Re: [sage-devel] Re: VOTE: inclusion of OpenSSL in Sage

2017-10-24 Thread 'Julien Puydt' via sage-devel 
Hi,

Le 25/10/2017 à 00:08, Eric Gourgoulhon a écrit :
> Le mardi 24 octobre 2017 20:58:17 UTC+2, Emmanuel Charpentier a écrit :
> 
> 
> It is true. But we are hoisted by our own petard : from our tutorial
>  :
> "The Sage download file comes with “batteries included”. In other
> words, although Sage uses Python, IPython, PARI, GAP, Singular,
> Maxima, NTL, GMP, and so on, you do not need to install them
> separately as they are included with the Sage distribution."
> I fail to see how this would not apply to OpenSSL (under the heading
> "and so on")...
> 
>  
> I have the feeling that the current tendency is towards a more modular
> and lighter Sage, which deviates from the original "batteries included"
> philosophy. Maybe the latter should be rephrased as "mathematical
> batteries included". This would exclude standard "technical"  software
> like OpenSSL, which should be provided systemwide.

I'd vote for a strict separation of sage-the-distribution and
sage-the-software : I'm not interested at all in the former, and I think
it hampers the latter for which I care.

Snark on #sagemath

-- 
You received this message because you are subscribed to the Google Groups 
"sage-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to sage-devel+unsubscr...@googlegroups.com.
To post to this group, send email to sage-devel@googlegroups.com.
Visit this group at https://groups.google.com/group/sage-devel.
For more options, visit https://groups.google.com/d/optout.

Re: [sage-devel] Re: VOTE: inclusion of OpenSSL in Sage

2017-10-24 Thread William Stein 
On Tue, Oct 24, 2017 at 3:08 PM Eric Gourgoulhon 
wrote:

> Thanks Emmanuel for the discussion summary.
>
>
> Le mardi 24 octobre 2017 20:58:17 UTC+2, Emmanuel Charpentier a écrit :
>>
>>
>> It is true. But we are hoisted by our own petard : from our tutorial
>>  :
>> "The Sage download file comes with “batteries included”. In other words,
>> although Sage uses Python, IPython, PARI, GAP, Singular, Maxima, NTL, GMP,
>> and so on, you do not need to install them separately as they are included
>> with the Sage distribution."
>> I fail to see how this would not apply to OpenSSL (under the heading "and
>> so on")...
>>
>>
> I have the feeling that the current tendency is towards a more modular and
> lighter Sage, which deviates from the original "batteries included"
> philosophy. Maybe the latter should be rephrased as "mathematical batteries
> included". This would exclude standard "technical"  software like OpenSSL,
> which should be provided systemwide.
>

Well said.  I’m the reason for the batteries-included full distribution
Sage approach, and I did it that way entirely out of necessity: very
limited manpower, Python packaging was in disarray, etc., all while
attempting to support many environments like Solaris, Cygwin, OS X,...
Python packaging has improved a lot since 2004, with conda and pip, and
there are a hundred times more people working on Sage.   Git now exists.  I
hope we have further discussions in this list about ways to realize the
vision you have roughly sketched above.


> Eric.
>
> --
> You received this message because you are subscribed to the Google Groups
> "sage-devel" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to sage-devel+unsubscr...@googlegroups.com.
> To post to this group, send email to sage-devel@googlegroups.com.
> Visit this group at https://groups.google.com/group/sage-devel.
> For more options, visit https://groups.google.com/d/optout.
>
-- 
-- William Stein

-- 
You received this message because you are subscribed to the Google Groups 
"sage-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to sage-devel+unsubscr...@googlegroups.com.
To post to this group, send email to sage-devel@googlegroups.com.
Visit this group at https://groups.google.com/group/sage-devel.
For more options, visit https://groups.google.com/d/optout.

[sage-devel] Re: VOTE: inclusion of OpenSSL in Sage

2017-10-24 Thread Eric Gourgoulhon 
Thanks Emmanuel for the discussion summary.

Le mardi 24 octobre 2017 20:58:17 UTC+2, Emmanuel Charpentier a écrit :
>
>
> It is true. But we are hoisted by our own petard : from our tutorial 
>  :
> "The Sage download file comes with “batteries included”. In other words, 
> although Sage uses Python, IPython, PARI, GAP, Singular, Maxima, NTL, GMP, 
> and so on, you do not need to install them separately as they are included 
> with the Sage distribution."
> I fail to see how this would not apply to OpenSSL (under the heading "and 
> so on")...
>
>  
I have the feeling that the current tendency is towards a more modular and 
lighter Sage, which deviates from the original "batteries included" 
philosophy. Maybe the latter should be rephrased as "mathematical batteries 
included". This would exclude standard "technical"  software like OpenSSL, 
which should be provided systemwide. 

Eric.

-- 
You received this message because you are subscribed to the Google Groups 
"sage-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to sage-devel+unsubscr...@googlegroups.com.
To post to this group, send email to sage-devel@googlegroups.com.
Visit this group at https://groups.google.com/group/sage-devel.
For more options, visit https://groups.google.com/d/optout.

Re: [sage-devel] Re: VOTE: inclusion of OpenSSL in Sage

2017-10-24 Thread Dr. David Kirkby (Kirkby Microwave Ltd) 
On 24 October 2017 at 15:51, Emmanuel Charpentier <
emanuel.charpent...@gmail.com> wrote:

> Final tally
>
>  Yes, we should fully support OpenSSL now, and clarify the licensing issue
> : 9 unambiguous votes :
>
> 


>
>  No, we should wait until OpenSSL finishes fixing their license situation
> formally : 4 unambiguous votes.
>
> 

Other participants to discussion, which did not formally vote, or "threw
> their vote away" ((C) Michael Orlitzky) in favor of another option : 10
> people
>


> David Joyner
> Michael Orlitzky
> Nicolas M Thiéry
> Dr David Kirby
> Thierry (sage-googlesucks@xxx)
> kcrisman
> John H Palmieri
>
> The ayes still have it.
>

I think it is unjust to conclude the ayes have it, when the question was
ill posed, and the largest group did not vote for either of the "options"
you have.

There's the very real possibility that OpenSSL may never change their
license in a way that's compatible with the GPL, but your second option
assumes they will formally fix their license - a license that some OpenSSL
developers at least see does not need fixing.



Dave

-- 
You received this message because you are subscribed to the Google Groups 
"sage-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to sage-devel+unsubscr...@googlegroups.com.
To post to this group, send email to sage-devel@googlegroups.com.
Visit this group at https://groups.google.com/group/sage-devel.
For more options, visit https://groups.google.com/d/optout.

Re: [sage-devel] Re: broken docbuild in SageMath 8.1.beta9

2017-10-24 Thread François Bissey 


> On 25/10/2017, at 10:35, Eric Gourgoulhon  wrote:
> 
> It seems to me (but I may be wrong) that building the doc requires two runs, 
> like latex: during the first pass, all references are collected and are 
> listed as "undefined" if the anchor has not been encountered yet; it is only 
> during the second run that all references are correctly resolved. It seems 
> that 
> - "sage -docbuild" performs only a single run, so it is not capable to set 
> all the references after a "make doc-clean"
> - "make doc" performs two passes, thereby resolving all references
> 

Well, in sage-on-gentoo I do 
"${PYTHON}" sage_setup/docbuild/__main__.py --no-pdf-links all html
which is more or less what "./sage -docbuild --no-pdf-links all html”
does and it works. I have some minor patching in the area but I don’t
believe that’s essential to make work.

François

-- 
You received this message because you are subscribed to the Google Groups 
"sage-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to sage-devel+unsubscr...@googlegroups.com.
To post to this group, send email to sage-devel@googlegroups.com.
Visit this group at https://groups.google.com/group/sage-devel.
For more options, visit https://groups.google.com/d/optout.

[sage-devel] Re: broken docbuild in SageMath 8.1.beta9

2017-10-24 Thread Eric Gourgoulhon 
It seems to me (but I may be wrong) that building the doc requires two 
runs, like latex: during the first pass, all references are collected and 
are listed as "undefined" if the anchor has not been encountered yet; it is 
only during the second run that all references are correctly resolved. It 
seems that 
- "sage -docbuild" performs only a single run, so it is not capable to set 
all the references after a "make doc-clean"
- "make doc" performs two passes, thereby resolving all references

Best wishes,

Eric.

-- 
You received this message because you are subscribed to the Google Groups 
"sage-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to sage-devel+unsubscr...@googlegroups.com.
To post to this group, send email to sage-devel@googlegroups.com.
Visit this group at https://groups.google.com/group/sage-devel.
For more options, visit https://groups.google.com/d/optout.

Re: [sage-devel] Re: VOTE: inclusion of OpenSSL in Sage

2017-10-24 Thread Emmanuel Charpentier 


Le mardi 24 octobre 2017 21:34:18 UTC+2, Jeroen Demeyer a écrit :
>
> On 2017-10-24 20:58, Emmanuel Charpentier wrote: 
> > A non-communicating R in Sage can be very useful if you are not using R 
> > in Sage at all 
>
> I just meant to say that if you don't use R, then it's fine to have a 
> non-communicating R. I admit that the wording was a bit cryptic. 
>

No : that was oxymoric : something that you don't use can't, by definition 
and etymology, be useful...

--
Emmanuel Charpentier 

-- 
You received this message because you are subscribed to the Google Groups 
"sage-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to sage-devel+unsubscr...@googlegroups.com.
To post to this group, send email to sage-devel@googlegroups.com.
Visit this group at https://groups.google.com/group/sage-devel.
For more options, visit https://groups.google.com/d/optout.

Re: [sage-devel] Re: VOTE: inclusion of OpenSSL in Sage

2017-10-24 Thread Jeroen Demeyer 

On 2017-10-24 20:58, Emmanuel Charpentier wrote:

A non-communicating R in Sage can be very useful if you are not using R
in Sage at all


I just meant to say that if you don't use R, then it's fine to have a 
non-communicating R. I admit that the wording was a bit cryptic.


--
You received this message because you are subscribed to the Google Groups 
"sage-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to sage-devel+unsubscr...@googlegroups.com.
To post to this group, send email to sage-devel@googlegroups.com.
Visit this group at https://groups.google.com/group/sage-devel.
For more options, visit https://groups.google.com/d/optout.

[sage-devel] Re: VOTE: inclusion of OpenSSL in Sage

2017-10-24 Thread Emmanuel Charpentier 
*Abstract of discussions*

In this mammooth of a thread (11 post so far) in answer to call for vote, 
there have been a lot of interesting remarks and discussions. They have 
touched various  domains, and are difficult to summarize easily.

I have chosen to group these reactions by theme, and to quote only the most 
important (salient ?) points. Feel free to correct me as much as you like.

I take the result of the vote (final tally : 9 "Yes", 4 "No", 7 discussants 
without formal vote) as granted, and organized my abstract of discussion in 
function of this result.

I present the practical conclusions (i. e. (announcements of) proposals) in 
*italics* (sorry, I do not know how this will be rendered in a pure 
text-only mail reader...).

*I) Do we have to *Include* OpenSSL as such ?*

Numerous commenters have remarked that it is sufficient to depend on a 
*mandatory* systemwide openssl.

It is true. But we are hoisted by our own petard : from our tutorial 
 :
"The Sage download file comes with “batteries included”. In other words, 
although Sage uses Python, IPython, PARI, GAP, Singular, Maxima, NTL, GMP, 
and so on, you do not need to install them separately as they are included 
with the Sage distribution."
I fail to see how this would not apply to OpenSSL (under the heading "and 
so on")...

Many also have regretted that "Depending on a systemwide OpenSSL" was not 
an option to the vote.  They are right.
But I never pretended to be omniscient...

*A proposal for implementation (to be posted Real Soon Now (TM)) will try 
to reconcile this point of view with the result of the vote.*

*II What means "Clarify the licensing issue" ?*

A few posts expressed reservation about the language accompanying the call 
for vote. Some pertinent (and some less pertinent) comments were made.
This language was lifted by Dima Pasechnick from the Wget 
 
license  (Wget is a GPL-licensed GNU utility). I thought it was a good 
response to lingering (pseudo-legal concerns. But, again, I'm not 
infaillible...
David Joyner suggested 
 that 
we write to OpenSSL to take their advice ; I have to say tht I don't see 
the point : we can avoid inclusion of OpenSSL in our repositories for as 
long as hosting it would be possibly contentious, and the remaining legal 
problems would concern OUR behaviour Re: GPL : that's what the 
"clarification langiuage" porposed by Dima is for...

*The above-mentionned implementation proposal will contain a proposal for 
clarification.* Review by legally apt persons (US and non-US !) welcome...

*III Security issues*

It has been noted that http is ridiculously easy to hijack 
,  and 
some have remarked 
 that 
this potential threat also applied to the  http downloads from our mirrors.

*I think we should consider this issue, an plan to post (Real Soon Now) a 
call for discussion about this.* What is the relevant list ?

Others remarked 
 that 
a non-SSL-enabled pip, which impedes, for example, downloading from Pipy, 
sort-of enhanced security by suppressing a possible source of attack. No 
comments...

*IV Problematic platforms*

[ I have had trouble finding a precise source for these comments, which 
were made "en passant" ]

It has been noted by our Mac heads (most notably Dima Pasechnick, Nicolas 
Thiery and John Palmeri 
) that 
Mac OS X still may be a source of trouble for OpenSSL availability. I note 
that *their advice will be sorely needed for the applicability of the 
proposal for implementation to their platform of choice.*

Similarly, I am still in the dark about the ability of our Cygwin port to 
ensure the availability of the Cygwin-ported OpenSSL library and 
development files. Again, *Erik's expertise will be needed during 
implementation.*

*V Ability to build Sage without OpenSSL*

A very long and ramified thead (no links, they are too many) showed that 
Jeroen Demeyer insists to be able to build sage without OpenSSL ; I still 
don't see its point, but Erik Bray finally tended to support Jeroen's point 
of view, arguing that air-gaped machines could be useful in some 
situations, and I have learned to respect if not to follow systematically) 
Erik's advice...

This point of view is of course incompatible with the result of the vote. 
However, I think that it could be easy to maintain a set of patches 
allowing such a compilation without SSL. This set of patches could live in 
a git branch (say "anchorite " (a 
solitary kind of sage

[sage-devel] sage-diversity

2017-10-24 Thread uaw 
Dear All,

We made a sage-diversity mailing list for for women, minorities, LGBTQ+ 
community members, and allies interested in using and developing SageMath.  
In particular, we will use this group to advertise Women in Sage Days.  
Please join if you are interested:

https://groups.google.com/forum/#!forum/sage-diversity

--Ursula Whitcher.

-- 
You received this message because you are subscribed to the Google Groups 
"sage-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to sage-devel+unsubscr...@googlegroups.com.
To post to this group, send email to sage-devel@googlegroups.com.
Visit this group at https://groups.google.com/group/sage-devel.
For more options, visit https://groups.google.com/d/optout.

[sage-devel] Re: VOTE: inclusion of OpenSSL in Sage

2017-10-24 Thread Emmanuel Charpentier 
Final tally

While I wasn't able to retrieve Eroik's message where he changed his vote, 
his request is consistent with his remarls.
 Hence the final tally :

 Yes, we should fully support OpenSSL now, and clarify the licensing issue 
: 9 unambiguous votes :


Dima Pasechnik 

William Stein 

John Cremona 

David Roe 

Nathan Dunfield 

Richard_L 

Marteen Derickx 

Luca de Feo 

Eric Gourgoulhon 

Emmanuel Charpentier 


 


 No, we should wait until OpenSSL finishes fixing their license situation 
formally : 4 unambiguous votes.


Jeroen Demeyer 

Ralf Stephan 

Snark  
Erik bray 

Other participants to discussion, which did not formally vote, or "threw 
their vote away" ((C) Michael Orlitzky) in favor of another option : 10 
people
David Joyner
Michael Orlitzky
Nicolas M Thiéry
Dr David Kirby
Thierry (sage-googlesucks@xxx)
kcrisman
John H Palmieri

The ayes still have it.

The remarks abstract still needs a bit of work (furthermore, RealLife (TM) 
is currently playing tricks on me). The posts resulting from the vote and 
these remarks will appear some time this week.

HTH,

--
Emmanuel Charpentier

-- 
You received this message because you are subscribed to the Google Groups 
"sage-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to sage-devel+unsubscr...@googlegroups.com.
To post to this group, send email to sage-devel@googlegroups.com.
Visit this group at https://groups.google.com/group/sage-devel.
For more options, visit https://groups.google.com/d/optout.

Re: [sage-devel] Re: VOTE: inclusion of OpenSSL in Sage

2017-10-24 Thread Erik Bray 
On Mon, Oct 23, 2017 at 6:31 PM, Dima Pasechnik  wrote:
> There are various https-only software repos, not only Python or R-relayed. 
> IIRC kernel.org is one of them. Without SSL headers one cannot build tools to 
> access such repos; e.g. there are no such headers in Xcode.
> One may keep repeating "optional" etc mantras, but it does not make 
> non-functioning tools functioning, SSL is one of feature creeping and 
> becoming de facto standard, just as one cannot really build a functioning 
> single-thread CPython, even though it is officially not acknowledged...

Heh, actually it has been.  In CPython 3.7dev the ability to even
build CPython without threads was quietly dropped a few weeks ago.
There was little objection.  It used to be there were very good
reasons to keep that ability, particularly for smaller devices;
microcontrollers, etc.  But now MicroPython exists as the
officially-blessed CPython fork aimed at such platforms.

Anyways, as insistent as I am on this it's still a minor point.  I'm
completely in favor of making SSL a required feature for any binary
distribution of Sage.  I just think it should not fail completely to
build without it.  I changed my vote to "No" only because after
discussion in the thread I was convinced that the proposed options
were not complete.

-- 
You received this message because you are subscribed to the Google Groups 
"sage-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to sage-devel+unsubscr...@googlegroups.com.
To post to this group, send email to sage-devel@googlegroups.com.
Visit this group at https://groups.google.com/group/sage-devel.
For more options, visit https://groups.google.com/d/optout.