Ashwin Ramaswami added the comment:
Yes -- additionally, since other http libraries (I believe) usually don't
forward headers on redirections by default, the default for urllib.request is
counterintuitive (and maybe even not ideal for security reasons?) and would
benefit from addit
Change by Ashwin Ramaswami :
--
keywords: +patch
pull_requests: +28904
stage: -> patch review
pull_request: https://github.com/python/cpython/pull/30708
___
Python tracker
<https://bugs.python.org/issu
New submission from Ashwin Ramaswami :
We should add a note that headers added via urllib.request.add_header are added
to redirected requests. It isn't immediately clear upon reading the
documentation that this is the case.
--
assignee: docs@python
components: Documentation
mes
Change by Ashwin Ramaswami :
--
nosy: +EWDurbin
___
Python tracker
<https://bugs.python.org/issue37860>
___
___
Python-bugs-list mailing list
Unsubscribe:
Ashwin Ramaswami added the comment:
I realized there's another alternative which is probably simpler. We can use
Netlify to host the deploy previews, but we can use GitHub Actions to build the
documentation. This way, we won't run into the build time limits for Netlify,
and we can
Ashwin Ramaswami added the comment:
I agree -- as a user, it wasn't clear to me from looking at the documentation
that mkdtemp was the right way to go to not delete directories. I had expected
that NamedTemporaryDirectory would also support delete=False, just like
NamedTemporar
Change by Ashwin Ramaswami :
--
title: Add netlify deploy preview for docs -> Add deploy preview for docs
___
Python tracker
<https://bugs.python.org/issu
Ashwin Ramaswami added the comment:
GitHub Pages has no limit on "build limits" like Netlify does.
One limitation of this approach, though, is that GitHub Pages sites are limited
to 1 GB in size. Each doc build is 50 MB, meaning that we could host at a
maximum 20 builds. If we nee
Ashwin Ramaswami added the comment:
Given Ernest's comment in
https://github.com/python/cpython/pull/15288#issuecomment-579476340 about the
limitations of Netlify (1000 build minutes per month), it doesn't seem like
Netlify will be a viable alternative.
Instead, I've ad
Change by Ashwin Ramaswami :
--
pull_requests: +18373
pull_request: https://github.com/python/cpython/pull/19025
___
Python tracker
<https://bugs.python.org/issue37
Ashwin Ramaswami added the comment:
Never mind, I was able to reproduce it.
--
___
Python tracker
<https://bugs.python.org/issue39728>
___
___
Python-bugs-list m
Ashwin Ramaswami added the comment:
I can't reproduce this on the latest python (3.9) from master. Can you?
--
nosy: +epicfaace
___
Python tracker
<https://bugs.python.org/is
Change by Ashwin Ramaswami :
--
keywords: +patch
nosy: +epicfaace
nosy_count: 3.0 -> 4.0
pull_requests: +18352
stage: -> patch review
pull_request: https://github.com/python/cpython/pull/19007
___
Python tracker
<https://bugs.python.org/i
Ashwin Ramaswami added the comment:
What do you mean by "it then proceeds to use it as an RFC821 address"?
--
nosy: +epicfaace
___
Python tracker
<https://bugs.python.o
Ashwin Ramaswami added the comment:
I can no longer reproduce this issue. Has it been fixed?
$ make html
mkdir -p build
Building NEWS from Misc/NEWS.d with blurb
PATH=./venv/bin:$PATH sphinx-build -b html -d build/doctrees -W . build/html
Running Sphinx v2.2.0
making output directory
Ashwin Ramaswami added the comment:
Can this be closed now?
--
nosy: +epicfaace
___
Python tracker
<https://bugs.python.org/issue33136>
___
___
Python-bug
Change by Ashwin Ramaswami :
--
keywords: +patch
nosy: +epicfaace
nosy_count: 10.0 -> 11.0
pull_requests: +18342
stage: needs patch -> patch review
pull_request: https://github.com/python/cpython/pull/18995
___
Python tracker
Ashwin Ramaswami added the comment:
Why not deprecate them?
--
nosy: +epicfaace
___
Python tracker
<https://bugs.python.org/issue37488>
___
___
Python-bug
Ashwin Ramaswami added the comment:
Should we get a CVE for this because this is a security issue?
--
___
Python tracker
<https://bugs.python.org/issue37
Change by Ashwin Ramaswami :
--
pull_requests: +15322
pull_request: https://github.com/python/cpython/pull/15655
___
Python tracker
<https://bugs.python.org/issue21
Change by Ashwin Ramaswami :
--
pull_requests: +15321
pull_request: https://github.com/python/cpython/pull/15654
___
Python tracker
<https://bugs.python.org/issue37
Change by Ashwin Ramaswami :
--
versions: +Python 3.9
___
Python tracker
<https://bugs.python.org/issue34276>
___
___
Python-bugs-list mailing list
Unsubscribe:
Ashwin Ramaswami added the comment:
What's the status of this? Was paul.j3's patch ever reviewed?
--
nosy: +epicfaace
___
Python tracker
<https://bugs.python.o
Change by Ashwin Ramaswami :
--
nosy: +epicfaace
___
Python tracker
<https://bugs.python.org/issue9253>
___
___
Python-bugs-list mailing list
Unsubscribe:
Ashwin Ramaswami added the comment:
Oh, that PR is already there in PR 15269, great!
--
___
Python tracker
<https://bugs.python.org/issue29535>
___
___
Pytho
Ashwin Ramaswami added the comment:
Makes sense, thanks for the explanation. The risk is that if there is code
that, say, converts a POST dictionary to a dictionary with numeric keys, that
code could be exploited. Creating a non-deterministic hash doesn't necessarily
preclude hash(x
Ashwin Ramaswami added the comment:
Thanks, I've fixed the first case as you suggested.
I found an example of the 2nd case -- '=?utf-8?q?=somevalue?=' -- which causes
the method to hang. I've added a fix, though I'm not sure if it treats the
string properly -- i
Ashwin Ramaswami added the comment:
So is the consensus that the best way to do this is to move the "idna" library
to stdlib, or implement it from scratch?
--
___
Python tracker
<https://bugs.python.o
Ashwin Ramaswami added the comment:
> Making the numeric hash non-predictable while maintaining its current
> properties would be difficult.
Why so?
> In fact, I think it's reasonable to assume that there are no websites
> vulnerable to a DOS via *numeric* hash collis
Change by Ashwin Ramaswami :
--
versions: +Python 3.9
___
Python tracker
<https://bugs.python.org/issue37764>
___
___
Python-bugs-list mailing list
Unsubscribe:
Change by Ashwin Ramaswami :
--
nosy: +martin.panter
___
Python tracker
<https://bugs.python.org/issue11671>
___
___
Python-bugs-list mailing list
Unsubscribe:
Change by Ashwin Ramaswami :
--
keywords: +patch
pull_requests: +15024
stage: -> patch review
pull_request: https://github.com/python/cpython/pull/15299
___
Python tracker
<https://bugs.python.org/issu
Change by Ashwin Ramaswami :
--
versions: +Python 2.7
___
Python tracker
<https://bugs.python.org/issue28778>
___
___
Python-bugs-list mailing list
Unsubscribe:
Change by Ashwin Ramaswami :
--
pull_requests: +15022
stage: needs patch -> patch review
pull_request: https://github.com/python/cpython/pull/15299
___
Python tracker
<https://bugs.python.org/issu
Change by Ashwin Ramaswami :
--
pull_requests: +15023
pull_request: https://github.com/python/cpython/pull/15299
___
Python tracker
<https://bugs.python.org/issue22
Change by Ashwin Ramaswami :
--
nosy: +epicfaace
versions: +Python 3.8, Python 3.9
___
Python tracker
<https://bugs.python.org/issue11671>
___
___
Python-bug
Change by Ashwin Ramaswami :
--
nosy: +epicfaace
versions: +Python 3.9 -Python 2.7
___
Python tracker
<https://bugs.python.org/issue28778>
___
___
Python-bug
Change by Ashwin Ramaswami :
--
keywords: +patch
pull_requests: +15020
stage: -> patch review
pull_request: https://github.com/python/cpython/pull/15297
___
Python tracker
<https://bugs.python.org/issu
Change by Ashwin Ramaswami :
--
nosy: +epicfaace
___
Python tracker
<https://bugs.python.org/issue34276>
___
___
Python-bugs-list mailing list
Unsubscribe:
Change by Ashwin Ramaswami :
--
nosy: +epicfaace
___
Python tracker
<https://bugs.python.org/issue1722348>
___
___
Python-bugs-list mailing list
Unsubscribe:
Change by Ashwin Ramaswami :
--
nosy: +epicfaace
___
Python tracker
<https://bugs.python.org/issue32084>
___
___
Python-bugs-list mailing list
Unsubscribe:
Change by Ashwin Ramaswami :
--
nosy: +epicfaace
___
Python tracker
<https://bugs.python.org/issue23505>
___
___
Python-bugs-list mailing list
Unsubscribe:
Ashwin Ramaswami added the comment:
Randomizing the hash of datetime objects was first proposed in
https://bugs.python.org/issue13703#msg151796.
For the same reasons as str and bytes are non-deterministically hashed in in
PEP 456, shouldn't numerics, datetime objects, and tuples be
Change by Ashwin Ramaswami :
--
keywords: +patch
pull_requests: +15012
stage: -> patch review
pull_request: https://github.com/python/cpython/pull/15288
___
Python tracker
<https://bugs.python.org/issu
Change by Ashwin Ramaswami :
--
nosy: +Mariatta
___
Python tracker
<https://bugs.python.org/issue37860>
___
___
Python-bugs-list mailing list
Unsubscribe:
New submission from Ashwin Ramaswami :
It would be good to preview the cpython documentation on PRs using Netlify.
See https://github.com/python/core-workflow/issues/348
--
assignee: docs@python
components: Documentation
messages: 349752
nosy: docs@python, epicfaace
priority: normal
Ashwin Ramaswami added the comment:
Why is it ok for certain hashes (such as tuples) to be not non-deterministic,
while other hashes (such as datetime) need to be non-deterministic?
--
___
Python tracker
<https://bugs.python.org/issue29
Ashwin Ramaswami added the comment:
Why would chrome still be using IDNA 2003 to link http://straße.de to
http://strasse.de?
--
___
Python tracker
<https://bugs.python.org/issue17
Change by Ashwin Ramaswami :
--
nosy: +epicfaace
versions: +Python 3.9 -Python 3.8
___
Python tracker
<https://bugs.python.org/issue17305>
___
___
Python-bug
Ashwin Ramaswami added the comment:
Martin, are you okay with doing this? It seems like this issue has been the
topic of a few CVEs
(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20060,
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-18074,
https://curl.haxx.se/docs/CVE-2018
Ashwin Ramaswami added the comment:
Can this be closed now?
--
nosy: +epicfaace
___
Python tracker
<https://bugs.python.org/issue35214>
___
___
Python-bug
Ashwin Ramaswami added the comment:
I've added a PR which should fix this. Do you think the documentation should
also be updated to change "By default, the :meth:`__hash__` values of str,
bytes and datetime objects are "salted" with an unpredictable random value." t
Change by Ashwin Ramaswami :
--
keywords: +patch
pull_requests: +14983
stage: -> patch review
pull_request: https://github.com/python/cpython/pull/15264
___
Python tracker
<https://bugs.python.org/issu
Change by Ashwin Ramaswami :
--
nosy: +epicfaace
versions: +Python 3.8, Python 3.9
___
Python tracker
<https://bugs.python.org/issue29535>
___
___
Python-bug
Ashwin Ramaswami added the comment:
I believe the SafeTarFile class proposed in issue21109 fixes this.
--
nosy: +epicfaace
___
Python tracker
<https://bugs.python.org/issue35
Ashwin Ramaswami added the comment:
SafeTarFile does not pass the existing tests, mainly because the existing file
Lib/test/tarfiletestdata/testtar.tar seems to be "unsafe", producing errors
like these:
tarfile.SecurityError: : block device
tarfile.SecurityError: : duplicate
Ashwin Ramaswami added the comment:
I've added a PR in which I'm working on adding in the tests. Wanted to make
sure this is the approach you had in mind? It wasn't as simple as how tests are
handled in, say, test_binascii.py, because over there there was only one class
t
Change by Ashwin Ramaswami :
--
pull_requests: +14965
stage: test needed -> patch review
pull_request: https://github.com/python/cpython/pull/15244
___
Python tracker
<https://bugs.python.org/issu
Ashwin Ramaswami added the comment:
Oh, both the Travis links I sent actually ended up reproducing the bug.
I've made a PR that fixes with an even smaller test case:
get_unstructured('=?utf-8?q?somevalue?=aa')
It looks like this is caused because "aa" is thou
Change by Ashwin Ramaswami :
--
keywords: +patch
pull_requests: +14960
stage: -> patch review
pull_request: https://github.com/python/cpython/pull/15239
___
Python tracker
<https://bugs.python.org/issu
Ashwin Ramaswami added the comment:
I can take this up.
--
nosy: +epicfaace
___
Python tracker
<https://bugs.python.org/issue37633>
___
___
Python-bugs-list m
Ashwin Ramaswami added the comment:
I also can't reproduce this on 3.7:
https://github.com/epicfaace/cpython/runs/188005822
--
___
Python tracker
<https://bugs.python.org/is
Ashwin Ramaswami added the comment:
I can't reproduce this on 3.9:
https://github.com/epicfaace/cpython/runs/187997615
--
nosy: +epicfaace
___
Python tracker
<https://bugs.python.org/is
Change by Ashwin Ramaswami :
--
keywords: +patch, patch, patch, patch
pull_requests: +10905, 10906, 10907, 10908
stage: needs patch -> patch review
___
Python tracker
<https://bugs.python.org/issu
Change by Ashwin Ramaswami :
--
keywords: +patch, patch, patch
pull_requests: +10905, 10906, 10908
stage: needs patch -> patch review
___
Python tracker
<https://bugs.python.org/issu
Change by Ashwin Ramaswami :
--
keywords: +patch, patch
pull_requests: +10905, 10906
stage: needs patch -> patch review
___
Python tracker
<https://bugs.python.org/issu
Change by Ashwin Ramaswami :
--
keywords: +patch
pull_requests: +10905
stage: needs patch -> patch review
___
Python tracker
<https://bugs.python.org/issu
Change by Ashwin Ramaswami :
--
keywords: +patch, patch, patch, patch
pull_requests: +10899, 10900, 10901, 10902
stage: -> patch review
___
Python tracker
<https://bugs.python.org/issu
Change by Ashwin Ramaswami :
--
keywords: +patch
pull_requests: +10899
stage: -> patch review
___
Python tracker
<https://bugs.python.org/issue35551>
___
_
Change by Ashwin Ramaswami :
--
keywords: +patch, patch, patch
pull_requests: +10899, 10900, 10902
stage: -> patch review
___
Python tracker
<https://bugs.python.org/issu
Change by Ashwin Ramaswami :
--
keywords: +patch, patch
pull_requests: +10899, 10900
stage: -> patch review
___
Python tracker
<https://bugs.python.org/issu
Ashwin Ramaswami added the comment:
"iso8859_1" is already an alias for "latin_1", though.
https://github.com/python/cpython/blob/master/Lib/encodings/aliases.py#L432
--
nosy: +epicfaace
___
Python tracker
<https://bug
Change by Ashwin Ramaswami :
--
keywords: +patch, patch, patch, patch
pull_requests: +10888, 10889, 10890, 10891
stage: needs patch -> patch review
___
Python tracker
<https://bugs.python.org/issu
Change by Ashwin Ramaswami :
--
keywords: +patch, patch
pull_requests: +10888, 10889
stage: needs patch -> patch review
___
Python tracker
<https://bugs.python.org/issu
Change by Ashwin Ramaswami :
--
keywords: +patch, patch, patch
pull_requests: +10888, 10889, 10890
stage: needs patch -> patch review
___
Python tracker
<https://bugs.python.org/issu
Change by Ashwin Ramaswami :
--
keywords: +patch
pull_requests: +10888
stage: needs patch -> patch review
___
Python tracker
<https://bugs.python.org/issu
Ashwin Ramaswami added the comment:
This behavior appears to be working as expected per the documentation when
using Python 3.7.1. I am able to change name, but changing localName gives me a
NoModificationAllowedErr error.
--
nosy: +Ashwin Ramaswami
versions: +Python 3.7 -Python 2.7
77 matches
Mail list logo