On 14.10.2015 21:50, Steve Langasek wrote: > This upload includes a change to add a new configuration file for > setting the site policy for whether to enforce signature signing. > > I objected privately to the addition of this configuration file when > Matthias proposed it.
> This adds complexity to the system both on > upgrade and in 14.04 itself; the patch was proposed upstream and > rejected; The patch was not rejected upstream, because it wasn't seen as relevant. It was somehow acknowledged that something like this is needed. Other options discussed seemd to be worse. See http://bugs.python.org/issue23857 > and the configuration file will cause the behavior of programs > to be inconsistent across installations of Ubuntu. This claim seems to be wrong. The default is the same as in the released trusty. > Furthermore, the > claim in the changelog that this config file will be removed on upgrade > to 15.04 is *false*; there is no code in the 15.04 version of python3.4 > which implements this, and there is no python3.4 package in the SRU > queue for vivid. This is in progress, just started with wily. > Users who upgraded to 3.4.3 previously in trusty-updates are currently > stuck on an upgrade island as a result of the previous SRU having been > backed out due to regressions. We need to resolve this problem quickly. > The SRU that has been uploaded is not appropriate as a quick fix, it has > longer-term consequences that need to be thought through carefully. > > I am going to upload a new SRU that reverts the addition of this config > file. The code patch can stay in place, it should implement the correct > behavior with or without the config file actually being present (and I > don't have an alternative implementation of this policy change to hand > that we could quickly release). But if we're going to release this SRU > with that code path, we should not be advising users to use a global > config file to configure the site policy until this has been discussed > more broadly. sure we can do that. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to python3-defaults in Ubuntu. https://bugs.launchpad.net/bugs/1348954 Title: update Python3 for trusty Status in python3-defaults package in Ubuntu: New Status in python3-stdlib-extensions source package in Trusty: Fix Released Status in python3.4 source package in Trusty: Fix Committed Bug description: update Python3 for trusty. Rationale: the LTS was released with 3.4.0, the first 3.4 release which certainly had some issues. The idea is to update the python3.4 packages to the version found in 15.04 (vivid), which currently doesn't have any outstanding issues. A test rebuild of the trusty main component was done without showing any regressions during the package builds. http://people.ubuntuwire.org/~wgrant/rebuild-ftbfs-test/test-rebuild-20150317-trusty.html http://people.ubuntuwire.org/~wgrant/rebuild-ftbfs-test/test-rebuild-20150501-updates-trusty.html To validate this SRU, I'm proposing to use the results from the test rebuild, plus evaluating the testsuite results of the python3.4 package itself. To test the python3 behaviour for certificate verification, use urllib.request.urlopen. requests does it's own certificate verification. import urllib.request sites = [ 'https://expired.badssl.com/', 'https://wrong.host.badssl.com/', 'https://self-signed.badssl.com/' ] for site in sites: try: urllib.request.urlopen(site) print("OK", site) except: print("FAIL", site) Edit /etc/python3.4/cert-verification.conf to test both behaviours To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python3-defaults/+bug/1348954/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
