On Sat, Jul 15, 2023 at 1:02 PM Dieter Maurer wrote:
>
> I am active in the `Zope` community (a web application server
> based on Python). This community has a security mailing list
> for security related reports
> and issues public CVE (= "Commun Vulnerabilities and Exposures") reports
> (via a
On Fri, Jul 14, 2023 at 3:02 PM Barry wrote:
> Where do you get your python from?
Directly from python.org.
> You may find that the organisation that packages python that you use has such
> a list.
That's my hope. Just haven't found it yet. :-}
--
On Fri, Jul 14, 2023 at 1:35 PM Bob Kline wrote:
> Can someone point me to the official catalog of security vulnerabilities
> in Python
I did try entering "python security vulnerabilities" in the search box
of the python.org web site, but what I got back was "No resu
security-annou...@python.org, but there hasn't been anything posted there
in over a year as far as I can tell, and even before that it's pretty thin.
If there's a better place to ask, please advise.
Thanks.
--
Bob Kline
https://www.rksystems.com
mailto:bkl...@rksystems.com
--
https
Bob Kline added the comment:
And now it's working for me as well. Thanks, @Mariatta.
--
resolution: third party -> fixed
status: open -> closed
___
Python tracker
<https://bugs.python.org/i
Bob Kline added the comment:
I can, if you prefer, close this ticket and create a new one on GitHub (even
though this is the same issue, not a different "further" issue).
--
___
Python tracker
<https://bugs.python.o
Bob Kline added the comment:
To reproduce, enter "bkline" in the GitHub username field and press Check.
--
___
Python tracker
<https://bugs.python.o
Bob Kline added the comment:
Sorry, it's still failing with the same error message.
--
status: closed -> open
___
Python tracker
<https://bugs.python.org/issu
Bob Kline added the comment:
Super, thanks!
--
___
Python tracker
<https://bugs.python.org/issue43790>
___
___
Python-bugs-list mailing list
Unsubscribe:
Bob Kline added the comment:
Apparently, it doesn't fail when you enter a name for which it can't find a
b.p.o. account. So it knows how to say "beelzebub does not have bpo account"
but fails when I put in "bkline" in the GitHub username field. It's tempting to
suspec
Bob Kline added the comment:
I have reported the failure of the CLA check tool.
https://bugs.python.org/issue43790
--
___
Python tracker
<https://bugs.python.org/issue43
New submission from Bob Kline :
The tool to check whether the CLA has been received fails with a 500 error.
Steps to reproduce:
1. Add your GitHub name to your b.p.o. record.
2. Navigate to https://check-python-cla.herokuapp.com/
3. Enter your GitHub name and press the "Check" butt
Bob Kline added the comment:
Thanks for the clarification. I submitted a PR, but I'm unable to remove the
"CLA not signed" tag from it (even though I have signed the CLA) and form at
https://check-python-cla.herokuapp.com/ ("You can check yourself to see if the
CLA ha
Bob Kline added the comment:
PR submitted: https://github.com/python/cpython/pull/25287
--
___
Python tracker
<https://bugs.python.org/issue43777>
___
___
Pytho
New submission from Bob Kline :
The official tutorial instructs users to find third-party packages by using the
"pip search" command, which no longer works (and will be deprecated -- and
presumably subsequently removed -- according to the error message). See
https://docs.pytho
Bob Kline added the comment:
Here is the generated documentation. Note that no mention is made of the inner
class's method.
--
Added file: https://bugs.python.org/file49429/Screen Shot 2020-08-25 at
11.26.39 AM.png
___
Python tracker
<ht
New submission from Bob Kline :
Although the documentation for the pydoc says that it produces documentation of
the classes recursively, this isn't actually true.
--
components: Library (Lib)
files: repro.py
messages: 375891
nosy: bkline
priority: normal
severity: normal
status: open
New submission from Bob Kline :
The documentation for tempfile.mkstemp() says "If text is specified, it
indicates whether to open the file in binary mode (the default) or text mode.
On some platforms, this makes no difference." That might have been true for
Python 2.x, but i
Bob Kline added the comment:
OK, I give up. In parting I will point out that the official Python 2
documentation says "basestring() This abstract type is the superclass for str
and unicode. It cannot be called or instantiated, but it can be used to test
whether an object is an ins
Bob Kline added the comment:
> Unless you have a specific proposal, ...
I _do_ have a specific proposal: replace `basestring` with `(str, bytes)`,
which preserves the behavior of the original code. So,
if isinstance(value, basestring)
becomes
if isinstance(value, (str, by
Bob Kline added the comment:
> Use str instead.
Sure. I understand the advantages of the new approach to strings. Which, by the
way, weren't available when this project began. I don't disagree with anything
you say in the context of writing new code. I was, however, surprised and
disma
New submission from Bob Kline :
We are attempting to convert a large Python 2 code base. Following the guidance
of the official documentation
(https://docs.python.org/2/library/functions.html#basestring) we created tests
in many, many places that look like this:
if isinstance(value
Bob Kline added the comment:
In fact, I suppose it's possible that the warning as I worded it is still not
restrictive enough, and that there are subtle dependencies between the fixers
which would make the action of one of them render the code no longer safely
fixable as Python 2 code
Bob Kline added the comment:
Thanks, I understand. However, this highlights something which had slipped
under my radar. You get one shot at running a code set through the tool. You
can't do what I was doing, which was to run the tool in "don't write" mode,
then fix by
Bob Kline added the comment:
Ah, this is worse than I first thought. It's not just converting code by adding
extra backslashes to regular expression strings, where at least the regular
expression engine will do what the original code was asking the Python parser
to do (unless user code
Bob Kline added the comment:
The original string had u"""...""" and the u had already been removed by hand
in preparation for moving to Python 3.
--
___
Python tracker
<h
New submission from Bob Kline :
-UNWANTED = re.compile("""['".,?!:;()[\]{}<>\u201C\u201D\u00A1\u00BF]+""")
+UNWANTED =
re.compile("""['".,?!:;()[\]{}<>\\u201C\\u201D\\u00A1\\u00BF]+""")
The non-ASCII
Bob Kline added the comment:
I had to add $HOME/usr/lib64 to LD_LIBRARY_PATH to get make to work.
--
nosy: +bkline
___
Python tracker
<https://bugs.python.org/issue34
Bob Kline added the comment:
Confirming that this is still failing with 3.7.0 released.
--
nosy: +bkline
___
Python tracker
<https://bugs.python.org/issue31
Bob Kline <bkl...@rksystems.com> added the comment:
> ... jemalloc can reduce memory usage ...
Thanks for the tip. I downloaded the source and successfully built the DLL,
then went looking for a way to get it loaded. Unfortunately, DLL injection,
which is needed to use this
Bob Kline <bkl...@rksystems.com> added the comment:
Thanks for your responses to my comments. I'm working as hard as I can to get
my customer's systems migrated into the Python 3 world, and I appreciate the
efforts of the community to provide incentives (such as the reso
Bob Kline <bkl...@rksystems.com> added the comment:
Sorry, I should have used the language of the patch author ("the resolution").
Without the resolution, Python 2.7 eventually runs out of memory and crashes
for some correctly w
Bob Kline <bkl...@rksystems.com> added the comment:
Would it be inappropriate for this fix to be applied to 2.7?
--
nosy: +bkline
___
Python tracker <rep...@bugs.python.org>
<https://bugs.python
Bob Kline <bkl...@rksystems.com> added the comment:
The light finally comes on. I actually *was* putting a backslash into the
string value, with the raw flag (which is, of course, what you were trying to
tell me). Thanks for your pa
Bob Kline <bkl...@rksystems.com> added the comment:
I had been under the impression that "escaped" in this context meant that an
escape character (the backslash) was part of the string value for the regular
expression (there's a little bit of overloading going on with tha
New submission from Bob Kline <bkl...@rksystems.com>:
According to the documentation of the re module, "When this flag [re.VERBOSE]
has been specified, whitespace within the RE string is ignored, except when the
whitespace is in a character class or preceded by an unescape
New submission from Bob Kline:
The socket module does not always return response packets which are
successfully delivered to the client host. We ran into this problem with an
HTTP request for which socket.recv() raised an exception instead of returning
the 301 redirection response which
The subject line pretty much says it all. Should the programmer close the file?
If the programmer does that, and the user has asked that the file object be
hooked up to standard in (or standard out) what will happen? If the programmer
doesn't close it, does it get closed cleanly in the face of
Bob Kline bkl...@rksystems.com added the comment:
Just to make life interesting, someone went in and changed all the URLs for
messages in the Python mailing list. Here's the new URL for the message which
contains the repro instructions:
http://mail.python.org/pipermail/python-list/2009
('SUBJECT')
'blah'
email.message_from_string(Subject:\n blah).get('SUBJECT')
' blah'
Note the space in front of the second value returned, but missing from
the first. Can someone convince me that this is not a bug?
--
Bob Kline
http://www.rksystems.com
mailto:bkl...@rksystems.com
--
http
for responding. I think your interpretation of the RFC is the
same is mine. What I'm saying is that by not returning the same value
in the two cases above the module is not regarding CRLF immediately
followed by a LWSP-char as equivalent to the LWSP-char.
--
Bob Kline
http://www.rksystems.com
mailto:bkl
sequences as
equivalent. Logically, the processing sequence should be:
1. Unwrap the header (Subject:\r\n foo becomes Subject: foo)
2. Trim leading white space ( foo becomes foo)
Ideally, the behavior of trimming the leading white space would be
reflected documentation (but it isn't).
--
Bob
and spaces make up the
whitespace element.
That would be true for what the RFC calls structured fields, but not
for the others (such as the Subject header).
--
Bob Kline
http://www.rksystems.com
mailto:bkl...@rksystems.com
--
http://mail.python.org/mailman/listinfo/python-list
On 1/20/2011 5:34 PM, Martin Gregorie wrote:
On Thu, 20 Jan 2011 16:25:52 -0500, Bob Kline wrote:
On 1/20/2011 3:48 PM, Martin Gregorie wrote:
That's only a problem if your code cares about the composition of the
whitespace and this, IMO is incorrect behaviour. When the separator
between
Aahz wrote:
Interesting. Nobody has responded, so I suggest first filing a report
using bugs.python.org and then asking on python-dev (with reference to
your report).
http://bugs.python.org/issue5340
Cheers,
Bob
--
http://mail.python.org/mailman/listinfo/python-list
New submission from Bob Kline bkl...@rksystems.com:
We just upgraded Python to 2.6 on some of our servers and a number of
our CGI scripts broke because the cgi module has changed the way it
handles POST requests. When the 'action' attribute was not present in
the form element on an HTML page
Joshua Kugler wrote:
We just upgraded Python to 2.6 on some of our servers and a number of our
CGI scripts broke because the cgi module has changed the way it handles
POST requests. When the 'action' attribute was not present in the form
element on an HTML page the module behaved as if the
[Didn't realize the mirror didn't work both ways]
We just upgraded Python to 2.6 on some of our servers and a number of our CGI
scripts broke because the cgi module has changed the way it handles POST
requests. When the 'action' attribute was not present in the form element on
an HTML page
Bob Kline [EMAIL PROTECTED] added the comment:
Please open a new issue and don't forget to provide an example case.
Looks like Daniel beat me to the punch.
__
Tracker [EMAIL PROTECTED]
http://bugs.python.org/issue2480
Bob Kline [EMAIL PROTECTED] added the comment:
I just ran into this behavior with an attempt to pickle a dom tree for
an XML document whose nesting level never got deeper than nine child
nodes, and indeed it crashed the interpreter. Throwing an exception
would be preferable, of course
Bob Kline added the comment:
Please note that the documentation of the keys() method of the
FieldStorage class (both in the method's docstring as well as in the
separate library manual) describes the method as a dictionary style
keys() method. Section 3.8 of the documentation has this to say
Bob Kline added the comment:
I'm not sure I would characterize a speedup of several orders of
magnitude a tiny performance gain. We had scripts with very large
numbers of fields which were actually timing out. While I understand
and agree with the principle of breaking as little existing code
Bob Kline added the comment:
Thanks for the very quick follow-up. I may be shooting myself in the
foot here, but Sean's encouragement about getting patches to the actual
code lead me to wonder if it might be better to go straight for the
optimal solution here. As I implied in my original
Aahz wrote:
What I suggest doing is submitting a doc patch to
http://bugs.python.org/
Done. Thanks for the suggestion.
Bob
--
http://mail.python.org/mailman/listinfo/python-list
New submission from Bob Kline:
I have attached a patch which adds partial documentation for the done
attribute of the cgi.FieldStorage class. This addition is needed in
order to make it safe to rely on the current behavior of the class,
which sets this attribute to the value -1 when an uploaded
one's
software. Can anyone think of a good reason why it would not be
desirable to expose a publicly documented means of detecting the
condition described above?
Cheers and thanks!
Bob Kline
--
http://mail.python.org/mailman/listinfo/python-list
. This implementation of keys() reduces
the amount of time taken by several orders of magnitude:
def keys(self):
return {}.fromkeys([i.name for i in self.list]).keys()
Is there a better place for submitting suggestions like this?
Bob Kline
--
http://mail.python.org/mailman/listinfo/python
Marc 'BlackJack' Rintsch wrote:
def keys(self):
return {}.fromkeys([i.name for i in self.list]).keys()
This does not maintain the order of `self.list`. Don't know if there's
code relying on this.
Such code would be flying in the face of an implication that the order
of the keys
Sybren Stuvel wrote:
FieldStorage.__nonzero__ tried first if it exists. You might want to
use that for more optimization.
Excellent suggestion! It would be nice if this were adopted to
supplement the original optimization, rather than replace it.
Bob
--
Georg Brandl wrote:
Post a RFE to the Python Tracker at
http://sourceforge.net/tracker/?group_id=5470atid=355470
If you want, assign it to me (gbrandl).
Done, thanks.
Bob
--
http://mail.python.org/mailman/listinfo/python-list
Jason Nordwick wrote:
I'm using MySQLdb and can connect and issue queries that return result
sets, but I how do I get the column names for those result sets?
[d[0] for d in k.description]
Cheers,
Bob
--
http://mail.python.org/mailman/listinfo/python-list
where he left off?
--
Bob Kline
http://www.rksystems.com
mailto:[EMAIL PROTECTED]
--
http://mail.python.org/mailman/listinfo/python-list
62 matches
Mail list logo
