[Python-Dev] Non-stable pyc results on python 3.6

hello, we're seeing strange problems when trying to do reproducible builds of some python 3.6 modules. Namely, from one build to another, there will be something like the following difference in the compiled object: 4e40 da 07 5f 5f 61 6c 6c 5f 5f da 0a 5f 5f 61 75 74

Re: [Python-Dev] please consider changing --enable-unicode default to ucs4

Dne 20.9.2009 18:42, Antoine Pitrou napsal(a): Le Sun, 20 Sep 2009 10:33:23 -0600, Zooko O'Whielacronx a écrit : By the way, I was investigating this, and discovered an issue on the Mandriva tracker which suggests that they intend to switch to UCS4 in the next release in order to avoid

Re: [Python-Dev] request for comments - standardization of python's purelib and platlib

Dne 13.8.2009 21:22, Brett Cannon napsal(a): On Thu, Aug 13, 2009 at 11:23, Jan Matejek jan.mate...@novell.com wrote: 1 - the traditional way purelib = /usr/lib/pythonX.Y/site-packages platlib = /usr/lib(64)/pythonX.Y/site-packages Why can't pure libraries go into lib64 as well

[Python-Dev] request for comments - standardization of python's purelib and platlib

less install layout to learn cons: - completely different from what we have now - would require the most work from both python developers and distributions comments? regards jan matejek python packager for SUSE Linux [1] http://www.linuxfoundation.org/en/LsbPython

Re: [Python-Dev] Python security team

? Or is this an issue of trust, where we trust you enough to make changes to the core equals we also trust you enough to see the security issues ? regards jan matejek -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

Re: [Python-Dev] tarfile and directory traversal vulnerability

). regards, jan matejek -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFG0wtkjBrWA+AvBr8RAmmnAKCtpYYoFZYaNwba2WW11NtRuCyqhwCePkFw 9M2pKHtu0O62fAYfb8NTm3A= =yfVK -END PGP SIGNATURE

Re: [Python-Dev] tarfile and directory traversal vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lars Gustäbel wrote: Suppose we have: foo - /etc foo/passwd If creation of the foo symlink is delayed, foo/passwd will be extracted in a directory foo which will be created implicitly. If we create the foo symlink afterwards it will fail

[Python-Dev] tarfile and directory traversal vulnerability

not sure. Maybe it should throw exception when it encounters such file, and have a special option to extract such files anyway. Or maybe it should be left alone altogether. Any suggestions are welcome. regards jan matejek [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1267 -BEGIN

Re: [Python-Dev] Python and the Linux Standard Base (LSB)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Phillip J. Eby napsal(a): Just a suggestion, but one issue that I think needs addressing is the FHS language that leads some Linux distros to believe that they should change Python's normal installation layout (sometimes in bizarre ways) (...)