New submission from Christian Heimes:
Lot's of people still think that something like sha512(secret + message),
sha1(password + salt) or even sha1(password) is secure. Except it isn't. Most
crypto hash functions like md5, sha1, sha2 family (sha256, sha384, sha512) use
a Merkle–Damgård
Hynek Schlawack added the comment:
I think since we ship cryptographic functions, we should take responsibility
and warn against the most common mistakes people do.
--
nosy: +hynek
___
Python tracker rep...@bugs.python.org
Changes by Ezio Melotti ezio.melo...@gmail.com:
--
nosy: +ezio.melotti
stage: - needs patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17006
___
Roundup Robot added the comment:
New changeset 7625866f8127 by Serhiy Storchaka in branch '3.2':
Issue #16335: Fix integer overflow in unicode-escape decoder.
http://hg.python.org/cpython/rev/7625866f8127
New changeset 494d341e9143 by Serhiy Storchaka in branch '3.3':
Issue #16335: Fix integer
Roundup Robot added the comment:
New changeset f4d30d1a529e by Serhiy Storchaka in branch '2.7':
Issue #16335: Fix integer overflow in unicode-escape decoder.
http://hg.python.org/cpython/rev/f4d30d1a529e
--
___
Python tracker rep...@bugs.python.org
Serhiy Storchaka added the comment:
I rewrote the test in EAFP style.
--
resolution: - fixed
stage: patch review - committed/rejected
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16335
Serhiy Storchaka added the comment:
LGTM.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16957
___
___
Python-bugs-list mailing list
Roundup Robot added the comment:
New changeset f84a6c89ccbc by Serhiy Storchaka in branch '3.2':
Fix memory error in test_ucn.
http://hg.python.org/cpython/rev/f84a6c89ccbc
New changeset 7c2aae472b27 by Serhiy Storchaka in branch '3.3':
Fix memory error in test_ucn.
Changes by Giampaolo Rodola' g.rod...@gmail.com:
--
nosy: +giampaolo.rodola
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17006
___
___
Changes by Giampaolo Rodola' g.rod...@gmail.com:
--
nosy: +giampaolo.rodola
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16038
___
___
Changes by Giampaolo Rodola' g.rod...@gmail.com:
--
nosy: +giampaolo.rodola
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16042
___
___
Changes by Giampaolo Rodola' g.rod...@gmail.com:
--
nosy: +giampaolo.rodola
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16039
___
___
Changes by Giampaolo Rodola' g.rod...@gmail.com:
--
nosy: +giampaolo.rodola
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
___
Changes by Giampaolo Rodola' g.rod...@gmail.com:
--
nosy: +giampaolo.rodola
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16041
___
___
Antoine Pitrou added the comment:
I agree with Charles-François, this is a too risky change.
However, we could definitely have a separate atexec handler, like the
atfork handlers which are proposed in issue16500.
--
___
Python tracker
Changes by Serhiy Storchaka storch...@gmail.com:
--
assignee: - serhiy.storchaka
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16993
___
___
Roundup Robot added the comment:
New changeset d2db601a53b3 by Serhiy Storchaka in branch '3.3':
Issue #16993: shutil.which() now preserves the case of the path and extension
http://hg.python.org/cpython/rev/d2db601a53b3
New changeset 5faae2bdf1e0 by Serhiy Storchaka in branch 'default':
Issue
Changes by Serhiy Storchaka storch...@gmail.com:
--
resolution: - fixed
stage: patch review - committed/rejected
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16993
Ramchandra Apte added the comment:
Performance info using the attached program:
~2.5 sec, original
~3.5 sec, patched
(patched version is 40% slower)
Is anybody doing the comparison in performance-critical cases?
--
___
Python tracker
Ramchandra Apte added the comment:
On 21 January 2013 02:42, Raymond Hettinger rep...@bugs.python.org wrote:
NotImplemented
Can you please elaborate on it doesn't handle the NotImplemented logic
very well.
AFAIK both will give NotImplemented for the same values.
--
Ramchandra Apte added the comment:
+1
Better to be safe than sorry
--
nosy: +ramchandra.apte
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17006
___
Changes by Andrew Svetlov andrew.svet...@gmail.com:
--
nosy: +asvetlov
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17006
___
___
Ramchandra Apte added the comment:
Invalid.
--
nosy: +ramchandra.apte
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16699
___
___
Python-bugs-list
Jens Lechtenboerger added the comment:
It only says that accesses are synchronized. The problem is that you were
assuming that += involves a single access -- but that is not how python
works.
Yes, I understand that by now (actually since your first comment).
Where in the examples is
New submission from Chris Jerdonek:
Here are some suggestions of things to clarify in the logging documentation
after consulting it as an end-user:
1. Clarify in Logger.filter(), Handler.filter(), and probably also in the
Filter section that the case of more than filter behaves as follows:
Guido van Rossum added the comment:
This is a very good question to which I have no good answer. If it weren't for
this, we could probably do away with the distinction between add_writer and
add_connector, and a lot of code could be simpler. (Or is that distinction
also needed for IOCP?)
New submission from stuart:
I emulated a real classmethod using python:
class cm(object):
def __init__(self, o):
self.o = o
def __get__(self, obj, type=None):
return self.o.__get__(obj, type)
then I check whether it is workable in the interactive mode and it is working:
Brett Cannon added the comment:
So this seems like a confluence of both supporting compressed files for loading
source code as well as supporting new archive formats (e.g. xz vs. tar); zip
just happens to do both implicitly. And there is also the question of if you
explicitly plan to do this
Roundup Robot added the comment:
New changeset ec3a35ab3659 by Serhiy Storchaka in branch '2.7':
Add bigmemtest decorator to test of issue #16335.
http://hg.python.org/cpython/rev/ec3a35ab3659
New changeset 6e0c3e4136b1 by Serhiy Storchaka in branch '3.2':
Add bigmemtest decorator to test of
Richard Oudkerk added the comment:
On 21/01/2013 5:38pm, Guido van Rossum wrote:
This is a very good question to which I have no good answer.
If it weren't for this, we could probably do away with the distinction
between add_writer and add_connector, and a lot of code could be
simpler. (Or
Guido van Rossum added the comment:
Thanks -- I am now close to rejecting the WSAPoll() patch, and even
closer to rejecting its use for Tulip on Windows. That would in turn
mean that we should kill add/remove_connector() and also the
EVENT_CONNECT flag in selector.py. Anyone not in favor please
Benjamin Peterson added the comment:
If you want to emulate classmethod, calling __get__() on the function is the
wrong thing to do. f.__get__(None, X) - f You need to create a bound yourself
instead.
--
nosy: +benjamin.peterson
resolution: - invalid
status: open - closed
Roundup Robot added the comment:
New changeset 871519e1f146 by Vinay Sajip in branch '2.7':
Issue #17007: Improved logging documentation based on suggestions in the issue.
http://hg.python.org/cpython/rev/871519e1f146
New changeset 029785354dbc by Vinay Sajip in branch '3.2':
Issue #17007:
Richard Oudkerk added the comment:
On 21/01/2013 7:00pm, Guido van Rossum wrote:
Regarding your IOCP changes, that sounds pretty exciting. Richard,
could you check those into the Tulip as a branch? (Maybe a new branch
named 'iocp'.)
OK. It may take me a while to rebase them.
--
Vinay Sajip added the comment:
Your suggestions are good, and I implemented them more or less as you
suggested. Additional comments:
it never makes sense to add more than one filter
Except for readability. Although in theory one filter could do the work of
several, it may be that different
New submission from Ned Batchelder:
Sorry if this is the wrong bug tracker for this issue.
Someone just asked in #python what they should do about the fact that Python
has no threads on the Mac. When asked why they thought that, they pointed to
this:
Antoine Pitrou added the comment:
I think these files are outside of the CPython doc tree, they are probably
static files on the server.
That said, I agree it would be good to either add the deprecated, kept only
for historical purposes note at the top of every file there, or simply remove
Serhiy Storchaka added the comment:
Test broken on Windows because PATHEXT contains uppercased extension .EXT.
Proposed solutions:
1. Fix the test: expect uppercased extension, or do case-insensitive extension
comparison, or get extension from PATHEXT.
2. Rollback the part of previous changes
Richard Oudkerk added the comment:
I have created an iocp branch.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16507
___
___
Python-bugs-list
Chris Jerdonek added the comment:
Great, that looks a lot better. Thanks!
A couple comments though:
+ .. note:: If you attach a handler to several loggers, it may emit the same
+ record multiple times. In general, you should not need to attach a
+ handler to more than one logger -
Charles-François Natali added the comment:
I have created an iocp branch.
You could probably report the fixes for spurious notifications in the
default branch.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16507
Roundup Robot added the comment:
New changeset 8de6f92c89e6 by Vinay Sajip in branch '2.7':
Issue #17007: Made minor changes to documentation wording.
http://hg.python.org/cpython/rev/8de6f92c89e6
New changeset c8614ec54a63 by Vinay Sajip in branch '3.2':
Issue #17007: Made minor changes to
New submission from Bryan G. Olson:
Python 3.3 includes PEP 397, a Python launcher for Windows, and PEP 405,
virtual environment support in core. Unfortunately the Windows launcher does
not respect virtual environments. Even with with a virtual environment
activated and the current directory
Ezio Melotti added the comment:
Given that the note at the top says that it's an unfinished draft, I think
removing it would be fine. It might be nice to see if there's anything still
relevant that could be moved to the official docs, and possibly find out who
wrote it and if he's ok with
Ned Deily added the comment:
It's included in a directory of Guido's essays
(http://www.python.org/doc/essays/). Guido, any thoughts about this and the
others?
--
nosy: +gvanrossum, ned.deily
___
Python tracker rep...@bugs.python.org
Guido van Rossum added the comment:
I'd like to keep the essay around as a permalink, but I don't object against
putting some red text at the top warning people is is horribly out of date, and
linking to a better tutorial.
--
___
Python tracker
Changes by Raymond Hettinger raymond.hettin...@gmail.com:
--
resolution: - invalid
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17001
___
New submission from Stefan Behnel:
There's a bug originally report for lxml that also applies to ElementTree:
https://github.com/lxml/lxml/issues/95
Passing different namespace mappings into the Element.find*() methods will
always reuse the first one due to incorrect caching based only on the
Changes by Stefan Behnel sco...@users.sourceforge.net:
--
components: +Library (Lib) -XML
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17011
___
Changes by Stefan Behnel sco...@users.sourceforge.net:
--
components: +XML
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17011
___
___
Stefan Behnel added the comment:
Here is a test case (for lxml):
https://github.com/lxml/lxml/commit/76f2ee991afd15d4f8c98cee3e095967bbf9937f
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17011
Stefan Behnel added the comment:
I'm not sure if it's a good idea to keep bikeshedding about this for another
two years. Personally, I would prefer having someone with commit rights fix
this and be done with it.
Eric's last patch looks ok and parts of it went in already, so it's mostly just
Marc Schlaich added the comment:
I get the same result from `getaddrinfo` if Python is compiled with
`--disable-ipv6`. Is this the correct behaviour? I would expect no IP v6
address at all.
Python 2.5.6 (r256:88840, Jan 22 2013, 08:41:04)
[GCC 4.4.6 20120305 (Red Hat 4.4.6-4)] on linux2
Type
53 matches
Mail list logo
