Re: [Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)

2015-11-23 Thread Alex Gaynor
Hi all, While I appreciate the vote of confidence from everyone, I'm not interested in being the BDFL-delegate for this. I don't think it's a good idea, and I'm not willing to put further time into. If he's interested, Donald Stufft would make a good choice for delegate. Really do appreciate

Re: [Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)

2015-11-23 Thread Christian Heimes
On 2015-11-17 01:00, Guido van Rossum wrote: > Hm, making Christian the BDFL-delegate would mean two out of three > authors *and* the BDFL-delegate all working for Red Hat, which clearly > has a stake (and IIUC has already committed to this approach ahead of > PEP approval). SO then it would look

Re: [Python-Dev] collections.Counter __add__ implementation quirk

2015-11-23 Thread Vlastimil Brom
2015-11-23 7:21 GMT+01:00 Alexander Walters : > collections.Counter.__add__ as a bit of a quirk. > > Counters allow for negative numbers. You can subtract from a counter into > the negative no problem. However, if you have a counter with a negative > value and add it to

Re: [Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)

2015-11-23 Thread Nick Coghlan
On 24 November 2015 at 11:59, Barry Warsaw wrote: > On Nov 24, 2015, at 10:18 AM, Nick Coghlan wrote: > >>Since we already know Red Hat are OK with the draft recommendations, >>and I missed the RHEL 7.2 release date anyway, perhaps Barry or >>Matthias might be interested in

Re: [Python-Dev] collections.Counter __add__ implementation quirk

2015-11-23 Thread Raymond Hettinger
> On Nov 23, 2015, at 10:43 AM, Vlastimil Brom wrote: > >> Is there any particular reason counters drop negative values when you add >> them together? I definitely expected them to act like ints do when you add >> negatives, and had to subclass it to get what I think

Re: [Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)

2015-11-23 Thread Nick Coghlan
On 24 November 2015 at 06:47, Wes Turner wrote: > 1. Does this affect easy_install? easy_install has validated certificates since distribute was merged back into the project as part of setuptools 0.7 [1], and aside from one issue with HTTPS tunnelling [2], the certificate

Re: [Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)

2015-11-23 Thread Wes Turner
On Mon, Nov 23, 2015 at 5:56 PM, Nick Coghlan wrote: > On 24 November 2015 at 06:47, Wes Turner wrote: > > 1. Does this affect easy_install? > > easy_install has validated certificates since distribute was merged > back into the project as part of

Re: [Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)

2015-11-23 Thread Nick Coghlan
Updated version of the PEP posted: https://hg.python.org/peps/rev/8decac213ebf On 24 November 2015 at 05:35, Christian Heimes wrote: > 1) The example implementation of the function doesn't check the > sys.flags.ignore_environment. Internally CPython has specialized getenv >

Re: [Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)

2015-11-23 Thread Nick Coghlan
On 24 November 2015 at 05:35, Christian Heimes wrote: > On 2015-11-17 01:00, Guido van Rossum wrote: >> Hm, making Christian the BDFL-delegate would mean two out of three >> authors *and* the BDFL-delegate all working for Red Hat, which clearly >> has a stake (and IIUC has

Re: [Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)

2015-11-23 Thread Nick Coghlan
On 24 November 2015 at 12:05, Barry Warsaw wrote: > On Nov 17, 2015, at 11:44 PM, Nick Coghlan wrote: > >>For Debian, Ubuntu and SUSE, their original determinations for the >>relevant CVE were "too intrusive to backport", so folks currently need >>to upgrade to newer versions of

Re: [Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)

2015-11-23 Thread Barry Warsaw
On Nov 24, 2015, at 10:18 AM, Nick Coghlan wrote: >Since we already know Red Hat are OK with the draft recommendations, >and I missed the RHEL 7.2 release date anyway, perhaps Barry or >Matthias might be interested in tilting at the Ubuntu 14.04 LTS stable >release update windmill? I know there

Re: [Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)

2015-11-23 Thread Barry Warsaw
On Nov 17, 2015, at 11:44 PM, Nick Coghlan wrote: >For Debian, Ubuntu and SUSE, their original determinations for the >relevant CVE were "too intrusive to backport", so folks currently need >to upgrade to newer versions of those distros to get the improved >default behaviour: This is an example

Re: [Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)

2015-11-23 Thread Wes Turner
... Just had this discussion in regards to easy_install, Ubuntu 14.04 LTS, and the ReadTheDocs Docker images (as well as: ~why should I have to wget/curl get-pip.py) https://github.com/rtfd/readthedocs-docker-images/pull/3 On Nov 23, 2015 2:47 PM, "Wes Turner" wrote: > 1.

Re: [Python-Dev] Request for pronouncement on PEP 493 (HTTPS verification backport guidance)

2015-11-23 Thread Wes Turner
1. Does this affect easy_install? 2. If/because this affects easy_install, should the guidance / suggested package installation tool be [pip]; because pip install_requires backports.ssl_match_hostname https://pypi.python.org/pypi/backports.ssl_match_hostname On Nov 10, 2015 6:48 PM, "Nick