Luban (http://lubanui.org) is a compact, generic UI language.
It is a python package for building (web) user interface.
It is NOT yet-another web framework.
Features:
* Dynamic, ajax-based web user interface can be created using pure python (no
knowledge of javascript/ajax/etc is required)
* A
alex23於 2012年1月4日星期三UTC+8上午10時26分35秒寫道:
8 Dihedral dihedr...@googlemail.com wrote:
This is a good evolution in Python. It is 2012 now and the text I/O part
is not as important as 10 years ago. The next move of Python could
be easy integration of C++ libraries.
You mean like with
Honestly, is this list really what this is all about? I'm bored already...
Enough?
On Tue, Jan 3, 2012 at 9:42 PM, Ben Finney ben+pyt...@benfinney.id.auwrote:
Steven D'Aprano steve+comp.lang.pyt...@pearwood.info writes:
On Wed, 04 Jan 2012 12:54:09 +1100, Ben Finney wrote:
It
Since Python does not 'silently convert types' as I understand those 3
words, you lose me here. Can you give a code example of what you mean?
I mean the reasoning behind the arguments like
'X isn't strongly typed because 2 + 3 = 5 but 3 + 2 = 32'.
OCaml considers this a problem and bans all
=?ISO-8859-1?Q?Trond_Endrest=F8l?= trond.endres...@ximalas.info:
Marko Rauhamaa ma...@pacujo.net writes:
$ python3
locale.setlocale(locale.LC_TIME, ('fi_FI', 'UTF-8'))
time.strftime(%a, %d %b %Y %H:%M:%S %z (%Z))
'ti, 03 tammi\xa0 2012 14:51:57 +0200 (EET)'
It may be
Marko Rauhamaa ma...@pacujo.net:
=?ISO-8859-1?Q?Trond_Endrest=F8l?= trond.endres...@ximalas.info:
Marko Rauhamaa ma...@pacujo.net writes:
$ python3
locale.setlocale(locale.LC_TIME, ('fi_FI', 'UTF-8'))
time.strftime(%a, %d %b %Y %H:%M:%S %z (%Z))
'ti, 03 tammi\xa0 2012
On Tue, Jan 3, 2012 at 7:28 PM, Ben Finney ben+pyt...@benfinney.id.au wrote:
Sean Wolfe ether@gmail.com writes:
Hello everybody, I'm a happy pythonista newly subscribed to the group.
Welcome!
Thanks! and thanks to all, hjaha.
I have a theoretical / philosophical question regarding
is there a way to pipe directly into a preallocated buffer?
(subprocessing.pipe.stdout)
thanks,
--mihai
--
http://mail.python.org/mailman/listinfo/python-list
On Tue, Jan 3, 2012 at 5:59 PM, Peter Otten __pete...@web.de wrote:
Benoit Thiell wrote:
I am experiencing a puzzling problem with both Python 2.4 and Python
2.6 on CentOS 5. I'm looking for an explanation of the problem and
possible solutions. Here is what I did:
Python 2.4.3 (#1, Sep 21
On Wed, Jan 4, 2012 at 02:42, Ben Finney ben+pyt...@benfinney.id.au wrote:
I'm sure you have a hundred ready rationalisations for why a joke that
has “girlfriend” as a fungible object, together with “car” and “house”
as things to mechanically import into one's life, is somehow not
objectifying
I have a program that is blocked and all threads are blocked on a
Queue.Queue.get or Queue.Queue.put method (on the same Queue.Queue
object).
1 thread shows the below as its last entry in the stack:
File: c:\python27\lib\Queue.py, line 161, in get
self.not_empty.acquire()
2 threads show the
I am still living in the 2.x world because all the things I want to do
right now in python are in 2 (django, pygame). But I want to be
excited about the future of the language. I understand the concept of
needing to break backwards compatibility. But it's not particularly
exciting to think about.
On 1/4/2012 12:37 AM, Terry Reedy wrote:
Using induction, I can prove, for instance, that these two functions
[snip]
are equivalent, assuming enough stack and normal procedural Python
semantics. (And assuming no typos ;-).
YOU proved that; your type system didn't. With a powerful enough type
On Tue, 03 Jan 2012 17:13:17 -0600, mixolydian wrote:
I want to get into Python progamming for both local database
applications and dynamic web pages. Maybe some QD scripts.
I am new to Python too, and recently completed my first real cross-
platform GUI application with local/remote database
On Wed, 2012-01-04 at 11:30 -0300, Sean Wolfe wrote:
On Tue, Jan 3, 2012 at 7:28 PM, Ben Finney ben+pyt...@benfinney.id.au wrote:
Sean Wolfe ether@gmail.com writes:
Hello everybody, I'm a happy pythonista newly subscribed to the group.
Welcome!
Thanks! and thanks to all, hjaha.
On Wed, Jan 4, 2012 at 8:56 AM, Sean Wolfe ether@gmail.com wrote:
I am still living in the 2.x world because all the things I want to do
right now in python are in 2 (django, pygame). But I want to be
excited about the future of the language. I understand the concept of
needing to break
On Tue, Jan 3, 2012 at 7:50 PM, Tony Pelletier tony.pellet...@gmail.com wrote:
Honestly, is this list really what this is all about? I'm bored already...
Sorry, this list does not exist for your personal entertainment.
Maybe you should try YouTube.
And no, it's not really about sexism either,
On Wed, Jan 4, 2012 at 11:45 AM, Tony Pelletier
tony.pellet...@gmail.com wrote:
That's a rather ironic comment. Idiot.
Really? Which part was ironic?
Sorry, this list does not exist for your personal entertainment.
Not this one, that's just a statement of fact.
Maybe you should try
I have zero desire to follow the rules of a Python(here's the ironic part.
Get it now clever boy?) list when it'd riddled with childish banter that
has nothing to do with wait for it. Python?
Do I need to explain it any further?
I'm done with you and this list
On Wed, Jan 4, 2012 at 12:36 PM, Tony Pelletier
tony.pellet...@gmail.com wrote:
I have zero desire to follow the rules of a Python(here's the ironic part.
Get it now clever boy?) list when it'd riddled with childish banter that has
nothing to do with wait for it.
Hello,
I'm relatively new to Python. I come from C/C++ so I love the flexibility
but I am slightly irked by the lack of compilation time checking.
I've got two questions
1) Are there any tools that do an analysis of code and attempt to catch
potential issues such as undefined variables, etc? I
On 1/4/2012 1:37 AM, Terry Reedy wrote:
On 1/3/2012 8:04 PM, Devin Jeanpierre wrote:
[ An example of a simple dependently typed program:
http://codepad.org/eLr7lLJd ]
Just got it after a minute delay.
A followup now that I have read it. Removing the 40 line comment, the
function itself
Ben Finney ben+pyt...@benfinney.id.au writes:
* Cross-platform, so that you're not denied the use of any popular
workstation OS.
For my purposes, either { GNU Screen + Bash + Emacs } or { GNU Screen +
Bash + Vim } are good choices satisfying all the above criteria. There
may be other good
On Wed, Jan 4, 2012 at 1:09 PM, Lucas Vickers lucasvick...@gmail.com wrote:
Hello,
I'm relatively new to Python. I come from C/C++ so I love the flexibility
but I am slightly irked by the lack of compilation time checking.
I've got two questions
1) Are there any tools that do an analysis
On Thu, Jan 5, 2012 at 7:09 AM, Lucas Vickers lucasvick...@gmail.com wrote:
2) Is there a way to error when comparing variables of different types?
Yep. Use Python version 3.
11
Traceback (most recent call last):
File pyshell#88, line 1, in module
11
TypeError: unorderable types: int()
Thank you!
At the moment python3 isn't an option. There's a variety of dependencies
I'm working around.
Is there any type of 2.x add-on?
either way thanks for the info
L
On Wed, Jan 4, 2012 at 3:34 PM, Ian Kelly ian.g.ke...@gmail.com wrote:
On Wed, Jan 4, 2012 at 1:09 PM, Lucas Vickers
Le mar, 03 jan 2012 20:28:59, Steven D'Aprano a ploppé:
On Tue, 03 Jan 2012 05:08:47 -0800, Ethan Furman wrote:
[...]
maybe policing uploads is worse than cluttering PyPI's disk space and
RSS feed with dumb 1 KB packages. (Matt Chaput)
I'd drop the maybe.
It's hard enough finding what
On 4 January 2012 20:08, Ian Kelly ian.g.ke...@gmail.com wrote:
On Wed, Jan 4, 2012 at 12:36 PM, Tony Pelletier
tony.pellet...@gmail.com wrote:
I have zero desire to follow the rules of a Python(here's the ironic part.
Get it now clever boy?) list when it'd riddled with childish banter that
On Thu, Jan 5, 2012 at 7:48 AM, PiLS p...@invalid.ca wrote:
If I nuke a Karmic Koala, will they rat me out to the WWF, to
the UNODA, or to both?
Neither, actually. We'll be so glad you didn't call it a Karmic Koala
Bear that we'll send you three American tourists for free. (They're
actually
(I'm using Python 2.7.2+ on Ubuntu.)
When I'm running my program in an xterm, the print command with an
argument containing unicode works fine (it correctly detects my UTF-8
environment). But when I run it with a pipe or redirect to a file (|
or ), unicode strings fail with the following (for
Adam Funk wrote:
(I'm using Python 2.7.2+ on Ubuntu.)
When I'm running my program in an xterm, the print command with an
argument containing unicode works fine (it correctly detects my UTF-8
environment). But when I run it with a pipe or redirect to a file (|
or ), unicode strings fail
On Wed, 04 Jan 2012 20:48:36 +, PiLS wrote:
If I nuke a Karmic Koala, will they rat me out to the WWF, to the
UNODA, or to both?
Personally I'd be cheering for you, provided you also took out all the
warthogs, hedgehogs, badgers, drakes, efts, fawns, gibbons, herons,
ibexes, jackalopes,
On 1/4/2012 9:56 AM, Sean Wolfe wrote:
I am still living in the 2.x world because all the things I want to do
right now in python are in 2 (django, pygame). But I want to be
excited about the future of the language. I understand the concept of
needing to break backwards compatibility. But it's
Hi Everyone,
A number of friends in the community recommended i email this group regarding
some obstacles im running into regarding a Python/Django dilemma :). Im
currently representing a e-Plushing firm who has built an amazing custom ebook
publishing platform in Django and Python. We are
Situation: I am subclassing a class which has methods that call other
class methods (and without reading the code of the superclass I am
discovering these by trial and error as I build the subclass - this is
probably why I may have approached the problem from the wrong
viewpoint :-)).
Problem:
On Wed, Jan 4, 2012 at 3:42 PM, Peter peter.milli...@gmail.com wrote:
Situation: I am subclassing a class which has methods that call other
class methods (and without reading the code of the superclass I am
discovering these by trial and error as I build the subclass - this is
probably why I
On Tuesday 2012 January 03 17:28, Steven D'Aprano wrote:
Besides, I find it hard to believe that the search facilities on PyPI are
so bad that there would be any searches that come up with girlfriend.py
or car.py as false positives.
Try an author search for D'Aprano.
--
I have seen the
Hi,
I am new using Python, although I have experience using other
programming languages like Pascal, FORTRAN, C, Prolog, etc. I am using IDLE
Editor for Python in coordination with the command line interface.
My situation is the
following: I am developing some code. I use the IDLE Editor to write
On Thu, Jan 5, 2012 at 10:25 AM, Andres Soto soto_and...@yahoo.com wrote:
My situation is the following: I am developing some code. I use the IDLE
Editor to write it down. Then, I save it and import it from the command line
interface, so it is already available from the prompt.
Then I load
On Jan 5, 10:09 am, Ian Kelly ian.g.ke...@gmail.com wrote:
Well, you could get the previous stack level using
traceback.extract_stack() and check the filename. But it sounds like
what you actually have are two different methods -- one that is used
by the superclass, and one that only the
On Jan 4, 9:56 am, Sean Wolfe ether@gmail.com wrote:
I am still living in the 2.x world because all the things I want to do
right now in python are in 2 (django, pygame). But I want to be
excited about the future of the language.
Okay. So why not enjoy the best of both worlds (almost) and
I think you meant to send that to the list; hope you don't mind my
replying on-list.
On Thu, Jan 5, 2012 at 10:56 AM, Andres Soto soto_and...@yahoo.com wrote:
the problem is that if I re-run the program, every time I change some
instructions, I have to read (load) again the data and that is
On Jan 4, 6:25 pm, 8 Dihedral dihedral88...@googlemail.com
wrote:
And what are you contributing to the situation other than
misinformation and markov-generated spam?
Do you know what can attract newbies to support python?
I'm sure other people doing all the work for them would be a
On Thu, Jan 5, 2012 at 11:29 AM, Andres Soto soto_and...@yahoo.com wrote:
my mistake is because I have no problem to do that using Prolog which use an
interpreter as Python. I thought that the variables in the main global
memory space (associated with the command line environment) were kept,
my mistake is because I have no problem to do that using Prolog which use an
interpreter as Python. I thought that the variables in the main global memory
space (associated with the command line environment) were kept, although the
code that use it could change.
As you explain me, Python behave
Hi,
I've been a python user for a long time - on Windows, but now I'm working on
a Linux system. I'm having trouble getting python to include Tk in it's
build. My Tcl/Tk is in a non-standard location (I don't want to interfere
with the Python 2.6 installation - that does include Tk until I
alex23於 2012年1月5日星期四UTC+8上午8時23分06秒寫道:
On Jan 4, 6:25 pm, 8 Dihedral dihedr...@googlemail.com
wrote:
And what are you contributing to the situation other than
misinformation and markov-generated spam?
Do you know what can attract newbies to support python?
I'm sure other people
On Wed, 04 Jan 2012 15:37:55 -0800, Peter wrote:
I am trying to create a subclass with slightly different functionality
and use it with an existing code base i.e. there is already one or
more modules that instantiate the current superclass and I want to
just drop in this new class to replace
On 1/4/2012 9:56 AM, Sean Wolfe wrote:
I am still living in the 2.x world because all the things I want to do
right now in python are in 2 (django, pygame). But I want to be
excited about the future of the language. I understand the concept of
needing to break backwards compatibility. But it's
On 1/4/2012 7:29 PM, Andres Soto wrote:
As you explain me, Python behave like a compiled language: any time I
make a change in the code, I have to compile it again, and re-run (and
re-load the data).
While you are developing a program and expect to make changes, you can
try working with a
On 1/4/2012 3:42 PM, Lucas Vickers wrote:
At the moment python3 isn't an option. There's a variety of
dependencies I'm working around.
Please consider telling the authors of libraries you need that you would
like a Python 3 version and say why. One reason given for not upgrading
packages is
Martin v. Löwis mar...@v.loewis.de added the comment:
Martin, I do not understand. The default hash is based on id (as is
default equality comparison), not value.
In the default implementation, the id *is* the object's value (i.e.
objects, by default, only compare equal if they are
Marc-Andre Lemburg m...@egenix.com added the comment:
Terry J. Reedy wrote:
Terry J. Reedy tjre...@udel.edu added the comment:
Martin, I do not understand. The default hash is based on id (as is default
equality comparison), not value. Are you OK with hash values changing if the
Georg Brandl ge...@python.org added the comment:
The continually updated docs are built from the stable branches, whose version
remains at (e.g.) 2.7.2 until 2.7.3a1 is released, at which point the
continuous updating stops until 2.7.3 is final.
I don't think presenting docs with an alpha
Christian Heimes li...@cheimes.de added the comment:
Release blocker: I was following the example in #13703. A RNG (PRNG or CSPRNG)
is required for randomized hashing function.
The patch contains more than just the RNG changes. Only Include/pyrandom.h,
Modules/_randommodule.c,
Changes by Raymond Hettinger raymond.hettin...@gmail.com:
--
assignee: rhettinger - christian.heimes
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13704
___
Raymond Hettinger raymond.hettin...@gmail.com added the comment:
[Antoine]
Suggest closing as invalid/rajected.
[Martin]
-1. The hash has nothing to do with the lifetime,
but with the value of an object.
--
resolution: - invalid
status: open - closed
Changes by Mark Shannon m...@hotpy.org:
--
nosy: +Mark.Shannon
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13703
___
___
Python-bugs-list
Antoine Pitrou pit...@free.fr added the comment:
That sounds like a good solution in the middle-term. Are there any
drawbacks? (apart from launching a thread)
Just to be clear: the approach I was suggesting is to have a resident
thread dedicated to signal management, not to spawn a new
Antoine Pitrou pit...@free.fr added the comment:
Using a fairly small value (4k) should not make the results much worse
from a security perspective, but might be problematic from a
collision/distribution standpoint.
Keep in mind the average L1 data cache size is between 16KB and 64KB. 4KB
Roundup Robot devn...@psf.upfronthosting.co.za added the comment:
New changeset dfffb293f4b3 by Vinay Sajip in branch 'default':
Closes #13699. Skipped two tests if Python is optimised.
http://hg.python.org/cpython/rev/dfffb293f4b3
--
nosy: +python-dev
resolution: - fixed
stage: -
New submission from Manuel Bärenz man...@enigmage.de:
I've attached a script which demonstrates the bug.
When feeding a script that contains a comment tag with the actual script and
the script containing tags itself (e.g. a 'document.write(td/td)'), the
parser doesn't call handle_comment and
Manuel Bärenz man...@enigmage.de added the comment:
I forgot to say, I'm using python version 3.2.2.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13711
___
R. David Murray rdmur...@bitdance.com added the comment:
The content of a script tag is CDATA. Why would you expect it to be parsed?
--
nosy: +ezio.melotti, r.david.murray
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13711
Manuel Bärenz man...@enigmage.de added the comment:
Oh, I wasn't aware of that.
Then, the bug is actually calling handle_endtag.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13711
___
Manuel Bärenz man...@enigmage.de added the comment:
To clarify this even further: Consider
parser_instance.feed(scripttd/td/script)
It should call:
parser_instance.handle_starttag(script, [])
parser_instance.handle_data(td/td)
parser_instance.handle_endtag(script, [])
Instead, it calls:
R. David Murray rdmur...@bitdance.com added the comment:
I believe this was fixed recently as part of issue 670664. Ezio will know for
sure.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13711
Éric Araujo mer...@netwok.org added the comment:
If test_packaging fails because it relies on dict order / hash details, that’s
a bug. Can you copy the full tb (possibly in another report, I can fix it
independently of this issue)?
--
nosy: +eric.araujo
New submission from Christian Heimes li...@cheimes.de:
As requested in http://bugs.python.org/issue13703#msg150609
./python Lib/test/regrtest.py test_packaging
[1/1] test_packaging
Warning -- threading._dangling was modified by test_packaging
Warning -- sysconfig._SCHEMES was modified by
Ezio Melotti ezio.melo...@gmail.com added the comment:
Yep, this was fixed in #670664.
With the development version of Python (AFAIK the fix has not be released yet)
and the example parser found in the doc[0] I get this:
parser = MyHTMLParser()
parser.feed('scripttd/td/script')
Encountered a
Barry A. Warsaw ba...@python.org added the comment:
On Jan 04, 2012, at 07:30 AM, Raymond Hettinger wrote:
Why is this listed as a release blocker? It is questionable whether it
should be done at all? It is a very aggressive change.
It's a release blocker so that the issue won't get ignored
Barry A. Warsaw ba...@python.org added the comment:
On Jan 04, 2012, at 06:00 AM, Paul McMillan wrote:
Developers would be startled to find that ordering stays consistent on a 64
bit build but varies on 32 bit builds.
Well, one positive outcome of this issue is that users will finally
Manuel Bärenz man...@enigmage.de added the comment:
Great! Thank you!
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13711
___
___
New submission from Ross Lagerwall rosslagerw...@gmail.com:
806cfe39f729 introduced a regression for http.client read(len).
To see this:
$ ./python test.py
$ wget http://archives.fedoraproject.org/pub/archive/fedora/linux/core/1/SRPMS/
$ diff index.html index2.html
This is a difference in the
Marc-Andre Lemburg m...@egenix.com added the comment:
Some comments:
1. The security implications in all this is being somewhat overemphasized.
There are many ways you can do a DoS attack on web servers. It's the
responsibility of the used web frameworks and servers to deal with
the possible
Vinay Sajip vinay_sa...@yahoo.co.uk added the comment:
Pending the real fix, I've attached a patch to skip the test if it's not a
source build.
--
keywords: +patch
nosy: +vinay.sajip
stage: needs patch - patch review
Added file: http://bugs.python.org/file24139/test-gdb-patch.diff
Éric Araujo mer...@netwok.org added the comment:
Thanks, I will check this.
--
versions: +3rd party
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13712
___
Changes by Antoine Pitrou pit...@free.fr:
--
nosy: +Jon.Kuhn
priority: normal - critical
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13713
___
Marc-Andre Lemburg m...@egenix.com added the comment:
Marc-Andre Lemburg wrote:
3. Changing the way strings are hashed doesn't solve the problem.
Hash values of other types can easily be guessed as well, e.g.
take integers which use a trivial hash function.
Here's an example for integers
Marc-Andre Lemburg m...@egenix.com added the comment:
The email interface ate part of my reply:
g = ((x*(2**64 - 1), hash(x*(2**64 - 1))) for x in xrange(1, 100))
s = ''.join(str(x) for x in g)
len(s)
32397634
g = ((x*(2**64 - 1), hash(x*(2**64 - 1))) for x in xrange(1, 100))
d =
Terry J. Reedy tjre...@udel.edu added the comment:
To expand on Marc-Andre's point 1: the DOS attack on web servers is possible
because servers are generally dumb at the first stage. Upon receiving a post
request, all key=value pairs are mindlessly packaged into a hash table that is
then
Alex Gaynor alex.gay...@gmail.com added the comment:
Except, it's a totally non-scalable approach. People have vulnerabilities all
over their sites which they don't realize. Some examples:
django-taggit (an application I wrote for handling tags) parses tags out an
input, it stores these in
Antoine Pitrou pit...@free.fr added the comment:
The fix is quite trivial. Here is a patch + tests.
--
keywords: +patch
stage: needs patch - patch review
Added file: http://bugs.python.org/file24140/readinto_chunked.patch
___
Python tracker
Ross Lagerwall rosslagerw...@gmail.com added the comment:
The patch looks right and seems to fix the issue. Thanks :-)
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13713
___
Marc-Andre Lemburg m...@egenix.com added the comment:
Marc-Andre Lemburg wrote:
1. The security implications in all this is being somewhat overemphasized.
There are many ways you can do a DoS attack on web servers. It's the
responsibility of the used web frameworks and servers to deal
Roundup Robot devn...@psf.upfronthosting.co.za added the comment:
New changeset 4b21f651 by Antoine Pitrou in branch 'default':
Issue #13713: fix a regression in HTTP chunked reading after 806cfe39f729
http://hg.python.org/cpython/rev/4b21f651
--
Roundup Robot devn...@psf.upfronthosting.co.za added the comment:
New changeset 4b21f651 by Antoine Pitrou in branch 'default':
Issue #13713: fix a regression in HTTP chunked reading after 806cfe39f729
http://hg.python.org/cpython/rev/4b21f651
--
nosy: +python-dev
Antoine Pitrou pit...@free.fr added the comment:
Ok, committed!
(Jon, don't worry, such things happen :-))
--
resolution: - fixed
stage: patch review - committed/rejected
status: open - closed
___
Python tracker rep...@bugs.python.org
Stefan Krah stefan-use...@bytereef.org added the comment:
[Mark]
So I think the current code is correct.
I agree with this. Currently the 'g' format is like to_sci_string()
with the added possibility of adjusting the number of significant
digits. It's probably hard to come up with a better way
Sandro Tosi sandro.t...@gmail.com added the comment:
This has already been fixed with 71f7175e2b34 friends.
--
nosy: +sandro.tosi
resolution: - fixed
stage: - committed/rejected
status: open - closed
versions: -Python 3.4
___
Python tracker
Roundup Robot devn...@psf.upfronthosting.co.za added the comment:
New changeset 278fbd7b9608 by Sandro Tosi in branch '2.7':
Issue #10772: add count and help argparse action; patch by Marc Sibson
http://hg.python.org/cpython/rev/278fbd7b9608
New changeset 326f755962e3 by Sandro Tosi in branch
Sandro Tosi sandro.t...@gmail.com added the comment:
Thanks Marc for the patch, I've just committed it.
--
resolution: - fixed
stage: commit review - committed/rejected
status: open - closed
___
Python tracker rep...@bugs.python.org
Berker Peksag berker.pek...@gmail.com added the comment:
Hi Antoine,
I added some tests for b64decode function.
Also, I wrote some tests for b32decode and b16decode functions and failed. I
think my patch is not working for b32decode and b16decode functions. I'll dig
into code and try to find
STINNER Victor victor.stin...@haypocalc.com added the comment:
Work-in-progress patch implementing my randomized hash function (random.patch):
- add PyOS_URandom() using CryptoGen, SSL (only on VMS!!) or /dev/urandom,
will a fallback on a dummy LCG if the OS urandom failed
- posix.urandom()
STINNER Victor victor.stin...@haypocalc.com added the comment:
add PyOS_URandom() using CryptoGen, SSL (only on VMS!!)
or /dev/urandom
Oh, OpenSSL (RAND_pseudo_bytes) should be used on Windows, Linux, Mac OS X,
etc. if OpenSSL is available. I was just too lazy to add a define or pyconfig.h
Antoine Pitrou pit...@free.fr added the comment:
add PyOS_URandom() using CryptoGen, SSL (only on VMS!!)
or /dev/urandom
Oh, OpenSSL (RAND_pseudo_bytes) should be used on Windows, Linux, Mac
OS X, etc. if OpenSSL is available.
Apart from the large dependency, the OpenSSL license is not
STINNER Victor victor.stin...@haypocalc.com added the comment:
+printf(read %i bytes\n, size);
Oops, I forgot a debug message.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13703
STINNER Victor victor.stin...@haypocalc.com added the comment:
If PHP uses it, I'm confident it is secure.
If I remember correctly, it is only used for the Windows version of PHP, but
PHP doesn't implement it correctly because it uses all bits.
--
Paul McMillan p...@mcmillan.ws added the comment:
This is not something that can be fixed by limiting the size of POST/GET.
Parsing documents (even offline) can generate these problems. I can create
books that calibre (a Python-based ebook format shifting tool) can't convert,
but are
STINNER Victor victor.stin...@haypocalc.com added the comment:
Since speed is a concern, I think that the proposal to avoid using the random
hash for short strings is a good idea.
My proposition only adds two XOR to hash(str) (outside the loop on Unicode
characters), so I expect a ridiculous
1 - 100 of 115 matches
Mail list logo