instances
> of it.  This also preserves other invariants of the module system.
>
> Anyway, the reason I was asking why reloading is being handled as a
> special case in the ModuleSpec proposal -- and the reason I'm curious
> about certain provisions of this proposal -- is that making the
> assumption you can only reload something with the same
> spec/location/etc. it was originally loaded with, and/or that if you
> are reloading a module then you previously had a chance to do things
> to it, doesn't jibe with the way things work currently.


> That is to say, in the pure PEP 302 world, there is no special status
> for "reload" that is different from "load" -- the *only* thing that's
> different is that there is already a module object to use, and there
> is *no guarantee that it's a module object that was initialized by the
> loader now being invoked*.
>

In Python 3.3 (#13959) import.reload()  was updated to reuse a module's
__loader__, which  must now be set.  If __loader__ is not set, you get an
AttributeError.  If that's a problem we can create a tracker issue and
discuss there.

In Python 3.4 imp.reload() is just an alias to importlib.reload(), but it
works basically the same.

With ModuleSpec things won't work that differently.  If you reload such a
module as you described, it will look for __spec__ and call it's reload()
method.  If __spec__ is not set, you get an AttributeError.  It wouldn't be
that hard to build a spec from the module if need be and then use that.

-eric


> AFAICT both this proposal and the ModuleSpec one are making an invalid
> assumption per PEP 302, and aren't explicitly proposing to change the
> status quo: they just assume things that aren't actually assured by
> the prior specs or implementations.
>
> So, for example, this extension module proposal needs to cover what
> happens if an extension module is reloaded and the module object is
> not of the type or instance it's expecting.  Must it do its own
> checking?  Error handling?  Will some other portion of the import
> system be expected to handle it?
>
> For that matter, what happens (in either proposal) if you reload() a
> module which only has a __name__, and no other attributes?  I haven't
> tested with importlib, but with earlier Pythons this results in a
> standard module search being done by reload().  But the ModuleSpec
> proposal and this one seem to assume that a reload()-ed module must
> already be associated with a loader, location, and/or spec.
> ___
> Python-Dev mailing list
> Python-Dev@python.org
> http://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe:
> http://mail.python.org/mailman/options/python-dev/ericsnowcurrently%40gmail.com
>
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Pre-PEP: Redesigning extension modules

2013-09-05 Thread Antoine Pitrou

On Thu, 5 Sep 2013 23:26:31 -0600
Eric Snow  wrote:
> On Sat, Aug 24, 2013 at 7:07 AM, Stefan Behnel  wrote:
> 
> > PEP 3121 would no longer be necessary. Extension types can do all we need.
> > No more special casing of modules, that was the idea.
> >
> 
> One nice thing about PEP 3121 is the addition of md_state to module objects
> to store internal module state.  Wouldn't we be better served by improving
> the related API rather than abandoning it?

md_state isn't a PyObject and therefore its lifetime management is
quirky (as Py_buffer, same bad idea). So I'd be happy for it to
disappear from the next API.

> This, coupled with the PEP 451-compatible API and with a proxying wrapper,
> would go a long way to various "reloading" issues that extension modules
> have.

Proxying wrapper? We shouldn't need that kind of tricks.

Regards

Antoine.


___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Pre-PEP: Redesigning extension modules

2013-09-05 Thread Eric Snow

On Sat, Aug 24, 2013 at 7:07 AM, Stefan Behnel  wrote:

> PEP 3121 would no longer be necessary. Extension types can do all we need.
> No more special casing of modules, that was the idea.
>

One nice thing about PEP 3121 is the addition of md_state to module objects
to store internal module state.  Wouldn't we be better served by improving
the related API rather than abandoning it?  If md_state were the home for
all mutable internal state then load/reload could focus directly on just
md_state and md_dict and not worry about other internal state, since all
remaining state would be immutable (refcounts notwithstanding).  If the API
made this easier then we could leverage the strengths of PEP 3121 to make
loading safer and more independent.  Of course, we could certainly go the
other way and actively discourage mutable internal state...

This, coupled with the PEP 451-compatible API and with a proxying wrapper,
would go a long way to various "reloading" issues that extension modules
have.

On Sun, Aug 25, 2013 at 5:54 AM, Stefan Behnel  wrote:

> (regarding reloading into the existing module's namespace)
>
> I'm not sure this can be done in general. What if the module has threads
> running that access the global state? In that case, reinitialising the
> module object itself would almost certainly lead to a crash.
>
> And what if you do "from extmodule import some_function" in a Python
> module? Then reloading couldn't replace that reference, just as for normal
> Python modules. Meaning that you'd still have to keep both modules properly
> alive in order to prevent crashes due to lost global state of the imported
> function.
>
> The difference to Python modules here is that in Python code, you'll get
> some kind of exception if state is lost during a reload. In C code, you'll
> most likely get a crash.
>
> How would you even make sure global state is properly cleaned up? Would you
> call tp_clear() on the module object before re-running the init code? Or
> how else would you enable the init code to do the right thing during both
> the first run (where global state is uninitialised) and subsequent runs
> (where global state may hold valid state and owned Python references)?
>
> Even tp_clear() may not be enough, because it's only meant to clean up
> Python references, not C-level state. Basically, for reloading to be
> correct without changing the object reference, it would have to go all the
> way through tp_dealloc(), catch the object at the very end, right before it
> gets freed, and then re-initialise it.
>

Right.  It would probably require a separate
`PyImportInitializeState_(PyObject *mod)` and/or some API that
helps make it easier to manage mutable internal module state (on md_state).

On Sun, Aug 25, 2013 at 6:36 AM, Stefan Behnel  wrote:

> PJ Eby, 25.08.2013 06:12:
> > My "Importing" package offers lazy imports by creating module objects
> > in sys.modules that are a subtype of ModuleType, and use a
> > __getattribute__ hook so that trying to use them fires off a reload()
> > of the module.
>
> I wonder if this wouldn't be an approach to fix the reloading problem in
> general. What if extension module loading, at least with the new scheme,
> didn't return the module object itself and put it into sys.modules but
> created a wrapper that redirects its __getattr__ and __setattr__ to the
> actual module object? That would have a tiny performance impact on
> attribute access, but I'd expect that to be negligible given that the usual
> reason for the extension module to exist is that it does non-trivial stuff
> in whatever its API provides. Reloading could then really create a
> completely new module object and replace the reference inside of the
> wrapper.
>
> That way, code that currently uses "from extmodule import xyz" would
> continue to see the original version of the module as of the time of its
> import, and code that just did "import extmodule" and then used attribute
> access at need would always see the current content of the module as it was
> last loaded. I think that, together with keeping module global state in the
> module object itself, would nicely fix both cases.
>

At first blush I like this.

-eric

p.s. Bear with me if I've missed something in the thread.  I'm slogging
through a backlog of email
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Jesus Cea

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 05/09/13 20:45, Eli Bendersky wrote:
> PS: I use "http://www.jcea.es/"; as my OpenID identity, and I
> delegate the actual service to "myOpenID". I can switch delegation
> trivially.
> 
> http://bugs.python.org/?@action=openid_login&provider=Google

Sorry, Google, Facebook, Twitter, etc., are not acceptable OpenID
providers for me. I should have made that point in my original email.
My excuses.

Any other suggestion?

- -- 
Jesús Cea Avión _/_/  _/_/_/_/_/_/
j...@jcea.es - http://www.jcea.es/ _/_/_/_/  _/_/_/_/  _/_/
Twitter: @jcea_/_/_/_/  _/_/_/_/_/
jabber / xmpp:j...@jabber.org  _/_/  _/_/_/_/  _/_/  _/_/
"Things are not so easy"  _/_/  _/_/_/_/  _/_/_/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/_/_/_/  _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQCVAwUBUik2Z5lgi5GaxT1NAQJEtQP+NdOaMbAB4LzgsUfoL1yelPcYA8wg2rnd
WjM7IEsfcs/3NFrmpg9XxjJqSwoxgqW8NqpcQLapGSUdqUxMrhYz3xUnXzSUmM75
IwxUWlTuVVQkscRWwrmIjqMWD20EI3KtmGBtCH5J1Tnmb1EeTH4+wrtpBcl3hBUi
Ph8+Afy+E6w=
=VkCq
-END PGP SIGNATURE-
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Jesus Cea

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 05/09/13 22:29, Oleg Broytman wrote:

> I have seen exactly 0 (zero) sites that support Persona. Can you 
> point me?

"Python España" (Python Spain) association is going to provide Persona
Only login. Deployment in four weeks.

- -- 
Jesús Cea Avión _/_/  _/_/_/_/_/_/
j...@jcea.es - http://www.jcea.es/ _/_/_/_/  _/_/_/_/  _/_/
Twitter: @jcea_/_/_/_/  _/_/_/_/_/
jabber / xmpp:j...@jabber.org  _/_/  _/_/_/_/  _/_/  _/_/
"Things are not so easy"  _/_/  _/_/_/_/  _/_/_/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/_/_/_/  _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQCVAwUBUik1uZlgi5GaxT1NAQIA3wP/eH0HA+gxa/9c1S679lmC7GVoBqahWyWS
mmOnIg170MaozIxyjgLruReTKdnfhcFa/QxxWLpS7brGenOSA1UCXdOhRHRTpf5y
JMtQ/f1pmS3sdjEIal2F6Fm1Dt1i6YFZr813j9hdzVHgcx96PuxTx5UVO3LpAAkf
+edD8PBn3eM=
=y1Ri
-END PGP SIGNATURE-
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Jesus Cea

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 05/09/13 23:56, Oleg Broytman wrote:

> Well, I can only use services that are available, not those that
> are promised. If python.org grows support for Persona -- who will
> be my provider and for what price? I am not going to install and
> manage additional software on my servers -- I don't want to be my
> own provider, I have enough job already.

If your email provider is not supporting Persona, the automatic
fallback is Mozilla, a non-profit, free web, I care about your
privacy, organization.

- -- 
Jesús Cea Avión _/_/  _/_/_/_/_/_/
j...@jcea.es - http://www.jcea.es/ _/_/_/_/  _/_/_/_/  _/_/
Twitter: @jcea_/_/_/_/  _/_/_/_/_/
jabber / xmpp:j...@jabber.org  _/_/  _/_/_/_/  _/_/  _/_/
"Things are not so easy"  _/_/  _/_/_/_/  _/_/_/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/_/_/_/  _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQCVAwUBUik1Y5lgi5GaxT1NAQLKjwP9EXXmMTVORDPOCK5ByBfrwveL71nG/1IJ
oTc0ZUjZPMp/JD2UBnibEUIhxJHtmAkTsuMTmNsSbzqx6F74n9zYokfMK4Y0iscC
2EpqDe7lcAzEjJXpIa93A/K8/fh3gaufWHAXND3Ynr7gMdlLkn9jRiXoVMHHX3Sm
lEIX/47kzlI=
=4+OP
-END PGP SIGNATURE-
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Jesus Cea

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 05/09/13 22:36, Oleg Broytman wrote:
> There was no demise. Because there was no take-off. OpenID was
> never popular. I can remember a very limited set of major sites
> that allow login using OpenID: SourceForge, LiveJournal, BitBucket.
> The first two

I remember a day where OpenID was the ONLY authentication method in
StackOverflow.

- -- 
Jesús Cea Avión _/_/  _/_/_/_/_/_/
j...@jcea.es - http://www.jcea.es/ _/_/_/_/  _/_/_/_/  _/_/
Twitter: @jcea_/_/_/_/  _/_/_/_/_/
jabber / xmpp:j...@jabber.org  _/_/  _/_/_/_/  _/_/  _/_/
"Things are not so easy"  _/_/  _/_/_/_/  _/_/_/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/_/_/_/  _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQCVAwUBUik1Iplgi5GaxT1NAQKHGQP/ayFi3hs5CWwlNCciFguNkUesQBfRaPFF
TxHrloNM2Uo9wB2dt2oAVhAQnGSTw3lIYoRMzhk5+tfx4Bn16QVPiDXnbotO5xqn
QkAH3ZE9q9/YTDDqPJPFXHP/7eoQwk9Ou4LrTJk97ofp0DM7JcfVm3W0Sys53wEQ
ddwoNkrIk/s=
=vFd+
-END PGP SIGNATURE-
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Jesus Cea

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 05/09/13 21:53, Ben Finney wrote:
> My own take is that most people choose convenience and expedience
> over security and freedom, hence Facebook and Twitter and Google
> have taken over the online identity game instead of a federated
> identity system.

That is one of the Persona improvements: If your email provider is not
supporting it, you can still use your email with "persona" (thru
Mozilla servers). If you provider support OAUTH authentication (let
say, Facebook, twitter, Google), You can use that identity to prove
your identity to Mozilla, and Mozilla to prove your email ID to any
Persona consumer. In the process, you get privacy (facebook doesn't
know where are you using authentication, beside Mozilla).

Being a Persona provider is easy, being a verifier is trivial.

An interesting property of Persona is that if its popularity grows, it
becomes decentralized "automágically".

Anyway, I was asking for alternative OpenID providers, not to open a
debate about single sign on methods :).

- -- 
Jesús Cea Avión _/_/  _/_/_/_/_/_/
j...@jcea.es - http://www.jcea.es/ _/_/_/_/  _/_/_/_/  _/_/
Twitter: @jcea_/_/_/_/  _/_/_/_/_/
jabber / xmpp:j...@jabber.org  _/_/  _/_/_/_/  _/_/  _/_/
"Things are not so easy"  _/_/  _/_/_/_/  _/_/_/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/_/_/_/  _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQCVAwUBUikzWZlgi5GaxT1NAQJMbgP/enbARAwUiDXzJ9PkBmvlAi/OrhXrrXwE
Vf1f6XHab+ERyJ6kj1V5yz6F0D0zxl6s7GL+abz7P0JEdGEGMfEJc+aK15HM2r3b
LAm9k5ofe+ysdJx0HEd/V6/viqAeK7medb5Hh3xNwxbY6qRe4VkXbAvc0KQuo7eR
1Uf005ibUT8=
=i0/D
-END PGP SIGNATURE-
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Stephen J. Turnbull

Barry Warsaw writes:
 > On Sep 06, 2013, at 12:36 AM, Oleg Broytman wrote:

 > >   You cannot login using OpenID to most interesting popular sites.
 > >GMail? No. Twitter? No. Facebook? FriendFeed? identi.ca? No, no, no.
 >
 > I'd be surprised if you ever saw the big social networking sites support
 > OpenID or Persona.  They want to own that space themselves, so probably have
 > no business incentive to support 3rd party systems.

Quite the reverse, unfortunately.  That's why *those* sites *all*
appear on most sites that support OpenID.  They're not going to
delegate to each other until they are forced to.

 > We're open source, and I think it benefits our mission to support open,
 > decentralized, and free systems like OpenID and Persona.

Thus speaks an employee of yet another Provider-That-Won't-Accept-My-
Third-Party-Credentials.  Sorry, Barry, but you see the problem:
Unfortunately, we can't do it alone.  What needs to happen is there
needs to be a large network of sites that support login via O-D-F
systems like OpenID and Persona.  Too many of the sites I use (news
sources, GMail, etc) don't support them and my browser manages my
logins to most of them, so why bother learning OpenID, and then
setting it up site by site?

I'm not against it, but it's quixotic (and therefore valuable).

One reason that OpenID and Persona fail to achieve penetration is that
they overstate their mission.  A protocol that any email provider can
support is a protocol that provides authentication without
identification (imagine what havoc Dogbert could wreak with his own
Persona provider), and therefore cannot be used in authorization
(except trivially).  Think ident (port tcp/113).  And most general-
audience sites that want to provide high-quality "Web 2.0" service are
going to start by asking for your demographics.  It's probably at
least as effective as CAPTCHA for classifying mammals and 'bots, too!

The reason that the "big" providers can take advantage of these
protocols as providers without reciprocating as clients is that
identities on these sites are very valuable to at least 95% of people
who use them (that may or may not correspond to as much as 50% of the
accounts).  Losing your Facebook site for abuse of TOS is very costly:
you can't even contact your "circle" easily.  Nor do you want multiple
logins on one of these sites, because that will double the amount of
spam they send you.

Bottom line: A login via Facebook-provided OpenID means that the login
is unlikely to perform random mischief.

Of course, those issues are easy to deal with if you have even a bit
of Internet savvy.  So sites still have to worry about a deliberate
attack from a Facebook user, but a serious intruder has many ways to
get in the front door, so you need to lock up your Waterford crystal
and Noritake china anyway whether you support global ID logins or not.

___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Oleg Broytman

On Thu, Sep 05, 2013 at 05:29:07PM -0400, Barry Warsaw  wrote:
> I don't want my choice to be log into Facebook or manage a slew of passwords.

   The last part is unavoidable. I regularly login to LiveJournal,
Twitter, SourceForge, BitBucket, Gitorious, GitHub and to hundreds of
other sites -- blogs, torrents, web shops. I already manage hundreds of
passwords. OpenID promised to save me from that and failed. Do you think
Persona would succeed in this regard (saved me from managing all those
passwords)? And if not -- what are the benefits? I already manage
hundreds of passwords -- two or three additional passwords for
bugs.python.org, wiki.python.org and so on don't make the situation
worse.
   IMO the very idea of single sign-on in the open web is meaningless.

> But I'm not volunteering to do the work, so I don't get to decide.  I'm just
> stating that I think our principle should be that you *can* (not *must*) use
> free and open services to access our resources.

   Well, I can only use services that are available, not those that are
promised. If python.org grows support for Persona -- who will be my
provider and for what price? I am not going to install and manage
additional software on my servers -- I don't want to be my own provider,
I have enough job already.

Oleg.
-- 
 Oleg Broytmanhttp://phdru.name/p...@phdru.name
   Programmers don't die, they just GOSUB without RETURN.
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Donald Stufft


On Sep 5, 2013, at 5:56 PM, Oleg Broytman  wrote:

> On Thu, Sep 05, 2013 at 05:29:07PM -0400, Barry Warsaw  
> wrote:
>> I don't want my choice to be log into Facebook or manage a slew of passwords.
> 
>   The last part is unavoidable. I regularly login to LiveJournal,
> Twitter, SourceForge, BitBucket, Gitorious, GitHub and to hundreds of
> other sites -- blogs, torrents, web shops. I already manage hundreds of
> passwords. OpenID promised to save me from that and failed. Do you think
> Persona would succeed in this regard (saved me from managing all those
> passwords)? And if not -- what are the benefits? I already manage
> hundreds of passwords -- two or three additional passwords for
> bugs.python.org, wiki.python.org and so on don't make the situation
> worse.
>   IMO the very idea of single sign-on in the open web is meaningless.
> 
>> But I'm not volunteering to do the work, so I don't get to decide.  I'm just
>> stating that I think our principle should be that you *can* (not *must*) use
>> free and open services to access our resources.
> 
>   Well, I can only use services that are available, not those that are
> promised. If python.org grows support for Persona -- who will be my
> provider and for what price? I am not going to install and manage
> additional software on my servers -- I don't want to be my own provider,
> I have enough job already.

Theoretically whoever runs the domain for your email address (since Persona
uses email as your identifier). In order to make it work as a stop gap they also
have more openid like idP's which they run a major one (that also offers a 
"bridge"
to make things like Gmail work on Persona without needing to register for 
anything
else).

> 
> Oleg.
> -- 
> Oleg Broytmanhttp://phdru.name/p...@phdru.name
>   Programmers don't die, they just GOSUB without RETURN.
> ___
> Python-Dev mailing list
> Python-Dev@python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe: 
> https://mail.python.org/mailman/options/python-dev/donald%40stufft.io


-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Add a new tracemalloc module to trace memory allocations

2013-09-05 Thread Victor Stinner

2013/8/31 Gregory P. Smith :
> Think of the possibilities, you could even setup a test runner to
> enable/disable before and after each test, test suite or test module to
> gather narrow statistics as to what code actually _caused_ the allocations
> rather than the ultimate individual file/line doing it.

It may be used with "-m test -R" to detect memory leaks, you need to
repeat a test.

> Taking that further: file and line information is great, but what if you
> extend the concept: could you allow for C API or even Python hooks to gather
> additional information at the time of each allocation or free? for example:
> Gathering the actual C and Python stack traces for correlation to figure out
> what call patterns lead allocations is powerful.

I modified the PEP 454 and the implementation. By default, tracemalloc
only stores 1 "frame" instance (filename and line number). But you can
now use tracemalloc.set_number_frame(10) to store 10 frames per memory
allocation. Don't store too much frames, remember that tracemalloc
traces all Python memory allocations! So when Python allocates 1 byte,
tracemalloc may need to allocate 1000 bytes to store the trace...

tracemalloc cannot get the C traceback. It was discussed in the design
of the PEP 445 (Add new APIs to customize Python memory allocators)
how to pass the C filename and line number. It was decided to not add
them to have a simpler API.

In general, a C function is binded to a Python function. Knowing the
Python function should be enough.

Victor
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Toshio Kuratomi

On Thu, Sep 05, 2013 at 10:25:22PM +0400, Oleg Broytman wrote:
> On Thu, Sep 05, 2013 at 02:16:29PM -0400, Donald Stufft  
> wrote:
> > 
> > On Sep 5, 2013, at 2:12 PM, Oleg Broytman  wrote:
> > >   I used to use myOpenID and became my own provider using poit[1].
> > > These days I seldom use OpenID -- there are too few sites that allow
> > > full-featured login with OpenID. The future lies in OAuth 2.0.
> > 
> > The Auth in OAuth stands for Authorization not Authentication.
> 
>There is no authorization without authentication, so OAuth certainly
> performs authentication: http://oauth.net/core/1.0a/#anchor9 ,
> http://tools.ietf.org/html/rfc5849#section-3
> 
Sortof The way OAuth looks to me, it's designed to prove that a given
client is authorized to perform an action.  It's not designed to prove that
the given client is a specific person.  In some cases, you really want to
know the latter and not merely the former.  So I think in these situations
Donald's separation of Authz and Authn makes sense.

-Toshio


pgppLjnxYjd1p.pgp
Description: PGP signature
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Add a new tracemalloc module to trace memory allocations

2013-09-05 Thread Victor Stinner

2013/9/1 Nick Coghlan :
> +1 from me for both tracemalloc and failmalloc in the same vein as
> faulthandler (and using similar API concepts to faulthandler).
>
> While I like the flat top level naming structure, we should clearly document
> these as implementation dependent runtime services. Other implementations
> may not provide them at all, and even if they do, many details will likely
> be different.
>
> The gc module may even fall into the same category.

I updated the PEP 454 to mention that tracemalloc has been written for CPython.

Victor
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Barry Warsaw

On Sep 06, 2013, at 12:36 AM, Oleg Broytman wrote:

>   You cannot login using OpenID to most interesting popular sites.
>GMail? No. Twitter? No. Facebook? FriendFeed? identi.ca? No, no, no.

I'd be surprised if you ever saw the big social networking sites support
OpenID or Persona.  They want to own that space themselves, so probably have
no business incentive to support 3rd party systems.

We're open source, and I think it benefits our mission to support open,
decentralized, and free systems like OpenID and Persona.

-Barry
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Barry Warsaw

On Sep 06, 2013, at 01:09 AM, Oleg Broytman wrote:

>I will change my mind when Google and GitHub start using them.

Neither Google nor GitHub are free or open.  Bitbucket and Facebook aren't
either.  I'm not saying they're bad services because of that of course, but I
don't want to have to rely on any of them to access python.org resources, and
I don't want my choice to be log into Facebook or manage a slew of passwords.

But I'm not volunteering to do the work, so I don't get to decide.  I'm just
stating that I think our principle should be that you *can* (not *must*) use
free and open services to access our resources.

-Barry
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] RFC: PEP 454: Add a new tracemalloc module

2013-09-05 Thread Victor Stinner

2013/9/5 Alexander Belopolsky :
> Please mention that this API is similar to that of faulthandler and add a
> link to faulthandler docs.

Done.

Victor
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Oleg Broytman

On Thu, Sep 05, 2013 at 04:58:19PM -0400, Tres Seaver  
wrote:
> On 09/05/2013 04:29 PM, Oleg Broytman wrote:
> > I have seen exactly 0 (zero) sites that support Persona. Can you point
> > me?
> 
> - From the "Mozilla Identity" blog:
> 
> - - https://webmaker.org/
> - - http://bornthiswayfoundation.org/
> - - http://firebase.com/
> - - https://orionhub.org/
> - - http://ting.com/
> - - http://www.gnu.org/software/mailman/
> - - http://discourse.org/
> - - https://dailycred.com/

   Thank you! Never heard of these sites. Well, I saw WebMaker once, but
it's a Mozilla site, no wonder it supports Persona.

Oleg.
-- 
 Oleg Broytmanhttp://phdru.name/p...@phdru.name
   Programmers don't die, they just GOSUB without RETURN.
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Tres Seaver

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 09/05/2013 04:33 PM, Glenn Linderman wrote:
> On 9/5/2013 1:30 PM, Tres Seaver wrote:
>> +1 for supporting Persona as an alternative to OpenID on all
>> *.python.org servers.
> 
> Is there a Python implementation of Persona I can install on my web
> server?

- - https://readthedocs.org/projects/django-browserid/

- - https://pyramid_persona.readthedocs.org/en/latest/


Tres.
- -- 
===
Tres Seaver  +1 540-429-0999  tsea...@palladion.com
Palladion Software   "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlIo8SMACgkQ+gerLs4ltQ57xgCfT2xVkJfMtuDjmed6jlhfsD8I
fxMAoNHT69tbi3iKtpkyEcSY0lwJosqc
=TTJ8
-END PGP SIGNATURE-

___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Benjamin Peterson

There's some sample Python code here:
https://developer.mozilla.org/en-US/docs/Mozilla/Persona/Quick_Setup

The API is so simple something generic like requests suffices.

2013/9/5 Glenn Linderman :
> On 9/5/2013 1:30 PM, Tres Seaver wrote:
>
> +1 for supporting Persona as an alternative to OpenID on all *.python.org
> servers.
>
>
> Is there a Python implementation of Persona I can install on my web server?
>
> ___
> Python-Dev mailing list
> Python-Dev@python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe:
> https://mail.python.org/mailman/options/python-dev/benjamin%40python.org
>



-- 
Regards,
Benjamin
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Skip Montanaro

> Whether a given site chooses to authroize an
> authenticated-but-otherwise-unknown user to do anything meaningful is
> logically distinct.

But the least they could have done was pick a demo site that didn't do
exactly what they contend you shouldn't need to do: cough up all sorts
of personal information to use their site.

Skip
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Dirkjan Ochtman

On Thu, Sep 5, 2013 at 10:33 PM, Glenn Linderman  wrote:
> Is there a Python implementation of Persona I can install on my web server?

If you mean to use your web server as an Identity Provider, try this:

https://bitbucket.org/djc/persona-totp

It currently only implements TOTP-based authentication (i.e. no
passwords), but it should be easy to add a password or 2FA-mode if
you'd prefer that.

Cheers,

Dirkjan
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Dirkjan Ochtman

On Thu, Sep 5, 2013 at 10:57 PM, Donald Stufft  wrote:
> Not that it changes this statement at all but you wouldn't expect to see a 
> Persona login
> for gmail as persona solves the problem that people don't think of urls as 
> personal
> identifiers by replacing it with emails. So Gmail would be the Persona IdP

And actually you can already trivially login with your GMail account
on any Persona-based Relying Party (that is, a site that uses Persona
to authenticate you). This is because one of the nice parts of the
current implementation of Persona is that Mozilla has implemented
bridges that allow GMail and Yahoo addresses to be authenticated via
their respective OAuth implementations, such that you don't need to
setup an account at Mozilla's fallback IdP (which acts as an Identity
Provider for email addresses that don't currently have an IdP
available to them).

Cheers,

Dirkjan
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Antoine Pitrou

On Thu, 5 Sep 2013 15:40:44 -0400
Barry Warsaw  wrote:

> On Sep 05, 2013, at 09:07 PM, Antoine Pitrou wrote:
> 
> >Which sites exactly? I can login to BitBucket and *.python.org using
> >OpenID, not Persona.
> 
> I think Persona is just too new to see it around much yet.  Or maybe Mozilla
> needs better PR.

Well, OpenID at least got some publicity since it appeared. Persona is
almost unknown at this point (though it was publicly launched two years
ago, according to Wikipedia).

Comparing the size of the respective Wikipedia pages actually tells
quite a bit:
http://en.wikipedia.org/wiki/OpenID
http://en.wikipedia.org/wiki/Mozilla_Persona

Regards

Antoine.


___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Fred Drake

On Thu, Sep 5, 2013 at 4:29 PM, Oleg Broytman  wrote:
> I have seen exactly 0 (zero) sites that support Persona. Can you
> point me?

We have an internal app that uses Persona, but we did that mostly to
play with it.

I've not run across any sites that use Persona in the wild, either.


  -Fred

-- 
Fred L. Drake, Jr.
"A storm broke loose in my mind."  --Albert Einstein
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Oleg Broytman

On Thu, Sep 05, 2013 at 02:07:11PM -0500, Skip Montanaro  wrote:
> >>   OpenID lived a short life and died a quiet death. I'm afraid Persona
> >> wouldn't live even that much. Dead-born idea, in my so humble opinion.
> >
> I was completely unaware of OpenID's demise.

   There was no demise. Because there was no take-off. OpenID was never
popular. I can remember a very limited set of major sites that allow
login using OpenID: SourceForge, LiveJournal, BitBucket. The first two
in the list allow limited login. BitBucket doesn't allow even that. They
only allow full-featured login if you have already created an account
and linked your OpenID URL with that account.
   You cannot login using OpenID to most interesting popular sites.
GMail? No. Twitter? No. Facebook? FriendFeed? identi.ca? No, no, no.
   Small uninteresting blogs? Yes, but who cares?

Oleg.
-- 
 Oleg Broytmanhttp://phdru.name/p...@phdru.name
   Programmers don't die, they just GOSUB without RETURN.
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Donald Stufft


On Sep 5, 2013, at 4:53 PM, Barry Warsaw  wrote:

> On Sep 06, 2013, at 12:36 AM, Oleg Broytman wrote:
> 
>>  You cannot login using OpenID to most interesting popular sites.
>> GMail? No. Twitter? No. Facebook? FriendFeed? identi.ca? No, no, no.
> 
> I'd be surprised if you ever saw the big social networking sites support
> OpenID or Persona.  They want to own that space themselves, so probably have
> no business incentive to support 3rd party systems.

Not that it changes this statement at all but you wouldn't expect to see a 
Persona login
for gmail as persona solves the problem that people don't think of urls as 
personal
identifiers by replacing it with emails. So Gmail would be the Persona IdP

> 
> We're open source, and I think it benefits our mission to support open,
> decentralized, and free systems like OpenID and Persona.
> 
> -Barry
> ___
> Python-Dev mailing list
> Python-Dev@python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe: 
> https://mail.python.org/mailman/options/python-dev/donald%40stufft.io


-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Glenn Linderman


On 9/5/2013 1:30 PM, Tres Seaver wrote:

+1 for supporting Persona as an alternative to OpenID on all *.python.org
servers.


Is there a Python implementation of Persona I can install on my web server?
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Oleg Broytman

On Thu, Sep 05, 2013 at 04:53:18PM -0400, Barry Warsaw  wrote:
> On Sep 06, 2013, at 12:36 AM, Oleg Broytman wrote:
> >   You cannot login using OpenID to most interesting popular sites.
> >GMail? No. Twitter? No. Facebook? FriendFeed? identi.ca? No, no, no.
> 
> I'd be surprised if you ever saw the big social networking sites support
> OpenID or Persona.  They want to own that space themselves, so probably have
> no business incentive to support 3rd party systems.

   But of course! And that IMO spells the end of the feature. Things
that aren't available for millions seldom are available for a few, and
if they are -- they are available for big price.

> We're open source, and I think it benefits our mission to support open,
> decentralized, and free systems like OpenID and Persona.

   But they also have disadvantages. Implementing such a major feature
is a significant burden to sysadmins and is an additional vein for
security breaches.
   That said, I don't mind if pydotorg would get such features. If FSF
pays salaries and admins are willing to work -- no objections from me.
But I am not going to use it. What gain if I can login to one site?
   I will change my mind when Google and GitHub start using them.

Oleg.
-- 
 Oleg Broytmanhttp://phdru.name/p...@phdru.name
   Programmers don't die, they just GOSUB without RETURN.
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Tres Seaver

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 09/05/2013 04:29 PM, Oleg Broytman wrote:
> On Thu, Sep 05, 2013 at 02:50:44PM -0400, Donald Stufft
>  wrote:
>> On Sep 5, 2013, at 2:43 PM, Oleg Broytman  wrote:
>>> On Thu, Sep 05, 2013 at 02:35:16PM -0400, Donald Stufft
>>>  wrote:
 Persona is the logical successor to OpenID.
>>> 
>>> OpenID lived a short life and died a quiet death. I'm afraid
>>> Persona wouldn't live even that much. Dead-born idea, in my so
>>> humble opinion.
>> 
>> I don't think there's much evidence to support this. I'm seeing more
>> sites support Persona not less. It solves some of the major problems
>> with OpenID.
> 
> I have seen exactly 0 (zero) sites that support Persona. Can you point
> me?


- From the "Mozilla Identity" blog:

- - https://webmaker.org/

- - http://bornthiswayfoundation.org/

- - http://firebase.com/

- - https://orionhub.org/

- - http://ting.com/

- - http://www.gnu.org/software/mailman/

- - http://discourse.org/

- - https://dailycred.com/



Tres.
- -- 
===
Tres Seaver  +1 540-429-0999  tsea...@palladion.com
Palladion Software   "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlIo8GoACgkQ+gerLs4ltQ5OtACdEv/XvYKwGuFQESuLn+uBkNzm
UUAAn2YY22+YL+tS0WhE+95tIb0USmV7
=cB96
-END PGP SIGNATURE-

___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

[Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Jesus Cea

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I just received an email from my OpenID provider, "myOpenID", saying
that they drop OpenID service next February. I wonder what other
OpenID providers are used by other python-dev fellows.

What are you using?. bugs.python.org admins could share some data?

I agree than OpenID is (quite) dead, but I rather prefer OpenID to use
user/pass. I have big hopes for Mozilla Persona, looking forward
Python infrastructure support :).

PS: I use "http://www.jcea.es/"; as my OpenID identity, and I delegate
the actual service to "myOpenID". I can switch delegation trivially.

- -- 
Jesús Cea Avión _/_/  _/_/_/_/_/_/
j...@jcea.es - http://www.jcea.es/ _/_/_/_/  _/_/_/_/  _/_/
Twitter: @jcea_/_/_/_/  _/_/_/_/_/
jabber / xmpp:j...@jabber.org  _/_/  _/_/_/_/  _/_/  _/_/
"Things are not so easy"  _/_/  _/_/_/_/  _/_/_/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/_/_/_/  _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQCVAwUBUijAD5lgi5GaxT1NAQLH0wQAkKDORrAtfJFzzIHl3lHRp7GfxOzdqdNP
uiuW65l/pas+p9+B0G6qR6EE2AAL7YPozcNF5AkmuGmxkpyn/JyUYKJcUWmUotpj
V9Buz9jz3qpPuv7AlTnMbjBBQK4YTYenbdk2HgI41SVQHZHkU/+y4CL3Y1hWyJNo
C8CCWfR0VlA=
=YXIq
-END PGP SIGNATURE-
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Dirkjan Ochtman

On Thu, Sep 5, 2013 at 10:30 PM, Tres Seaver  wrote:
> +1 for supporting Persona as an alternative to OpenID on all *.python.org
> servers.

BTW, I'd be happy to assist with any Persona RP implementations for
python.org services. The MDN docs are pretty good, I got my first RP
going in just a few hours of looking at code (and you can probably do
better if you're more into frontend webdev stuff).

There's also ongoing work that will replace ReadTheDocs accounts with
Persona support.

Cheers,

Dirkjan
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Donald Stufft


On Sep 5, 2013, at 2:43 PM, Oleg Broytman  wrote:

> On Thu, Sep 05, 2013 at 02:35:16PM -0400, Donald Stufft  
> wrote:
>> Persona is the logical successor to OpenID.
> 
>   OpenID lived a short life and died a quiet death. I'm afraid Persona
> wouldn't live even that much. Dead-born idea, in my so humble opinion.

I don't think there's much evidence to support this. I'm seeing more sites 
support Persona
not less. It solves some of the major problems with OpenID.

-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Antoine Pitrou

On Thu, 05 Sep 2013 19:31:59 +0200
Jesus Cea  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> I just received an email from my OpenID provider, "myOpenID", saying
> that they drop OpenID service next February. I wonder what other
> OpenID providers are used by other python-dev fellows.

I use a self-hosted SimpleID instance:

> 
> What are you using?. bugs.python.org admins could share some data?
> 
> I agree than OpenID is (quite) dead, but I rather prefer OpenID to use
> user/pass. I have big hopes for Mozilla Persona, looking forward
> Python infrastructure support :).
> 
> PS: I use "http://www.jcea.es/"; as my OpenID identity, and I delegate
> the actual service to "myOpenID". I can switch delegation trivially.
> 
> - -- 
> Jesús Cea Avión _/_/  _/_/_/_/_/_/
> j...@jcea.es - http://www.jcea.es/ _/_/_/_/  _/_/_/_/  _/_/
> Twitter: @jcea_/_/_/_/  _/_/_/_/_/
> jabber / xmpp:j...@jabber.org  _/_/  _/_/_/_/  _/_/  _/_/
> "Things are not so easy"  _/_/  _/_/_/_/  _/_/_/_/  _/_/
> "My name is Dump, Core Dump"   _/_/_/_/_/_/  _/_/  _/_/
> "El amor es poner tu felicidad en la felicidad de otro" - Leibniz
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.10 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> 
> iQCVAwUBUijAD5lgi5GaxT1NAQLH0wQAkKDORrAtfJFzzIHl3lHRp7GfxOzdqdNP
> uiuW65l/pas+p9+B0G6qR6EE2AAL7YPozcNF5AkmuGmxkpyn/JyUYKJcUWmUotpj
> V9Buz9jz3qpPuv7AlTnMbjBBQK4YTYenbdk2HgI41SVQHZHkU/+y4CL3Y1hWyJNo
> C8CCWfR0VlA=
> =YXIq
> -END PGP SIGNATURE-



___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Oleg Broytman

On Thu, Sep 05, 2013 at 02:50:44PM -0400, Donald Stufft  
wrote:
> On Sep 5, 2013, at 2:43 PM, Oleg Broytman  wrote:
> > On Thu, Sep 05, 2013 at 02:35:16PM -0400, Donald Stufft  
> > wrote:
> >> Persona is the logical successor to OpenID.
> > 
> >   OpenID lived a short life and died a quiet death. I'm afraid Persona
> > wouldn't live even that much. Dead-born idea, in my so humble opinion.
> 
> I don't think there's much evidence to support this. I'm seeing more sites 
> support Persona
> not less. It solves some of the major problems with OpenID.

   I have seen exactly 0 (zero) sites that support Persona. Can you
point me?

Oleg.
-- 
 Oleg Broytmanhttp://phdru.name/p...@phdru.name
   Programmers don't die, they just GOSUB without RETURN.
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Ben Finney

Skip Montanaro  writes:

> >> On Thu, Sep 05, 2013 at 02:35:16PM -0400, Donald Stufft  
> >> wrote:
> >>> Persona is the logical successor to OpenID.
> >>
> >>   OpenID lived a short life and died a quiet death. I'm afraid Persona
> >> wouldn't live even that much. Dead-born idea, in my so humble opinion.
> >
> > I don't think there's much evidence to support this. I'm seeing more sites 
> > support Persona
> > not less. It solves some of the major problems with OpenID.
>
> I was completely unaware of OpenID's demise.

It has failed at its stated purpose, which was to obviate the need for
services to provide their own ad hoc systems and allow users to
consolidate their digital identities.

This is evident by lookig at how few sites have added OpenID login in
the past several years, and how many that once had it have dropped it.

If you're unaware of that, I can only surmise you haven't been trying to
log in with an OpenID to anything newer than about 2009.

> Can someone point me to/provide an explanation?

An explanation in terms of what? I can point you to punditry
http://www.25hoursaday.com/weblog/2011/01/30/LearningFromOurMistakesTheFailureOfOpenIDAtomPubAndXMLOnTheWeb.aspx>
and hand-wringing
http://geekyschmidt.com/2011/01/31/openid-death-greatly-exaggerated>.

My own take is that most people choose convenience and expedience over
security and freedom, hence Facebook and Twitter and Google have taken
over the online identity game instead of a federated identity system.

> I much prefer using OpenID to login to a site than having to either
> come up with yet another username/password which I will just forget,
> or using Facebook or similar (I don't really trust them with my info).

Agreed. Our preferences are not enough though.

-- 
 \  “Anyone who believes exponential growth can go on forever in a |
  `\finite world is either a madman or an economist.” —Kenneth |
_o__) Boulding |
Ben Finney

___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Skip Montanaro

> I think Persona is just too new to see it around much yet.  Or maybe Mozilla
> needs better PR.

The Persona site touts: "Signing in using Persona requires only a
valid email address; allowing you to provide personal information on
as-needed basis, when and where you think it’s appropriate."

They clearly need a better example site. They chose something called
Voost. Sure enough, all I needed to enter was my Gmail address. That
got me signed in, but then Voost asked me for a bunch of other
personal information (name, gender, birthdate, etc), and wouldn't let
me go any farther without that. :-/

Skip
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Tres Seaver

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 09/05/2013 03:52 PM, Skip Montanaro wrote:
>> I think Persona is just too new to see it around much yet.  Or maybe
>> Mozilla needs better PR.
> 
> The Persona site touts: "Signing in using Persona requires only a 
> valid email address; allowing you to provide personal information on 
> as-needed basis, when and where you think it’s appropriate."
> 
> They clearly need a better example site. They chose something called 
> Voost. Sure enough, all I needed to enter was my Gmail address. That 
> got me signed in, but then Voost asked me for a bunch of other 
> personal information (name, gender, birthdate, etc), and wouldn't let 
> me go any farther without that. :-/

As sith OpenID, the key element to Persona is SSO:  you can authenticate
without needing to create / remember passwords for every site you visit.
 Whether a given site chooses to authroize an
authenticated-but-otherwise-unknown user to do anything meaningful is
logically distinct.

+1 for supporting Persona as an alternative to OpenID on all *.python.org
servers.



Tres.
- -- 
===
Tres Seaver  +1 540-429-0999  tsea...@palladion.com
Palladion Software   "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlIo6ecACgkQ+gerLs4ltQ6gOwCgrIokRYnddNaNVIVPoY/M4d0k
kKcAni6hxXQE4T4QMij3bQHAJwBFX1uW
=9ZJP
-END PGP SIGNATURE-

___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Barry Warsaw

On Sep 05, 2013, at 09:07 PM, Antoine Pitrou wrote:

>Which sites exactly? I can login to BitBucket and *.python.org using
>OpenID, not Persona.

I think Persona is just too new to see it around much yet.  Or maybe Mozilla
needs better PR.

-Barry
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Barry Warsaw

On Sep 05, 2013, at 11:33 AM, Toshio Kuratomi wrote:

>Sortof The way OAuth looks to me, it's designed to prove that a given
>client is authorized to perform an action.  It's not designed to prove that
>the given client is a specific person.  In some cases, you really want to
>know the latter and not merely the former.  So I think in these situations
>Donald's separation of Authz and Authn makes sense.

This probably isn't the only application of these technologies, but I've
always thought about OAuth as delegating authority to scripts and programs to
act on your behalf.  For example, you can write a script to interact with
Launchpad's REST API, but before you can use the script, you have to interact
with the web ui once (since your browser is trusted, presumably) to receive a
token which the script can then use to prove that it's acting on your behalf.
If at some point you stop trusting that script, you can revoke the token to
disable its access, without having to reset your password.

To me, OpenID is about logging into web sites using single-sign on.  For
example, once I've logged into Launchpad, I can essentially go anywhere that
accepts OpenID, type my OpenID and generally not have to log in again (things
like two-factor auth and such may change that interaction pattern).

Or to summarize to a rough approximation: OpenID is for logins, OAuth is for
scripts.

Persona seems to fit the OpenID use case.  You'd still want OAuth for
scripting.

-Barry

signature.asc
Description: PGP signature
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Skip Montanaro

>> On Thu, Sep 05, 2013 at 02:35:16PM -0400, Donald Stufft  
>> wrote:
>>> Persona is the logical successor to OpenID.
>>
>>   OpenID lived a short life and died a quiet death. I'm afraid Persona
>> wouldn't live even that much. Dead-born idea, in my so humble opinion.
>
> I don't think there's much evidence to support this. I'm seeing more sites 
> support Persona
> not less. It solves some of the major problems with OpenID.

I was completely unaware of OpenID's demise.  Can someone point me
to/provide an explanation? I much prefer using OpenID to login to a
site than having to either come up with yet another username/password
which I will just forget, or using Facebook or similar (I don't really
trust them with my info).

Thx,

Skip
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Antoine Pitrou

On Thu, 5 Sep 2013 14:50:44 -0400
Donald Stufft  wrote:
> 
> On Sep 5, 2013, at 2:43 PM, Oleg Broytman  wrote:
> 
> > On Thu, Sep 05, 2013 at 02:35:16PM -0400, Donald Stufft  
> > wrote:
> >> Persona is the logical successor to OpenID.
> > 
> >   OpenID lived a short life and died a quiet death. I'm afraid Persona
> > wouldn't live even that much. Dead-born idea, in my so humble opinion.
> 
> I don't think there's much evidence to support this. I'm seeing more sites 
> support Persona
> not less.

Which sites exactly? I can login to BitBucket and *.python.org using
OpenID, not Persona.



___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Toshio Kuratomi

On Thu, Sep 05, 2013 at 02:53:43PM -0400, Barry Warsaw wrote:
> 
> This probably isn't the only application of these technologies, but I've
> always thought about OAuth as delegating authority to scripts and programs to
> act on your behalf.  For example, you can write a script to interact with
> Launchpad's REST API, but before you can use the script, you have to interact
> with the web ui once (since your browser is trusted, presumably) to receive a
> token which the script can then use to prove that it's acting on your behalf.
> If at some point you stop trusting that script, you can revoke the token to
> disable its access, without having to reset your password.
> 
> To me, OpenID is about logging into web sites using single-sign on.  For
> example, once I've logged into Launchpad, I can essentially go anywhere that
> accepts OpenID, type my OpenID and generally not have to log in again (things
> like two-factor auth and such may change that interaction pattern).
> 
> Or to summarize to a rough approximation: OpenID is for logins, OAuth is for
> scripts.
> 
> Persona seems to fit the OpenID use case.  You'd still want OAuth for
> scripting.
> 
  However, in some cases, Persona/OpenID can make more sense for
scripts.  For instance, if you have a script that is primarily interactive
in nature, it may be better to have the user login via that script than to
have an OAuth token laying around on the filesystem all the time
(Contrariwise, if the script is primarily run from cron or similar, it's
better to have a token with limited permissions laying around on the
filesystem than your OpenID password ;-)

It's probably also useful to point out that OAuth (because it was developed
to let third party websites have limited permission to act on your behalf)
is more paranoid than strictly required for many scripts where that
"third-party" is a script that you've written running on a box that you
control.  If that's the main use case for your service, OAuth may not be
a good fit for your authz needs.

-Toshio


pgpK1y9fAvp9j.pgp
Description: PGP signature
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Antoine Pitrou

On Thu, 05 Sep 2013 19:31:59 +0200
Jesus Cea  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> I just received an email from my OpenID provider, "myOpenID", saying
> that they drop OpenID service next February. I wonder what other
> OpenID providers are used by other python-dev fellows.
> 
> What are you using?. bugs.python.org admins could share some data?

I use a self-hosted SimpleID instance:
http://simpleid.koinic.net/

It works fine with python.org, except recent problems with PyPI for
which I haven't had an answer yet:
https://mail.python.org/pipermail/distutils-sig/2013-September/022583.html

(sorry for the previous message, keyboard mishap)

Regards

Antoine.


___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Oleg Broytman

On Thu, Sep 05, 2013 at 02:35:16PM -0400, Donald Stufft  
wrote:
> Persona is the logical successor to OpenID.

   OpenID lived a short life and died a quiet death. I'm afraid Persona
wouldn't live even that much. Dead-born idea, in my so humble opinion.

Oleg.
-- 
 Oleg Broytmanhttp://phdru.name/p...@phdru.name
   Programmers don't die, they just GOSUB without RETURN.
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Eli Bendersky

On Thu, Sep 5, 2013 at 10:31 AM, Jesus Cea  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> I just received an email from my OpenID provider, "myOpenID", saying
> that they drop OpenID service next February. I wonder what other
> OpenID providers are used by other python-dev fellows.
>
> What are you using?. bugs.python.org admins could share some data?
>
> I agree than OpenID is (quite) dead, but I rather prefer OpenID to use
> user/pass. I have big hopes for Mozilla Persona, looking forward
> Python infrastructure support :).
>
> PS: I use "http://www.jcea.es/"; as my OpenID identity, and I delegate
> the actual service to "myOpenID". I can switch delegation trivially.
>

http://bugs.python.org/?@action=openid_login&provider=Google

Eli
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Donald Stufft


On Sep 5, 2013, at 2:25 PM, Oleg Broytman  wrote:

> On Thu, Sep 05, 2013 at 02:16:29PM -0400, Donald Stufft  
> wrote:
>> 
>> On Sep 5, 2013, at 2:12 PM, Oleg Broytman  wrote:
>>>  I used to use myOpenID and became my own provider using poit[1].
>>> These days I seldom use OpenID -- there are too few sites that allow
>>> full-featured login with OpenID. The future lies in OAuth 2.0.
>> 
>> The Auth in OAuth stands for Authorization not Authentication.
> 
>   There is no authorization without authentication, so OAuth certainly
> performs authentication: http://oauth.net/core/1.0a/#anchor9 ,
> http://tools.ietf.org/html/rfc5849#section-3

They are separate topics and authorization does not need to imply 
authentication,
it so happens that in many particular instances of OAuth you can estimate
authentication.

https://en.wikipedia.org/wiki/OAuth#OpenID_vs._pseudo-authentication_using_OAuth

Persona is the logical successor to OpenID.

-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Barry Warsaw

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Sep 05, 2013, at 07:31 PM, Jesus Cea wrote:

>I just received an email from my OpenID provider, "myOpenID", saying
>that they drop OpenID service next February. I wonder what other
>OpenID providers are used by other python-dev fellows.
>
>What are you using?. bugs.python.org admins could share some data?

Launchpad.  It's not going anywhere.

>I agree than OpenID is (quite) dead, but I rather prefer OpenID to use
>user/pass. I have big hopes for Mozilla Persona, looking forward
>Python infrastructure support :).

We at the Mailman project like Persona a lot.  It'll be the primary way people
can log into Postorius (the new web ui).

- -Barry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBCAAGBQJSKM3TAAoJEBJutWOnSwa/jP8QAJ4BkV8285TexZq+9GuTwzFf
qx2OlUwtiv6lhDZq9uY0sXijyKl76N0/nTsSf5Fr8nDsn5KaETd14PFGfwbg6WVS
jMZcKz+3j7eq6zq/Qm47qFbcBb2moyxptkE96BMCqEw+DCnPo87q8DXOb2W67ROI
XDsRW2T/D8v5SvAqkmgOPlWsXWc1QzOpJCGkYcufzDeCjkFPXvck3mFI0TpizXnv
7L4IjrK9Qn6D1zNvKmovTkQOu3sk3C2FvPT2QG0b+DWkPtERE6o/xK2OTkhIzbBd
/YfLEkb60tJYtwKqfHei+n4pVreExT0DtCDFHh5bYbdcD23VuHfDZtaHCDzYEhK9
rjuY2odydxD/xH9F21enHqYuU76TBr8ceodYsP2FNlqO5XeOJwgAXhWdpBYwN+SU
G0B5k3wDb6VCDkqM1u7VGcA/yQLeGQ43s/klxxAxo08sA3url9HcIeuO5rnmnB5l
lGIehq/SJPVQXQevEJvL8Atm7uLnsaWEJg34+T04MyR+TLeUcjKsNrUZBS8bGOZu
agygKg3M/zi1k9LW/uxKR7IKLyBK+axYoEQS9yydqpgO1e8BQa6XlLQ89Sv9r38Y
y1qTFmGdRRQSItrlS1urMQ9Q8m7pJBSyfBywlsck07hpXlZLRwRm2S3DnMBrF6It
I7f28XXirrnBf/la/+6g
=xqI7
-END PGP SIGNATURE-
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Oleg Broytman

On Thu, Sep 05, 2013 at 07:31:59PM +0200, Jesus Cea  wrote:
> I just received an email from my OpenID provider, "myOpenID", saying
> that they drop OpenID service next February. I wonder what other
> OpenID providers are used by other python-dev fellows.
> 
> What are you using?. bugs.python.org admins could share some data?
> 
> I agree than OpenID is (quite) dead, but I rather prefer OpenID to use
> user/pass. I have big hopes for Mozilla Persona, looking forward
> Python infrastructure support :).
> 
> PS: I use "http://www.jcea.es/"; as my OpenID identity, and I delegate
> the actual service to "myOpenID". I can switch delegation trivially.

   I used to use myOpenID and became my own provider using poit[1].
These days I seldom use OpenID -- there are too few sites that allow
full-featured login with OpenID. The future lies in OAuth 2.0.

1. http://yangman.ca/poit/

Oleg.
-- 
 Oleg Broytmanhttp://phdru.name/p...@phdru.name
   Programmers don't die, they just GOSUB without RETURN.
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Oleg Broytman

On Thu, Sep 05, 2013 at 02:16:29PM -0400, Donald Stufft  
wrote:
> 
> On Sep 5, 2013, at 2:12 PM, Oleg Broytman  wrote:
> >   I used to use myOpenID and became my own provider using poit[1].
> > These days I seldom use OpenID -- there are too few sites that allow
> > full-featured login with OpenID. The future lies in OAuth 2.0.
> 
> The Auth in OAuth stands for Authorization not Authentication.

   There is no authorization without authentication, so OAuth certainly
performs authentication: http://oauth.net/core/1.0a/#anchor9 ,
http://tools.ietf.org/html/rfc5849#section-3

Oleg.
-- 
 Oleg Broytmanhttp://phdru.name/p...@phdru.name
   Programmers don't die, they just GOSUB without RETURN.
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Offtopic: OpenID Providers

2013-09-05 Thread Donald Stufft


On Sep 5, 2013, at 2:12 PM, Oleg Broytman  wrote:

> On Thu, Sep 05, 2013 at 07:31:59PM +0200, Jesus Cea  wrote:
>> I just received an email from my OpenID provider, "myOpenID", saying
>> that they drop OpenID service next February. I wonder what other
>> OpenID providers are used by other python-dev fellows.
>> 
>> What are you using?. bugs.python.org admins could share some data?
>> 
>> I agree than OpenID is (quite) dead, but I rather prefer OpenID to use
>> user/pass. I have big hopes for Mozilla Persona, looking forward
>> Python infrastructure support :).
>> 
>> PS: I use "http://www.jcea.es/"; as my OpenID identity, and I delegate
>> the actual service to "myOpenID". I can switch delegation trivially.
> 
>   I used to use myOpenID and became my own provider using poit[1].
> These days I seldom use OpenID -- there are too few sites that allow
> full-featured login with OpenID. The future lies in OAuth 2.0.

The Auth in OAuth stands for Authorization not Authentication.

> 
> 1. http://yangman.ca/poit/
> 
> Oleg.
> -- 
> Oleg Broytmanhttp://phdru.name/p...@phdru.name
>   Programmers don't die, they just GOSUB without RETURN.
> ___
> Python-Dev mailing list
> Python-Dev@python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe: 
> https://mail.python.org/mailman/options/python-dev/donald%40stufft.io


-
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

56 matches

Mail list logo