From alexandre at peadrop.com Sun Sep 2 19:14:45 2007 From: alexandre at peadrop.com (Alexandre Vassalotti) Date: Sun, 2 Sep 2007 13:14:45 -0400 Subject: [Python-Dev] Avoiding cascading test failures In-Reply-To: <43aa6ff70708282015q56699bebk4bc52a38749d121e@mail.gmail.com> References: <43aa6ff70708282015q56699bebk4bc52a38749d121e@mail.gmail.com> Message-ID: On 8/28/07, Collin Winter wrote: > On 8/22/07, Alexandre Vassalotti wrote: > > When I was fixing tests failing in the py3k branch, I found the number > > duplicate failures annoying. Often, a single bug, in an important > > method or function, caused a large number of testcase to fail. So, I > > thought of a simple mechanism for avoiding such cascading failures. > > > > My solution is to add a notion of dependency to testcases. A typical > > usage would look like this: > > > > @depends('test_getvalue') > > def test_writelines(self): > > ... > > memio.writelines([buf] * 100) > > self.assertEqual(memio.getvalue(), buf * 100) > > ... > > This definitely seems like a neat idea. Some thoughts: > > * How do you deal with dependencies that cross test modules? Say > test A depends on test B, how do we know whether it's worthwhile > to run A if B hasn't been run yet? It looks like you run the test > anyway (I haven't studied the code closely), but that doesn't > seem ideal. I am not sure what you mean by "test modules". Do you mean module in the Python sense, or like a test-case class? > * This might be implemented in the wrong place. For example, the [x > for x in dir(self) if x.startswith('test')] you do is most certainly > better-placed in a custom TestLoader implementation. That certainly is a good suggestion. I am not sure yet how I will implement my idea in the unittest module. However, I pretty sure that it will be quite different from my prototype. > But despite that, I think it's a cool idea and worth pursuing. Could > you set up a branch (probably of py3k) so we can see how this plays > out in the large? Sure. I need to finish merging pickle and cPickle for Py3k before tackling this project, though. -- Alexandre From ryan.freckleton at gmail.com Mon Sep 3 06:34:26 2007 From: ryan.freckleton at gmail.com (Ryan Freckleton) Date: Sun, 2 Sep 2007 22:34:26 -0600 Subject: [Python-Dev] Product function patch [issue 1093] Message-ID: <318072440709022134m52cc729fi575a3fb99fb10b70@mail.gmail.com> Hello, At one time Guido mentioned adding a built-in product() function to cover some of the remaining use cases of the built-in reduce(). I don't know if this function is still wanted or needed, but I've created an implementation with tests and documentation at http://bugs.python.org/issue1093 . If it is still wanted, could someone review it and give me feedback on it? Thanks, -- ===== --Ryan E. Freckleton From martin at v.loewis.de Mon Sep 3 07:27:08 2007 From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Mon, 03 Sep 2007 07:27:08 +0200 Subject: [Python-Dev] Product function patch [issue 1093] In-Reply-To: <318072440709022134m52cc729fi575a3fb99fb10b70@mail.gmail.com> References: <318072440709022134m52cc729fi575a3fb99fb10b70@mail.gmail.com> Message-ID: <46DB9B2C.7010202@v.loewis.de> > At one time Guido mentioned adding a built-in product() function to > cover some of the remaining use cases of the built-in reduce(). What is the use case for product()? Regards, Martin From skip at pobox.com Mon Sep 3 14:24:30 2007 From: skip at pobox.com (skip at pobox.com) Date: Mon, 3 Sep 2007 07:24:30 -0500 Subject: [Python-Dev] Product function patch [issue 1093] In-Reply-To: <46DB9B2C.7010202@v.loewis.de> References: <318072440709022134m52cc729fi575a3fb99fb10b70@mail.gmail.com> <46DB9B2C.7010202@v.loewis.de> Message-ID: <18139.64766.602709.442409@montanaro.dyndns.org> >> At one time Guido mentioned adding a built-in product() function to >> cover some of the remaining use cases of the built-in reduce(). Martin> What is the use case for product()? As I recall, there were basically two uses of reduce(), to sum a series or (less frequently) to take the product of a series. sum() obviously takes care of the first use case. product() would take care of the second. Skip From guido at python.org Mon Sep 3 16:37:59 2007 From: guido at python.org (Guido van Rossum) Date: Mon, 3 Sep 2007 07:37:59 -0700 Subject: [Python-Dev] Product function patch [issue 1093] In-Reply-To: <18139.64766.602709.442409@montanaro.dyndns.org> References: <318072440709022134m52cc729fi575a3fb99fb10b70@mail.gmail.com> <46DB9B2C.7010202@v.loewis.de> <18139.64766.602709.442409@montanaro.dyndns.org> Message-ID: Actually, if you use Google code search, you'll find that multiplying the numbers in a list doesn't have much use at all. After summing numbers, joining strings is by far the most common usage -- which is much better done with the str.join() method. (PS. I rejected the issue; product() was proposed and rejected when sum() was originally proposed and accepted, and I don't see anything to change my mind.) On 9/3/07, skip at pobox.com wrote: > > >> At one time Guido mentioned adding a built-in product() function to > >> cover some of the remaining use cases of the built-in reduce(). > > Martin> What is the use case for product()? > > As I recall, there were basically two uses of reduce(), to sum a series or > (less frequently) to take the product of a series. sum() obviously takes > care of the first use case. product() would take care of the second. > > Skip > > _______________________________________________ > Python-Dev mailing list > Python-Dev at python.org > http://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: http://mail.python.org/mailman/options/python-dev/guido%40python.org > -- --Guido van Rossum (home page: http://www.python.org/~guido/) From orsenthil at gmail.com Mon Sep 3 20:47:48 2007 From: orsenthil at gmail.com (O.R.Senthil Kumaran) Date: Tue, 4 Sep 2007 00:17:48 +0530 Subject: [Python-Dev] Roundup issue mails "Do not thread!" Message-ID: <20070903184748.GB5632@gmail.com> Hi all, Has anyone observed missing "email-threads" issue with Roundup bug tracker email? Any work around for that? I use mutt and find that roundup bug issue000xx mails are not being threaded. Its not do with settings, I believe. The issue000xxx emails might not being have In-Reply-To or References: header. Why are some msgs threaded and others not? You have some msgs which don't have correct In-Reply-To: References: headers (or not set at all) and you've turned on $strict_threads What do "->", "-?-" and "*>" mean in thread trees? When you turn off $strict_threads msgs with similar subjects get grouped together. In ... -- O.R.Senthil Kumaran http://uthcode.sarovar.org From ty.newton at copperchipgames.com Tue Sep 4 00:20:29 2007 From: ty.newton at copperchipgames.com (Ty Newton) Date: Tue, 04 Sep 2007 08:20:29 +1000 Subject: [Python-Dev] Porting information Message-ID: <46DC88AD.5060001@copperchipgames.com> Hi, I'm looking into porting CPython to native C# (not like IronPython) so that it can be used in game software on the XBox360: integrated with the indie development tool XNA Game Studio Express. I am looking for some guidance on how to approach this in the most effective way. I've started by looking at the parser portion of the code. However I am not certain this is the best place to start. Since there are so many ports I assume there is a well trodden path to completing this kind of task. Any suggestions would be greatly appreciated. I would prefer to break the task into portions that can be verified (tested for correctness) independently or as a stack (one on top of the next). That way I can catch errors early and have more confidence in what I am creating. When I looked through the test suites they all seem to be written in Python. Is there a test suite for the core of CPython i.e. before the C code can interpret Python code? Thanks, Ty From greg.ewing at canterbury.ac.nz Tue Sep 4 00:59:30 2007 From: greg.ewing at canterbury.ac.nz (Greg Ewing) Date: Tue, 04 Sep 2007 10:59:30 +1200 Subject: [Python-Dev] Product function patch [issue 1093] In-Reply-To: <318072440709022134m52cc729fi575a3fb99fb10b70@mail.gmail.com> References: <318072440709022134m52cc729fi575a3fb99fb10b70@mail.gmail.com> Message-ID: <46DC91D2.7060407@canterbury.ac.nz> Ryan Freckleton wrote: > At one time Guido mentioned adding a built-in product() function to > cover some of the remaining use cases of the built-in reduce(). Speaking of such things, I was thinking the other day that it might be useful to have somewhere in the stdlib a full set of functions for doing elementwise operations and reductions on the built-in array type. This would make it possible for one to do efficient bulk arithmetic when the need arises from time to time without having to pull in a heavyweight dependency such as Numeric or numpy. -- Greg From martin at v.loewis.de Tue Sep 4 04:21:25 2007 From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Tue, 04 Sep 2007 04:21:25 +0200 Subject: [Python-Dev] Roundup issue mails "Do not thread!" In-Reply-To: <20070903184748.GB5632@gmail.com> References: <20070903184748.GB5632@gmail.com> Message-ID: <46DCC125.8040109@v.loewis.de> > The issue000xxx emails might not being have In-Reply-To or References: header. If messages are entered through the web interface, they won't have these headers. Regards, Martin From orsenthil at gmail.com Tue Sep 4 04:49:43 2007 From: orsenthil at gmail.com (O.R.Senthil Kumaran) Date: Tue, 4 Sep 2007 08:19:43 +0530 Subject: [Python-Dev] Roundup issue mails "Do not thread!" In-Reply-To: <46DCC125.8040109@v.loewis.de> References: <20070903184748.GB5632@gmail.com> <46DCC125.8040109@v.loewis.de> Message-ID: <20070904024943.GA3605@gmail.com> * "Martin v. L?wis" [2007-09-04 04:21:25]: > > The issue000xxx emails might not being have In-Reply-To or References: header. > > If messages are entered through the web interface, they won't have these > headers. Then I should file a bug/feature request for Roundup. How are others keeping track? Whenever I open an issue after analyzing the email message, I find that it salready discussed and state is changed, I had missed the further emails on the same issue due to non-threads. Thanks, -- O.R.Senthil Kumaran http://uthcode.sarovar.org From guido at python.org Tue Sep 4 04:57:49 2007 From: guido at python.org (Guido van Rossum) Date: Mon, 3 Sep 2007 19:57:49 -0700 Subject: [Python-Dev] Product function patch [issue 1093] In-Reply-To: <46DC91D2.7060407@canterbury.ac.nz> References: <318072440709022134m52cc729fi575a3fb99fb10b70@mail.gmail.com> <46DC91D2.7060407@canterbury.ac.nz> Message-ID: On 9/3/07, Greg Ewing wrote: > Speaking of such things, I was thinking the other day > that it might be useful to have somewhere in the stdlib > a full set of functions for doing elementwise operations > and reductions on the built-in array type. > > This would make it possible for one to do efficient > bulk arithmetic when the need arises from time to time > without having to pull in a heavyweight dependency > such as Numeric or numpy. But what's the point, given that numpy already exists? Wouldn't you just be redoing the work that numpy has already done? -- --Guido van Rossum (home page: http://www.python.org/~guido/) From martin at v.loewis.de Tue Sep 4 05:13:59 2007 From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Tue, 04 Sep 2007 05:13:59 +0200 Subject: [Python-Dev] Roundup issue mails "Do not thread!" In-Reply-To: <20070904024943.GA3605@gmail.com> References: <20070903184748.GB5632@gmail.com> <46DCC125.8040109@v.loewis.de> <20070904024943.GA3605@gmail.com> Message-ID: <46DCCD77.7090300@v.loewis.de> > Then I should file a bug/feature request for Roundup. Please consider what you are asking for. How precisely should roundup set the In-reply-to header? It won't know what message this is a reply to, or whether it is a reply at all. > How are others keeping track? Whenever I open an issue after analyzing the email > message, I find that it salready discussed and state is changed, I > had missed the further emails on the same issue due to non-threads. My email tool has better threading than yours, I guess. IceDove (Thunderbird) will thread the messages by subject also. The non-threaded ones get displayed on the second level, appearing in reply to the original message (or, rather, the youngest message with the same subject - just as if the message mentioned in In-Reply-To has already been deleted). Regards, Martin From martin at v.loewis.de Tue Sep 4 05:33:10 2007 From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Tue, 04 Sep 2007 05:33:10 +0200 Subject: [Python-Dev] Porting information In-Reply-To: <46DC88AD.5060001@copperchipgames.com> References: <46DC88AD.5060001@copperchipgames.com> Message-ID: <46DCD1F6.2040906@v.loewis.de> > I've started by looking at the parser portion of the code. However I am > not certain this is the best place to start. Since there are so many > ports I assume there is a well trodden path to completing this kind of > task. I believe this assumption is wrong. There are not many ports, only a handful (or less - Jython, IronPython, PyPy). While Jython and IronPython may have similar implementation strategies, I would expect that PyPy took an entirely different approach. In any case, there certainly is a step that you apparently failed to perform as the very first step: set some explicit goals. What kind of compatibility do you want to achieve in your port, what other goals would you like to follow? IOW, why is IronPython not what you want (it *is* a port of CPython to C#, in a sense), and why is the C# support in PyPy not good enough for you? > I would prefer to break the task into portions that can be verified > (tested for correctness) independently or as a stack (one on top of the > next). That way I can catch errors early and have more confidence in > what I am creating. As I don't know what you want to achieve, it is difficult to tell you what steps to take. I assume your implementation would be similar to CPython in that it uses the same byte code format. So one path would be to ignore the compiler at all, and assume that the byte code format is given, i.e. start with port ceval.c. I'm not sure whether you also want to provide the same low-level API (i.e. whether you want to provide "Embedding and Extending"); it surely can't be the *same* API, since your's will be C#, whereas CPython's is, well, C. If you implement ceval.c, you will find quickly that you need much of the Objects folder, so implementing the 10 or so most important objects would be the natural starting point (type, int, string, tuple, dict, frame, code, class, method - assuming you would target Python 1.5 first, i.e. no bool, cell, descr, gen, iter, weakref, unicode, object). > When I looked through the test suites they all seem to be written in > Python. Is there a test suite for the core of CPython i.e. before the C > code can interpret Python code? Yes and no. The core Python is tested through compilation - if it compiles without warnings on the relevant compilers, it is considered good enough to run the Python test suite. For selected features of the interpreter, there are specific tests, in particular test_capi. The core of CPython (compiler, objects, builtins) is then tested through Python code. Regards, Martin From greg.ewing at canterbury.ac.nz Tue Sep 4 11:18:43 2007 From: greg.ewing at canterbury.ac.nz (Greg Ewing) Date: Tue, 04 Sep 2007 21:18:43 +1200 Subject: [Python-Dev] Product function patch [issue 1093] In-Reply-To: References: <318072440709022134m52cc729fi575a3fb99fb10b70@mail.gmail.com> <46DC91D2.7060407@canterbury.ac.nz> Message-ID: <46DD22F3.6070701@canterbury.ac.nz> Guido van Rossum wrote: > But what's the point, given that numpy already exists? Wouldn't you > just be redoing the work that numpy has already done? Sometimes I just want to do something simple like adding two vectors together, and it seems unreasonable to add the whole of numpy as a dependency just to get that. Currently Python has built-in ways of doing arithmetic, and built-in ways of storing arrays of numbers efficiently, but no built-in way of doing arithmetic on arrays of numbers efficiently. I'd like to see some of the core machinery of numpy moved into the Python stdlib, and numpy refactored so that it builds on that. Then there wouldn't be duplication. -- Greg From steve at shrogers.com Tue Sep 4 13:57:30 2007 From: steve at shrogers.com (Steven H. Rogers) Date: Tue, 04 Sep 2007 05:57:30 -0600 Subject: [Python-Dev] Product function patch [issue 1093] In-Reply-To: <46DD22F3.6070701@canterbury.ac.nz> References: <318072440709022134m52cc729fi575a3fb99fb10b70@mail.gmail.com> <46DC91D2.7060407@canterbury.ac.nz> <46DD22F3.6070701@canterbury.ac.nz> Message-ID: <46DD482A.1000801@shrogers.com> Greg Ewing wrote: > Guido van Rossum wrote: > >> But what's the point, given that numpy already exists? Wouldn't you >> just be redoing the work that numpy has already done? >> > > Sometimes I just want to do something simple like > adding two vectors together, and it seems unreasonable > to add the whole of numpy as a dependency just to > get that. ... > > I'd like to see some of the core machinery of numpy moved > into the Python stdlib, and numpy refactored so that it > builds on that. Then there wouldn't be duplication. > Concur. Array processing would be a very practical addition to the standard library. It's used extensively in engineering, finance, and the sciences. It looks like they may find room in the OLPC XO for key subsets of NumPy and Matplotlib. They want it both as a teaching resource and to optimize their software suite as a whole. If they're successful, we'll have a lot of young pythoneers expecting this functionality. # Steve From martin at v.loewis.de Tue Sep 4 14:54:49 2007 From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Tue, 04 Sep 2007 14:54:49 +0200 Subject: [Python-Dev] Product function patch [issue 1093] In-Reply-To: <46DD22F3.6070701@canterbury.ac.nz> References: <318072440709022134m52cc729fi575a3fb99fb10b70@mail.gmail.com> <46DC91D2.7060407@canterbury.ac.nz> <46DD22F3.6070701@canterbury.ac.nz> Message-ID: <46DD5599.9010003@v.loewis.de> > I'd like to see some of the core machinery of numpy moved > into the Python stdlib, and numpy refactored so that it > builds on that. Then there wouldn't be duplication. I think this requires a PEP, and explicit support from the NumPy people. Regards, Martin From guido at python.org Tue Sep 4 16:38:58 2007 From: guido at python.org (Guido van Rossum) Date: Tue, 4 Sep 2007 07:38:58 -0700 Subject: [Python-Dev] Product function patch [issue 1093] In-Reply-To: <46DD482A.1000801@shrogers.com> References: <318072440709022134m52cc729fi575a3fb99fb10b70@mail.gmail.com> <46DC91D2.7060407@canterbury.ac.nz> <46DD22F3.6070701@canterbury.ac.nz> <46DD482A.1000801@shrogers.com> Message-ID: On 9/4/07, Steven H. Rogers wrote: > Concur. Array processing would be a very practical addition to the > standard library. It's used extensively in engineering, finance, and > the sciences. It looks like they may find room in the OLPC XO for key > subsets of NumPy and Matplotlib. They want it both as a teaching > resource and to optimize their software suite as a whole. If they're > successful, we'll have a lot of young pythoneers expecting this > functionality. I still don't see why the standard library needs to be weighed down with a competitor to numpy. Including a subset of numpy was considered in the past, but it's hard to decide on the right subset. In the end it was decided that numpy is too big to become a standard library. Given all the gyrations it has gone through I definitely believe this was the right decision. -- --Guido van Rossum (home page: http://www.python.org/~guido/) From ncoghlan at gmail.com Tue Sep 4 16:52:29 2007 From: ncoghlan at gmail.com (Nick Coghlan) Date: Wed, 05 Sep 2007 00:52:29 +1000 Subject: [Python-Dev] Product function patch [issue 1093] In-Reply-To: <46DD5599.9010003@v.loewis.de> References: <318072440709022134m52cc729fi575a3fb99fb10b70@mail.gmail.com> <46DC91D2.7060407@canterbury.ac.nz> <46DD22F3.6070701@canterbury.ac.nz> <46DD5599.9010003@v.loewis.de> Message-ID: <46DD712D.9080103@gmail.com> Martin v. L?wis wrote: >> I'd like to see some of the core machinery of numpy moved into the >> Python stdlib, and numpy refactored so that it builds on that. Then >> there wouldn't be duplication. > > I think this requires a PEP, and explicit support from the NumPy > people. Travis has actually been working on this off-and-on for the last couple of years, including mentoring an SoC project last year. I believe PEP 3118 (the revised buffer protocol) was one of the major outcomes - rather than having yet-another-array-type to copy data to and from in order to use different libraries, the focus moved to permitting better interoperability amongst the array types that already exist. Once we support better interoperability at the data storage level, it will actually become *more* useful to have a simple multi-dimensional array type in the standard library as you could easily pass those objects to functions from more powerful array manipulation libraries as your needs become more complicated. Cheers, Nick. -- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia --------------------------------------------------------------- http://www.boredomandlaziness.org From janssen at parc.com Tue Sep 4 20:33:50 2007 From: janssen at parc.com (Bill Janssen) Date: Tue, 4 Sep 2007 11:33:50 PDT Subject: [Python-Dev] frozenset C API? Message-ID: <07Sep4.113351pdt."57996"@synergy1.parc.xerox.com> I'm looking at building a "frozenset" instance as a return value from a C function, and the C API seems ridiculously clumsy. Maybe I'm misunderstanding it. Apparently, I need to create a list object, then pass that to PyFrozenSet_New(), then decref the list object. Is that correct? What I'd like is something more like PyFrozenSet_NEW(int) => PySetObject * PyFrozenSet_SET_ITEM(s, i, v) Any idea why these aren't part of the API? Bill From guido at python.org Tue Sep 4 20:37:58 2007 From: guido at python.org (Guido van Rossum) Date: Tue, 4 Sep 2007 11:37:58 -0700 Subject: [Python-Dev] frozenset C API? In-Reply-To: <-4762611594645938717@unknownmsgid> References: <-4762611594645938717@unknownmsgid> Message-ID: I guess nobody has tried to create frozenset instances from C code before. Almost everyone uses set anyway. What are you trying to do? On 9/4/07, Bill Janssen wrote: > I'm looking at building a "frozenset" instance as a return value from > a C function, and the C API seems ridiculously clumsy. Maybe I'm > misunderstanding it. Apparently, I need to create a list object, then > pass that to PyFrozenSet_New(), then decref the list object. > > Is that correct? > > What I'd like is something more like > > PyFrozenSet_NEW(int) => PySetObject * > PyFrozenSet_SET_ITEM(s, i, v) > > Any idea why these aren't part of the API? > > Bill > _______________________________________________ > Python-Dev mailing list > Python-Dev at python.org > http://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: http://mail.python.org/mailman/options/python-dev/guido%40python.org > -- --Guido van Rossum (home page: http://www.python.org/~guido/) From martin at v.loewis.de Tue Sep 4 21:02:06 2007 From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Tue, 04 Sep 2007 21:02:06 +0200 Subject: [Python-Dev] frozenset C API? In-Reply-To: <07Sep4.113351pdt."57996"@synergy1.parc.xerox.com> References: <07Sep4.113351pdt."57996"@synergy1.parc.xerox.com> Message-ID: <46DDABAE.9020004@v.loewis.de> Bill Janssen schrieb: > I'm looking at building a "frozenset" instance as a return value from > a C function, and the C API seems ridiculously clumsy. Maybe I'm > misunderstanding it. Apparently, I need to create a list object, then > pass that to PyFrozenSet_New(), then decref the list object. > > Is that correct? Almost. It doesn't have to be a list - any iterable object would do. Regards, Martin From ty.newton at copperchipgames.com Tue Sep 4 21:07:41 2007 From: ty.newton at copperchipgames.com (Ty Newton) Date: Wed, 05 Sep 2007 05:07:41 +1000 Subject: [Python-Dev] Compiling cpython2.5.1 in VS2005? Message-ID: <46DDACFD.2080606@copperchipgames.com> Hi, I was building Python 2.5.1 in Visual Studio 2005 and noticed some problems with the instructions. Can someone confirm this and update the readme file in the PCbuild8 directory? I don't yet have access to the repository. This is what the readme.txt file says to do: All you need to do is open the workspace "pcbuild.sln" in VisualStudio 2005, select the platform, select the Debug or Release setting (using "Solution Configuration" from the "Standard" toolbar"), and build the solution. The proper order to build subprojects: 1) pythoncore (this builds the main Python DLL and library files, python25.{dll, lib} in Release mode) NOTE: in previous releases, this subproject was named after the release number, e.g. python20. 2) python (this builds the main Python executable, python.exe in Release mode) This is my experience. DEBUG configuration: When I select 'pythoncore' (right click) from the solution explorer, select 'project only', select 'build only pythoncore' I get this error report: Warning 1 warning C4005: 'Yield' : macro redefinition E:\Program Files\Microsoft Visual Studio 8\VC\PlatformSDK\include\winbase.h 57 Warning 2 warning C4005: 'Yield' : macro redefinition E:\Program Files\Microsoft Visual Studio 8\VC\PlatformSDK\include\winbase.h 57 Error 3 fatal error C1083: Cannot open source file: '.\getbuildinfo2.c': No such file or directory c1 It looks like the project dependencies are not kicking in. I assume this is caused by building the project instead of the solution. So I did them manually. First make_versioninfo project: I select 'make_versioninfo' (right click) from the solution explorer, select 'project only', select 'build only make_versioninfo'. This succeeds. Second make_buildinfo project: I select 'make_buildinfo' (right click) from the solution explorer, select 'project only', select 'build only make_buildinfo'. This succeeds. Finally I try to make pythoncore again: I select 'pythoncore' (right click) from the solution explorer, select 'project only', select 'build only pythoncore'. This succeeds. Now I build python and it also succeeds. One last thing I noticed is if there are spaces in the path of the source files the compilation also fails. Regards, Ty From python at rcn.com Tue Sep 4 21:14:17 2007 From: python at rcn.com (Raymond Hettinger) Date: Tue, 4 Sep 2007 15:14:17 -0400 (EDT) Subject: [Python-Dev] frozenset C API? Message-ID: <20070904151417.AFJ20377@ms10.lnh.mail.rcn.net> You can create a frozenset from any iterable using PyFrozenSet_New(). If you don't have an iterable and want to build-up the frozenset one element at a time, the approach is to create a regular set (or some other mutable container), add to it, then convert it to a frozenset when you're done: s = PySet_New(NULL); PySet_Add(s, obj1); PySet_Add(s, obj2); PySet_Add(s, obj3); f = PyFrozenSet_New(s); Py_DECREF(s); That approach is similar to what you do with tuples in pure python. You either build them from an iterable "t = tuple(iterable)" or your build-up a mutable object one element at a time and convert it all at once: s = [] s.append(obj1) s.append(obj2) t = tuple(s) The API you propose doesn't work because sets and frozensets are not indexed like tuples and lists. Accordingly, sets and frozensets have a C API that is more like dictionaries. Since dictionaries are not indexable, they also cannot have an API like the one you propose: PyDict_NEW(int) => PySetObject * PyDict_SET_ITEM(s, index, key, value) If you find all this really annoying and need to fashion a small frozenset with a few known objects, consider using the abstract API: f = PyObject_CallFunction(&PyFrozenSet_Type, "(OOO)", obj1, obj2, obj3); That will roll the whole process up into one line. Hope this was helpful, Raymond --------------------------------------------------------------- Bill Janssen Add To Address Book|This is Spam Subject:[Python-Dev] frozenset C API? To:python-dev at python.org I'm looking at building a "frozenset" instance as a return value from a C function, and the C API seems ridiculously clumsy. Maybe I'm misunderstanding it. Apparently, I need to create a list object, then pass that to PyFrozenSet_New(), then decref the list object. Is that correct? What I'd like is something more like PyFrozenSet_NEW(int) => PySetObject * PyFrozenSet_SET_ITEM(s, i, v) Any idea why these aren't part of the API? From janssen at parc.com Tue Sep 4 21:21:37 2007 From: janssen at parc.com (Bill Janssen) Date: Tue, 4 Sep 2007 12:21:37 PDT Subject: [Python-Dev] frozenset C API? In-Reply-To: References: <-4762611594645938717@unknownmsgid> Message-ID: <07Sep4.122146pdt."57996"@synergy1.parc.xerox.com> I'm working on issue 1583946. Nagle pointed out that each DN (the "subject" and "issuer" fields in a certificate) may have multiple values for the same attribute name, and I haven't been able to rule this out yet. X.509 DNs are sets of X.500 attributes, and X.500 attributes may be either single-valued or multiple-valued. I haven't found anything in the X.509 standard that prohibits multiple-valued attributes (yet -- I'm still looking), so I'm working on an alternative to using dicts to represent the set of attributes in the certificate that's returned from ssl.sslsocket.getpeercert(). "frozenset" seems the most appropriate -- it's a non-ordered immutable set of attributes. Could use a tuple, but (1) that implies order, and (2) using set operations on the attribute set would be handy to test for various things, particularly "issubset" and "issuperset". I think frozenset is quite analogous to tuple at this level, and I suggest that a similar set of C construction functions would be a good thing. Bill > I guess nobody has tried to create frozenset instances from C code > before. Almost everyone uses set anyway. What are you trying to do? > > On 9/4/07, Bill Janssen wrote: > > I'm looking at building a "frozenset" instance as a return value from > > a C function, and the C API seems ridiculously clumsy. Maybe I'm > > misunderstanding it. Apparently, I need to create a list object, then > > pass that to PyFrozenSet_New(), then decref the list object. > > > > Is that correct? > > > > What I'd like is something more like > > > > PyFrozenSet_NEW(int) => PySetObject * > > PyFrozenSet_SET_ITEM(s, i, v) > > > > Any idea why these aren't part of the API? > > > > Bill > > _______________________________________________ > > Python-Dev mailing list > > Python-Dev at python.org > > http://mail.python.org/mailman/listinfo/python-dev > > Unsubscribe: http://mail.python.org/mailman/options/python-dev/guido%40python.org > > > > > -- > --Guido van Rossum (home page: http://www.python.org/~guido/) From janssen at parc.com Tue Sep 4 21:31:09 2007 From: janssen at parc.com (Bill Janssen) Date: Tue, 4 Sep 2007 12:31:09 PDT Subject: [Python-Dev] frozenset C API? In-Reply-To: <20070904151417.AFJ20377@ms10.lnh.mail.rcn.net> References: <20070904151417.AFJ20377@ms10.lnh.mail.rcn.net> Message-ID: <07Sep4.123111pdt."57996"@synergy1.parc.xerox.com> Raymond, thanks for the note. > You can create a frozenset from any iterable using PyFrozenSet_New(). > > If you don't have an iterable and want to build-up the frozenset one element at a time, the approach is to create a regular set (or some other mutable container), add to it, then convert it to a frozenset when you're done: > > s = PySet_New(NULL); > PySet_Add(s, obj1); > PySet_Add(s, obj2); > PySet_Add(s, obj3); > f = PyFrozenSet_New(s); > Py_DECREF(s); This is essentially the same thing I mentioned, except using a set instead of a list as the iterable. I'm just a tad annoyed at the fact that I know at set creation time exactly how many elements it's going to have, and this procedure strikes me as a somewhat inefficient way to create that set. Just tickles my "C inefficiency" funnybone a bit :-). > The API you propose doesn't work because sets and frozensets are not > indexed like tuples and lists. Accordingly, sets and frozensets have > a C API that is more like dictionaries. Since dictionaries are not > indexable, they also cannot have an API like the one you propose: > > PyDict_NEW(int) => PySetObject * > PyDict_SET_ITEM(s, index, key, value) Didn't really mean to propose "PyDict_SET_ITEM(s, index, key, value)", should have been PyDict_SET_ITEM(s, index, value) But your point is still well taken. How about this one, though: PyDict_NEW(int) => PySetObject * PyDict_ADD(s, value) ADD would just stick value in the next empty slot (and steal its reference). Bill From janssen at parc.com Tue Sep 4 22:11:11 2007 From: janssen at parc.com (Bill Janssen) Date: Tue, 4 Sep 2007 13:11:11 PDT Subject: [Python-Dev] frozenset C API? In-Reply-To: <07Sep4.123111pdt."57996"@synergy1.parc.xerox.com> References: <20070904151417.AFJ20377@ms10.lnh.mail.rcn.net> <07Sep4.123111pdt."57996"@synergy1.parc.xerox.com> Message-ID: <07Sep4.131116pdt."57996"@synergy1.parc.xerox.com> > But your point is still well taken. How about this one, though: > > PyDict_NEW(int) => PySetObject * > PyDict_ADD(s, value) > > ADD would just stick value in the next empty slot (and steal its > reference). Sorry, I meant to say PyFrozenSet_NEW(int) => PySetObject * PyFrozenSet_ADD(s, value) Bill From python at rcn.com Tue Sep 4 22:19:45 2007 From: python at rcn.com (Raymond Hettinger) Date: Tue, 4 Sep 2007 16:19:45 -0400 (EDT) Subject: [Python-Dev] frozenset C API? Message-ID: <20070904161945.AFJ44412@ms10.lnh.mail.rcn.net> [Bill Janssen] > > How about this one, though: > > PyDict_NEW(int) => PySetObject * > PyDict_ADD(s, value) > > ADD would just stick value in the next > empty slot (and steal its reference). Dicts, sets and frozenset are implemented as hash tables, not as arrays, so the above suggestion doesn't make any sense to me. The location of the "next empty slot" depends on a the key associated with the value being added (btw, where is the "key" handled in your proposed API?). Consequently, the PyDict_New(int) step would have no way to know where to create the n empty slots (since their location is determined by the hash value of the keys). That is a reason that the tuple/list API differs from the set/frozenet/dict API. Raymond From martin at v.loewis.de Tue Sep 4 22:55:38 2007 From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Tue, 04 Sep 2007 22:55:38 +0200 Subject: [Python-Dev] Compiling cpython2.5.1 in VS2005? In-Reply-To: <46DDACFD.2080606@copperchipgames.com> References: <46DDACFD.2080606@copperchipgames.com> Message-ID: <46DDC64A.9010700@v.loewis.de> > Can someone confirm this and update the readme file in the PCbuild8 > directory? I don't yet have access to the repository. Please provide patches instead, and post them on bugs.python.org. Regards, Martin From greg.ewing at canterbury.ac.nz Tue Sep 4 22:58:07 2007 From: greg.ewing at canterbury.ac.nz (Greg Ewing) Date: Wed, 05 Sep 2007 08:58:07 +1200 Subject: [Python-Dev] Product function patch [issue 1093] In-Reply-To: <46DD5599.9010003@v.loewis.de> References: <318072440709022134m52cc729fi575a3fb99fb10b70@mail.gmail.com> <46DC91D2.7060407@canterbury.ac.nz> <46DD22F3.6070701@canterbury.ac.nz> <46DD5599.9010003@v.loewis.de> Message-ID: <46DDC6DF.1080307@canterbury.ac.nz> Martin v. L?wis wrote: > I think this requires a PEP, and explicit support from the > NumPy people. Someone who knows more about numpy's internals would be needed to figure out what the details should be like in order to be usable by numpy. But I could write a PEP about how what I have in mind would look from the Python level. -- Greg From martin at v.loewis.de Tue Sep 4 23:26:20 2007 From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Tue, 04 Sep 2007 23:26:20 +0200 Subject: [Python-Dev] frozenset C API? In-Reply-To: <07Sep4.122146pdt."57996"@synergy1.parc.xerox.com> References: <-4762611594645938717@unknownmsgid> <07Sep4.122146pdt."57996"@synergy1.parc.xerox.com> Message-ID: <46DDCD7C.40004@v.loewis.de> > I'm working on issue 1583946. Nagle pointed out that each DN (the > "subject" and "issuer" fields in a certificate) may have multiple > values for the same attribute name, and I haven't been able to rule > this out yet. This is indeed common. In particular, DN= and OU= often occur multiple times. > X.509 DNs are sets of X.500 attributes, and X.500 > attributes may be either single-valued or multiple-valued. Conceptually perhaps (although I doubt that). Practically, Name is Name ::= CHOICE { RDNSequence } RDNSequence ::= SEQUENCE OF RelativeDistinguishedName RelativeDistinguishedName ::= SET OF AttributeTypeAndValue AttributeTypeAndValue ::= SEQUENCE { type AttributeType, value AttributeValue } So it's a sequence of sets of key/value pairs. If you want to have the same type twice, you have two options: either make multiple RDNs, each single-valued, or make a single RDN, with multiple kv-pairs. IIUC, the intention of the multi-valued RDNs is that you have an entity described by multiple attributes. For example, relative to O=Foo, neither GN=Bill nor SN=Janssen might correctly identify a person. So you would create O=Foo,GN=Bill+SN=Janssen. That's allowed, but not really common - instead, people both a) use CN as a unique identifier, and b) put separate attributes for a single object into separate RDNs, as if email=janssen at parc.com was a subnode in the DIT relative to CN="Bill Janssen". > I haven't > found anything in the X.509 standard that prohibits multiple-valued > attributes (yet -- I'm still looking), so I'm working on an > alternative to using dicts to represent the set of attributes in the > certificate that's returned from ssl.sslsocket.getpeercert(). Conceptually, it should be a list (order *is* relevant). It can then be debated whether the RDN can be represented as a dictionary; my understanding is that the intention of RDNs is that the AttributeType is unique within an RDN (but I may be wrong). Regards, Martin From greg.ewing at canterbury.ac.nz Tue Sep 4 23:26:32 2007 From: greg.ewing at canterbury.ac.nz (Greg Ewing) Date: Wed, 05 Sep 2007 09:26:32 +1200 Subject: [Python-Dev] Product function patch [issue 1093] In-Reply-To: References: <318072440709022134m52cc729fi575a3fb99fb10b70@mail.gmail.com> <46DC91D2.7060407@canterbury.ac.nz> <46DD22F3.6070701@canterbury.ac.nz> <46DD482A.1000801@shrogers.com> Message-ID: <46DDCD88.7080009@canterbury.ac.nz> Guido van Rossum wrote: > I still don't see why the standard library needs to be weighed down > with a competitor to numpy. The way to get things done efficiently with an interpreted language is for the language or its libraries to provide primitives that work on large chunks of data at once, and can be combined in flexible ways. Python provides many such primitives for working with strings -- the string methods, regexps, etc. But it doesn't provide *any* for numbers, and that strikes me as an odd gap in functionality. What I have in mind would be quite small, so it wouldn't "weigh down" the stdlib. You could think of it as an extension to the operator module that turns it into something useful. :-) And, as I said, if it's designed so that numpy can build on it, then it needn't be competing with numpy. > Including a subset of numpy was considered > in the past, but it's hard to decide on the right subset. What I'm thinking of wouldn't be a "subset" of numpy, in the sense that it wouldn't necessarily share any of the numpy API from the Python perspective. All it would provide is the minimum necessary primitives to get the grunt work done. I'm thinking of having a bunch of functions like add_elementwise(src1, src2, dst, start, chunk, stride) where src1, src2 and dst are anything supporting the new buffer protocol. That should be sufficient to support something with a numpy-like API, I think. -- Greg From greg.ewing at canterbury.ac.nz Tue Sep 4 23:30:25 2007 From: greg.ewing at canterbury.ac.nz (Greg Ewing) Date: Wed, 05 Sep 2007 09:30:25 +1200 Subject: [Python-Dev] Product function patch [issue 1093] In-Reply-To: <46DD712D.9080103@gmail.com> References: <318072440709022134m52cc729fi575a3fb99fb10b70@mail.gmail.com> <46DC91D2.7060407@canterbury.ac.nz> <46DD22F3.6070701@canterbury.ac.nz> <46DD5599.9010003@v.loewis.de> <46DD712D.9080103@gmail.com> Message-ID: <46DDCE71.7090608@canterbury.ac.nz> Nick Coghlan wrote: > Travis has actually been working on this off-and-on for the last couple > of years, Well, yes, but that's concentrating on a different aspect of things -- the data storage. My proposal concerns what you can *do* with the data, independent of the way it's stored. My idea and Travis's would complement each other, I think. -- Greg From martin at v.loewis.de Tue Sep 4 23:42:27 2007 From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Tue, 04 Sep 2007 23:42:27 +0200 Subject: [Python-Dev] Product function patch [issue 1093] In-Reply-To: <46DDCD88.7080009@canterbury.ac.nz> References: <318072440709022134m52cc729fi575a3fb99fb10b70@mail.gmail.com> <46DC91D2.7060407@canterbury.ac.nz> <46DD22F3.6070701@canterbury.ac.nz> <46DD482A.1000801@shrogers.com> <46DDCD88.7080009@canterbury.ac.nz> Message-ID: <46DDD143.3030205@v.loewis.de> > What I have in mind would be quite small, so it wouldn't > "weigh down" the stdlib. If it's a builtin, it certainly would. Every builtin weighs down the library, as it clutters the global(est) namespace. > I'm thinking of having a bunch of functions like > > add_elementwise(src1, src2, dst, start, chunk, stride) > > where src1, src2 and dst are anything supporting the > new buffer protocol. That should be sufficient to support > something with a numpy-like API, I think. This sounds like a topic for python-ideas. Regards, Martin From hasan.diwan at gmail.com Tue Sep 4 23:43:04 2007 From: hasan.diwan at gmail.com (Hasan Diwan) Date: Tue, 4 Sep 2007 14:43:04 -0700 Subject: [Python-Dev] Math.sqrt(-1) -- nan or ValueError? Message-ID: <2cda2fc90709041443v225562c5taf3112d341652a42@mail.gmail.com> I'm trying to fix a failing unit test in revision 57974. The test in question claims that math.sqrt(-1) should raise ValueError; the code itself gives "nan" as a result for that expression. I can modify the test and therefore have it pass, but I'm not sure if an exception would be more appropriate. I'd be happy for some direction here. Many thanks! -- Cheers, Hasan Diwan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.python.org/pipermail/python-dev/attachments/20070904/7e0c52ba/attachment.htm From ty.newton at copperchipgames.com Tue Sep 4 23:46:33 2007 From: ty.newton at copperchipgames.com (Ty Newton) Date: Wed, 05 Sep 2007 07:46:33 +1000 Subject: [Python-Dev] Compiling cpython2.5.1 in VS2005? In-Reply-To: <46DDC64A.9010700@v.loewis.de> References: <46DDACFD.2080606@copperchipgames.com> <46DDC64A.9010700@v.loewis.de> Message-ID: <46DDD239.5050706@copperchipgames.com> oh, sorry. I'll do that. Ty Martin v. L?wis wrote: >> Can someone confirm this and update the readme file in the PCbuild8 >> directory? I don't yet have access to the repository. > > Please provide patches instead, and post them on bugs.python.org. > > Regards, > Martin > > From guido at python.org Tue Sep 4 23:55:28 2007 From: guido at python.org (Guido van Rossum) Date: Tue, 4 Sep 2007 14:55:28 -0700 Subject: [Python-Dev] Product function patch [issue 1093] In-Reply-To: <46DDCD88.7080009@canterbury.ac.nz> References: <318072440709022134m52cc729fi575a3fb99fb10b70@mail.gmail.com> <46DC91D2.7060407@canterbury.ac.nz> <46DD22F3.6070701@canterbury.ac.nz> <46DD482A.1000801@shrogers.com> <46DDCD88.7080009@canterbury.ac.nz> Message-ID: By all means do write up a PEP -- it's hard to generalize from that one example. On 9/4/07, Greg Ewing wrote: > Guido van Rossum wrote: > > I still don't see why the standard library needs to be weighed down > > with a competitor to numpy. > > The way to get things done efficiently with an interpreted > language is for the language or its libraries to provide > primitives that work on large chunks of data at once, and > can be combined in flexible ways. > > Python provides many such primitives for working with > strings -- the string methods, regexps, etc. But it doesn't > provide *any* for numbers, and that strikes me as an odd > gap in functionality. > > What I have in mind would be quite small, so it wouldn't > "weigh down" the stdlib. You could think of it as an > extension to the operator module that turns it into > something useful. :-) > > And, as I said, if it's designed so that numpy can build > on it, then it needn't be competing with numpy. > > > Including a subset of numpy was considered > > in the past, but it's hard to decide on the right subset. > > What I'm thinking of wouldn't be a "subset" of numpy, in > the sense that it wouldn't necessarily share any of the > numpy API from the Python perspective. All it would > provide is the minimum necessary primitives to get the > grunt work done. > > I'm thinking of having a bunch of functions like > > add_elementwise(src1, src2, dst, start, chunk, stride) > > where src1, src2 and dst are anything supporting the > new buffer protocol. That should be sufficient to support > something with a numpy-like API, I think. > > -- > Greg > _______________________________________________ > Python-Dev mailing list > Python-Dev at python.org > http://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: http://mail.python.org/mailman/options/python-dev/guido%40python.org > -- --Guido van Rossum (home page: http://www.python.org/~guido/) From guido at python.org Tue Sep 4 23:58:27 2007 From: guido at python.org (Guido van Rossum) Date: Tue, 4 Sep 2007 14:58:27 -0700 Subject: [Python-Dev] Math.sqrt(-1) -- nan or ValueError? In-Reply-To: <2cda2fc90709041443v225562c5taf3112d341652a42@mail.gmail.com> References: <2cda2fc90709041443v225562c5taf3112d341652a42@mail.gmail.com> Message-ID: Is this on OSX? That test has been failing (because on that platform sqrt(-1) returns nan instead of raising ValueError) for years -- but the test is only run when run in verbose mode, which mostly hides the issue. Have you read the comment for the test? On 9/4/07, Hasan Diwan wrote: > I'm trying to fix a failing unit test in revision 57974. The test in > question claims that math.sqrt(-1) should raise ValueError; the code itself > gives "nan" as a result for that expression. I can modify the test and > therefore have it pass, but I'm not sure if an exception would be more > appropriate. I'd be happy for some direction here. Many thanks! -- --Guido van Rossum (home page: http://www.python.org/~guido/) From hasan.diwan at gmail.com Wed Sep 5 00:13:50 2007 From: hasan.diwan at gmail.com (Hasan Diwan) Date: Tue, 4 Sep 2007 15:13:50 -0700 Subject: [Python-Dev] Math.sqrt(-1) -- nan or ValueError? In-Reply-To: References: <2cda2fc90709041443v225562c5taf3112d341652a42@mail.gmail.com> Message-ID: <2cda2fc90709041513g7f67ec10l29c94c1d8fc4c0d7@mail.gmail.com> On 04/09/07, Guido van Rossum wrote: > > Is this on OSX? That test has been failing (because on that platform > sqrt(-1) returns nan instead of raising ValueError) for years -- but > the test is only run when run in verbose mode, which mostly hides the > issue. Have you read the comment for the test? Indeed, I am on OSX. Yes, I have read the comment for the test. Would the following pseudocode be an acceptable fix for the problem: if sys.platform == 'darwin' and math.sqrt(-1) == nan: return else: try: x = math.sqrt(-1) except ValueError: pass ... or should I just not bother? -- Cheers, Hasan Diwan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.python.org/pipermail/python-dev/attachments/20070904/a598e9d5/attachment.htm From janssen at parc.com Wed Sep 5 00:21:10 2007 From: janssen at parc.com (Bill Janssen) Date: Tue, 4 Sep 2007 15:21:10 PDT Subject: [Python-Dev] frozenset C API? In-Reply-To: <46DDCD7C.40004@v.loewis.de> References: <-4762611594645938717@unknownmsgid> <07Sep4.122146pdt."57996"@synergy1.parc.xerox.com> <46DDCD7C.40004@v.loewis.de> Message-ID: <07Sep4.152117pdt."57996"@synergy1.parc.xerox.com> > > X.509 DNs are sets of X.500 attributes, and X.500 > > attributes may be either single-valued or multiple-valued. > > Conceptually perhaps (although I doubt that). I got that from David Chadwick's book at http://sec.cs.kent.ac.uk/x500book/. ``An attribute comprises an attribute type and one or more attribute values.'' The question is, how would a multiple-valued attribute be represented in a certificate Name? I'm presuming it would appear as multiple attributes with the same "type", but different values. > Conceptually, it should be a list (order *is* relevant). It can > then be debated whether the RDN can be represented as a dictionary; > my understanding is that the intention of RDNs is that the AttributeType > is unique within an RDN (but I may be wrong). > Name ::= CHOICE { RDNSequence } > > RDNSequence ::= SEQUENCE OF RelativeDistinguishedName > > RelativeDistinguishedName ::= > SET OF AttributeTypeAndValue > > AttributeTypeAndValue ::= SEQUENCE { > type AttributeType, > value AttributeValue } Order is important in the directory tree, but not (I think) in the DN; that name is just an unordered set of attributes, because the hierarchy information has already been lost (the RDN elements cannot be distinguished from each other using only the internal certificate information). In any case, it certainly sounds to me as if there can be multiple instances of AttributeTypeAndValue with the same "type" field in a single Name. So I'll represent them as tuples, which will preserve the order in which they occur in the certificate, and make the value immutable. Applications which need them as sets can create their own frozensets from that tuple. Bill From janssen at parc.com Wed Sep 5 00:26:56 2007 From: janssen at parc.com (Bill Janssen) Date: Tue, 4 Sep 2007 15:26:56 PDT Subject: [Python-Dev] frozenset C API? In-Reply-To: <20070904161945.AFJ44412@ms10.lnh.mail.rcn.net> References: <20070904161945.AFJ44412@ms10.lnh.mail.rcn.net> Message-ID: <07Sep4.152702pdt."57996"@synergy1.parc.xerox.com> > Dicts, sets and frozenset are implemented as hash tables, not as arrays, I see, thanks. > The location of the "next empty slot" depends on a the key > associated with the value being added (btw, where is the "key" handled > in your proposed API?). What key? It's a set, not a mapping. The value is the key. Bill From guido at python.org Wed Sep 5 00:45:15 2007 From: guido at python.org (Guido van Rossum) Date: Tue, 4 Sep 2007 15:45:15 -0700 Subject: [Python-Dev] Math.sqrt(-1) -- nan or ValueError? In-Reply-To: <2cda2fc90709041513g7f67ec10l29c94c1d8fc4c0d7@mail.gmail.com> References: <2cda2fc90709041443v225562c5taf3112d341652a42@mail.gmail.com> <2cda2fc90709041513g7f67ec10l29c94c1d8fc4c0d7@mail.gmail.com> Message-ID: I think it's better for the test to fail, to indicate that there's an unresolved problem on the platform. On 9/4/07, Hasan Diwan wrote: > On 04/09/07, Guido van Rossum wrote: > > Is this on OSX? That test has been failing (because on that platform > > sqrt(-1) returns nan instead of raising ValueError) for years -- but > > the test is only run when run in verbose mode, which mostly hides the > > issue. Have you read the comment for the test? > > Indeed, I am on OSX. Yes, I have read the comment for the test. Would the > following pseudocode be an acceptable fix for the problem: > if sys.platform == 'darwin' and math.sqrt(-1) == nan: > return > else: > try: > x = math.sqrt(-1) > except ValueError: > pass > ... > or should I just not bother? > -- > Cheers, > > Hasan Diwan < hasan.diwan at gmail.com> -- --Guido van Rossum (home page: http://www.python.org/~guido/) From ty.newton at copperchipgames.com Wed Sep 5 02:45:52 2007 From: ty.newton at copperchipgames.com (Ty Newton) Date: Wed, 05 Sep 2007 10:45:52 +1000 Subject: [Python-Dev] Porting information In-Reply-To: <46DCD1F6.2040906@v.loewis.de> References: <46DC88AD.5060001@copperchipgames.com> <46DCD1F6.2040906@v.loewis.de> Message-ID: <46DDFC40.2000808@copperchipgames.com> Thanks Martin, Martin v. L?wis wrote: >> I've started by looking at the parser portion of the code. However I am >> not certain this is the best place to start. Since there are so many >> ports I assume there is a well trodden path to completing this kind of >> task. > > I believe this assumption is wrong. There are not many ports, only a > handful (or less - Jython, IronPython, PyPy). While Jython and > IronPython may have similar implementation strategies, I would expect > that PyPy took an entirely different approach. > > In any case, there certainly is a step that you apparently failed > to perform as the very first step: set some explicit goals. What > kind of compatibility do you want to achieve in your port, what > other goals would you like to follow? > I thought I'd try and keep my message short so I decided not to go into the explicit objectives. At the most basic it is the ability for developers to run compiled Python as part of the game code. The next step up from that is allowing Python source code to execute and be modified in a 'simple' interactive coding tool: allowing for 'tweaking' code to be implemented outside of the game engine team. Principal constraint: Microsoft support for independent development on the 360 is only provided through the use of their slimmed down .Net compact framework and the XNA Game Studio Express development environment (C# only). This allows Microsoft to implement security within the tool chain and deployment pipeline to sandbox strictly. > IOW, why is IronPython not what you want (it *is* a port of CPython > to C#, in a sense), and why is the C# support in PyPy not good enough > for you? > The impact, to this project, of the reduced API and strict sandboxing in the 360 dev environment is Python implementations like IronPython are not feasible. IronPython uses the reflection capabilities of C# to interpret directly to CLR. Without reflection IronPython simply cannot operate. Unfortunately the 360 API does not include reflection functionality. I had a look into PyPy and concluded that it could produce a result that would operate however I was less certain about integrating it into a development tool chain for the 360. It seems more likely that a 'C#Python' would result in a cleaner development environment - much like the embedded inclusion of Lua scripting in many games software. >> I would prefer to break the task into portions that can be verified >> (tested for correctness) independently or as a stack (one on top of the >> next). That way I can catch errors early and have more confidence in >> what I am creating. > > As I don't know what you want to achieve, it is difficult to tell > you what steps to take. > > I assume your implementation would be similar to CPython in that > it uses the same byte code format. So one path would be to ignore > the compiler at all, and assume that the byte code format is given, > i.e. start with port ceval.c. > > I'm not sure whether you also want to provide the same low-level > API (i.e. whether you want to provide "Embedding and Extending"); > it surely can't be the *same* API, since your's will be C#, whereas > CPython's is, well, C. If you implement ceval.c, you will find > quickly that you need much of the Objects folder, so implementing > the 10 or so most important objects would be the natural starting > point (type, int, string, tuple, dict, frame, code, class, method - > assuming you would target Python 1.5 first, i.e. no bool, cell, > descr, gen, iter, weakref, unicode, object). > >> When I looked through the test suites they all seem to be written in >> Python. Is there a test suite for the core of CPython i.e. before the C >> code can interpret Python code? > > Yes and no. The core Python is tested through compilation - if it > compiles without warnings on the relevant compilers, it is considered > good enough to run the Python test suite. For selected features of > the interpreter, there are specific tests, in particular test_capi. > > The core of CPython (compiler, objects, builtins) is then tested > through Python code. > This seems like a sensible way to start since the test harness needs a Python interpreter. Although it seems counter-intuitive to build the bytecode interpreter so that I can test the bytecode compiler... > Regards, > Martin > > Thanks for the advice Martin. Regards, Ty From steve at shrogers.com Wed Sep 5 03:39:42 2007 From: steve at shrogers.com (Steven H. Rogers) Date: Tue, 04 Sep 2007 19:39:42 -0600 Subject: [Python-Dev] Product function patch [issue 1093] In-Reply-To: References: <318072440709022134m52cc729fi575a3fb99fb10b70@mail.gmail.com> <46DC91D2.7060407@canterbury.ac.nz> <46DD22F3.6070701@canterbury.ac.nz> <46DD482A.1000801@shrogers.com> Message-ID: <46DE08DE.4090503@shrogers.com> Guido van Rossum wrote: > I still don't see why the standard library needs to be weighed down > with a competitor to numpy. Including a subset of numpy was considered > in the past, but it's hard to decide on the right subset. In the end > it was decided that numpy is too big to become a standard library. > Given all the gyrations it has gone through I definitely believe this > was the right decision. A competitor to NumPy would be counter-productive, but including a core subset in the standard library that NumPy could be built upon would add valuable functionality to Python out of the box. It was probably the best decision to not include NumPy when it was previously considered, but I think it should be reconsidered for Python 3.x. While defining the right subset to include has it's difficulties, I believe it can be done. What would be a reasonable target size for inclusion in the standard library? # Steve From steve at shrogers.com Wed Sep 5 03:56:23 2007 From: steve at shrogers.com (Steven H. Rogers) Date: Tue, 04 Sep 2007 19:56:23 -0600 Subject: [Python-Dev] Product function patch [issue 1093] In-Reply-To: <46DDC6DF.1080307@canterbury.ac.nz> References: <318072440709022134m52cc729fi575a3fb99fb10b70@mail.gmail.com> <46DC91D2.7060407@canterbury.ac.nz> <46DD22F3.6070701@canterbury.ac.nz> <46DD5599.9010003@v.loewis.de> <46DDC6DF.1080307@canterbury.ac.nz> Message-ID: <46DE0CC7.3040503@shrogers.com> Greg Ewing wrote: > Martin v. L?wis wrote: > >> I think this requires a PEP, and explicit support from the >> NumPy people. >> > > Someone who knows more about numpy's internals would > be needed to figure out what the details should be > like in order to be usable by numpy. But I could write > a PEP about how what I have in mind would look from > the Python level. > I'm confident that the NumPy developers would support this in principle. If you want help with the PEP, I'm willing to help. From guido at python.org Wed Sep 5 04:03:51 2007 From: guido at python.org (Guido van Rossum) Date: Tue, 4 Sep 2007 19:03:51 -0700 Subject: [Python-Dev] Product function patch [issue 1093] In-Reply-To: <46DE08DE.4090503@shrogers.com> References: <318072440709022134m52cc729fi575a3fb99fb10b70@mail.gmail.com> <46DC91D2.7060407@canterbury.ac.nz> <46DD22F3.6070701@canterbury.ac.nz> <46DD482A.1000801@shrogers.com> <46DE08DE.4090503@shrogers.com> Message-ID: On 9/4/07, Steven H. Rogers wrote: > Guido van Rossum wrote: > > I still don't see why the standard library needs to be weighed down > > with a competitor to numpy. Including a subset of numpy was considered > > in the past, but it's hard to decide on the right subset. In the end > > it was decided that numpy is too big to become a standard library. > > Given all the gyrations it has gone through I definitely believe this > > was the right decision. > A competitor to NumPy would be counter-productive, but including a core > subset in the standard library that NumPy could be built upon would add > valuable functionality to Python out of the box. It was probably the > best decision to not include NumPy when it was previously considered, > but I think it should be reconsidered for Python 3.x. While defining > the right subset to include has it's difficulties, I believe it can be > done. What would be a reasonable target size for inclusion in the > standard library? What makes 3.0 so special? Additions to the stdlib can be considered at any feature release. Frankly, 3.0 is already so loaded with new features (and removals) that I'm not sure it's worth pile this onto it. That said, I would much rather argue with a detailed PEP than with yet another suggestion that we do something. I am already doing enough -- it's up for some other folks to get together and produce a proposal. -- --Guido van Rossum (home page: http://www.python.org/~guido/) From steve at shrogers.com Wed Sep 5 04:35:41 2007 From: steve at shrogers.com (Steven H. Rogers) Date: Tue, 04 Sep 2007 20:35:41 -0600 Subject: [Python-Dev] Product function patch [issue 1093] In-Reply-To: References: <318072440709022134m52cc729fi575a3fb99fb10b70@mail.gmail.com> <46DC91D2.7060407@canterbury.ac.nz> <46DD22F3.6070701@canterbury.ac.nz> <46DD482A.1000801@shrogers.com> <46DE08DE.4090503@shrogers.com> Message-ID: <46DE15FD.9000801@shrogers.com> Guido van Rossum wrote: > What makes 3.0 so special? Additions to the stdlib can be considered > at any feature release. Frankly, 3.0 is already so loaded with new > features (and removals) that I'm not sure it's worth pile this onto > it. > I actually wrote 3.x, not 3.0. I agree that it makes no sense to add anything more to 3.0. From robert.kern at gmail.com Wed Sep 5 04:45:45 2007 From: robert.kern at gmail.com (Robert Kern) Date: Tue, 04 Sep 2007 21:45:45 -0500 Subject: [Python-Dev] Product function patch [issue 1093] In-Reply-To: References: <318072440709022134m52cc729fi575a3fb99fb10b70@mail.gmail.com> <46DC91D2.7060407@canterbury.ac.nz> <46DD22F3.6070701@canterbury.ac.nz> <46DD482A.1000801@shrogers.com> <46DE08DE.4090503@shrogers.com> Message-ID: Guido van Rossum wrote: > On 9/4/07, Steven H. Rogers wrote: >> Guido van Rossum wrote: >>> I still don't see why the standard library needs to be weighed down >>> with a competitor to numpy. Including a subset of numpy was considered >>> in the past, but it's hard to decide on the right subset. In the end >>> it was decided that numpy is too big to become a standard library. >>> Given all the gyrations it has gone through I definitely believe this >>> was the right decision. >> A competitor to NumPy would be counter-productive, but including a core >> subset in the standard library that NumPy could be built upon would add >> valuable functionality to Python out of the box. It was probably the >> best decision to not include NumPy when it was previously considered, >> but I think it should be reconsidered for Python 3.x. While defining >> the right subset to include has it's difficulties, I believe it can be >> done. What would be a reasonable target size for inclusion in the >> standard library? > > What makes 3.0 so special? Additions to the stdlib can be considered > at any feature release. The 3.x compatibility break (however alleviated by 2to3) makes a nice clean cutoff. The numpy that works on Pythons 3.x would essentially be a port from the current numpy. Consequently, we could modify the numpy for Pythons 3.x to always rely on the stdlib API to build on top of. We couldn't do that for the version targeted to Pythons 2.x because we could only rely on its presence for 2.6+. I don't mind maintaining two versions of numpy, one for Python 2.x and one for 3.x, but I don't care to maintain three. I invite Greg and Steven and whoever else is interested to discuss ideas for the PEP on numpy-discussion. I'm skeptical, seeing what currently has been suggested, but some more details could easily allay that. http://projects.scipy.org/mailman/listinfo/numpy-discussion -- Robert Kern "I have come to believe that the whole world is an enigma, a harmless enigma that is made terrible by our own mad attempt to interpret it as though it had an underlying truth." -- Umberto Eco From janssen at parc.com Wed Sep 5 04:58:11 2007 From: janssen at parc.com (Bill Janssen) Date: Tue, 4 Sep 2007 19:58:11 PDT Subject: [Python-Dev] frozenset C API? In-Reply-To: <07Sep4.152117pdt."57996"@synergy1.parc.xerox.com> References: <-4762611594645938717@unknownmsgid> <07Sep4.122146pdt."57996"@synergy1.parc.xerox.com> <46DDCD7C.40004@v.loewis.de> <07Sep4.152117pdt."57996"@synergy1.parc.xerox.com> Message-ID: <07Sep4.195817pdt."57996"@synergy1.parc.xerox.com> > In any case, it certainly sounds to me as if there can be multiple > instances of AttributeTypeAndValue with the same "type" field in a > single Name. So I'll represent them as tuples, which will preserve > the order in which they occur in the certificate, and make the value > immutable. Applications which need them as sets can create their > own frozensets from that tuple. Here's an example of the new format: {'issuer': (('countryName', u'US'), ('organizationName', u'VeriSign, Inc.'), ('organizationalUnitName', u'VeriSign Trust Network'), ('organizationalUnitName', u'Terms of use at https://www.verisign.com/rpa (c)06'), ('commonName', u'VeriSign Class 3 Extended Validation SSL SGC CA')), 'notAfter': 'May 8 23:59:59 2009 GMT', 'notBefore': 'May 9 00:00:00 2007 GMT', 'subject': (('serialNumber', u'2497886'), ('1.3.6.1.4.1.311.60.2.1.3', u'US'), ('1.3.6.1.4.1.311.60.2.1.2', u'Delaware'), ('countryName', u'US'), ('postalCode', u'94043'), ('stateOrProvinceName', u'California'), ('localityName', u'Mountain View'), ('streetAddress', u'487 East Middlefield Road'), ('organizationName', u'VeriSign, Inc.'), ('organizationalUnitName', u'Production Security Services'), ('organizationalUnitName', u'Terms of use at www.verisign.com/rpa (c)06'), ('commonName', u'www.verisign.com')), 'version': 2} Bill From guido at python.org Wed Sep 5 05:18:36 2007 From: guido at python.org (Guido van Rossum) Date: Tue, 4 Sep 2007 20:18:36 -0700 Subject: [Python-Dev] Product function patch [issue 1093] In-Reply-To: References: <318072440709022134m52cc729fi575a3fb99fb10b70@mail.gmail.com> <46DC91D2.7060407@canterbury.ac.nz> <46DD22F3.6070701@canterbury.ac.nz> <46DD482A.1000801@shrogers.com> <46DE08DE.4090503@shrogers.com> Message-ID: On 9/4/07, Robert Kern wrote: > The 3.x compatibility break (however alleviated by 2to3) makes a nice clean > cutoff. The numpy that works on Pythons 3.x would essentially be a port from the > current numpy. Consequently, we could modify the numpy for Pythons 3.x to always > rely on the stdlib API to build on top of. We couldn't do that for the version > targeted to Pythons 2.x because we could only rely on its presence for 2.6+. I > don't mind maintaining two versions of numpy, one for Python 2.x and one for > 3.x, but I don't care to maintain three. I just had a discussion with Glyph "Twisted" Lefkowitz about this. He warns that if every project using Python uses 3.0's incompatibility as an excuse to make their own library/package/project incompatible as well, we will end up with total pandemonium (my paraphrase). I think he has a good point -- we shouldn't be injecting any more instability into the world than absolutely necessary. In any case, the rift is more likely to be between 2.5 and 2.6, since 2.6 will provide backports of most 3.0 features (though without some of the accompanying cleanups, in order to also provide strong backwards compatibility). To be honest, I also doubt the viability of designing and implementing something that would satisfy Greg Ewing's goals *and* be stable enough in the standard library, in under a year. But as I said before, I don't see much point in arguing much further until I see the PEP. I may yet be convinced, but it will have to be a good design and a well-argued proposal. -- --Guido van Rossum (home page: http://www.python.org/~guido/) From steve at shrogers.com Wed Sep 5 05:17:43 2007 From: steve at shrogers.com (Steven H. Rogers) Date: Tue, 04 Sep 2007 21:17:43 -0600 Subject: [Python-Dev] Product function patch [issue 1093] In-Reply-To: References: <318072440709022134m52cc729fi575a3fb99fb10b70@mail.gmail.com> <46DC91D2.7060407@canterbury.ac.nz> <46DD22F3.6070701@canterbury.ac.nz> <46DD482A.1000801@shrogers.com> <46DE08DE.4090503@shrogers.com> Message-ID: <46DE1FD7.7060706@shrogers.com> Robert Kern wrote: > I invite Greg and Steven and whoever else is interested to discuss ideas for the > PEP on numpy-discussion. I'm skeptical, seeing what currently has been > suggested, but some more details could easily allay that. > > http://projects.scipy.org/mailman/listinfo/numpy-discussion > Accepted, that's probably the best place for this to continue. Greg's suggestion sounds plausible to me, but needs to be fleshed out. From robert.kern at gmail.com Wed Sep 5 05:28:46 2007 From: robert.kern at gmail.com (Robert Kern) Date: Tue, 04 Sep 2007 22:28:46 -0500 Subject: [Python-Dev] Product function patch [issue 1093] In-Reply-To: References: <318072440709022134m52cc729fi575a3fb99fb10b70@mail.gmail.com> <46DC91D2.7060407@canterbury.ac.nz> <46DD22F3.6070701@canterbury.ac.nz> <46DD482A.1000801@shrogers.com> <46DE08DE.4090503@shrogers.com> Message-ID: Guido van Rossum wrote: > On 9/4/07, Robert Kern wrote: >> The 3.x compatibility break (however alleviated by 2to3) makes a nice clean >> cutoff. The numpy that works on Pythons 3.x would essentially be a port from the >> current numpy. Consequently, we could modify the numpy for Pythons 3.x to always >> rely on the stdlib API to build on top of. We couldn't do that for the version >> targeted to Pythons 2.x because we could only rely on its presence for 2.6+. I >> don't mind maintaining two versions of numpy, one for Python 2.x and one for >> 3.x, but I don't care to maintain three. > > I just had a discussion with Glyph "Twisted" Lefkowitz about this. He > warns that if every project using Python uses 3.0's incompatibility as > an excuse to make their own library/package/project incompatible as > well, we will end up with total pandemonium (my paraphrase). I think > he has a good point -- we shouldn't be injecting any more instability > into the world than absolutely necessary. I agree. I didn't mean to imply that the 3.x version of numpy would be incompatible to users of it, just that the codebase that implements it will be different, whether it is automatically or manually translated. Of course, if the API is introduced in 3.(x>0), we end up with the same problem I wanted to avoid. Ah well. See you on the flip side of the PEP. -- Robert Kern "I have come to believe that the whole world is an enigma, a harmless enigma that is made terrible by our own mad attempt to interpret it as though it had an underlying truth." -- Umberto Eco From martin at v.loewis.de Wed Sep 5 07:25:12 2007 From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Wed, 05 Sep 2007 07:25:12 +0200 Subject: [Python-Dev] frozenset C API? In-Reply-To: <07Sep4.152117pdt."57996"@synergy1.parc.xerox.com> References: <-4762611594645938717@unknownmsgid> <07Sep4.122146pdt."57996"@synergy1.parc.xerox.com> <46DDCD7C.40004@v.loewis.de> <07Sep4.152117pdt."57996"@synergy1.parc.xerox.com> Message-ID: <46DE3DB8.6000004@v.loewis.de> >>> X.509 DNs are sets of X.500 attributes, and X.500 >>> attributes may be either single-valued or multiple-valued. >> Conceptually perhaps (although I doubt that). > > I got that from David Chadwick's book at http://sec.cs.kent.ac.uk/x500book/. > > ``An attribute comprises an attribute type and one or more attribute values.'' Ah, ok. But then, the DN is not a *set* of such attributes, but a sequence. > The question is, how would a multiple-valued attribute be represented > in a certificate Name? I'm presuming it would appear as multiple > attributes with the same "type", but different values. Within a single RelativeDistinguishedName, yes. > Order is important in the directory tree, but not (I think) in the DN; > that name is just an unordered set of attributes, because the > hierarchy information has already been lost (the RDN elements cannot > be distinguished from each other using only the internal certificate > information). Hmm. The directory tree only exists through the order in the DN. E.g from http://java.sun.com/products/jndi/tutorial/ldap/models/x500.html "The X.500 namespace is hierarchical. An entry is unambiguously identified by a distinguished name (DN). A distinguished name is the concatenation of selected attributes from each entry, called the relative distinguished name (RDN), in the tree along a path leading from the root down to the named entry." If the RDNs within a DN would not be ordered, you would not get a hierarchical tree, and you could not identify entries unambiguously. > In any case, it certainly sounds to me as if there can be multiple > instances of AttributeTypeAndValue with the same "type" field in a > single Name. So I'll represent them as tuples, which will preserve > the order in which they occur in the certificate, and make the value > immutable. Ok. I think this will still not support multi-valued RDNs properly, but those are uncommon in PKI. Regards, Martin From martin at v.loewis.de Wed Sep 5 07:48:11 2007 From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Wed, 05 Sep 2007 07:48:11 +0200 Subject: [Python-Dev] frozenset C API? In-Reply-To: <07Sep4.195817pdt."57996"@synergy1.parc.xerox.com> References: <-4762611594645938717@unknownmsgid> <07Sep4.122146pdt."57996"@synergy1.parc.xerox.com> <46DDCD7C.40004@v.loewis.de> <07Sep4.152117pdt."57996"@synergy1.parc.xerox.com> <07Sep4.195817pdt."57996"@synergy1.parc.xerox.com> Message-ID: <46DE431B.20403@v.loewis.de> > Here's an example of the new format: > > {'issuer': (('countryName', u'US'), > ('organizationName', u'VeriSign, Inc.'), > ('organizationalUnitName', u'VeriSign Trust Network'), > ('organizationalUnitName', > u'Terms of use at https://www.verisign.com/rpa (c)06'), > ('commonName', > u'VeriSign Class 3 Extended Validation SSL SGC CA')), Can you please take a look at the attached certificates? How are they represented? The DNs of these are structurally different, one being /DC=org/DC=python/CN=foo/CN=bar and the other /DC=org/DC=python/CN=foo2+CN=bar2 Regards, Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: ca1.crt Type: application/x-x509-ca-cert Size: 1008 bytes Desc: not available Url : http://mail.python.org/pipermail/python-dev/attachments/20070905/61187ed8/attachment-0002.crt -------------- next part -------------- A non-text attachment was scrubbed... Name: ca2.crt Type: application/x-x509-ca-cert Size: 1008 bytes Desc: not available Url : http://mail.python.org/pipermail/python-dev/attachments/20070905/61187ed8/attachment-0003.crt From ndbecker2 at gmail.com Wed Sep 5 14:57:06 2007 From: ndbecker2 at gmail.com (Neal Becker) Date: Wed, 05 Sep 2007 08:57:06 -0400 Subject: [Python-Dev] python sphinx install? Message-ID: I'm interested in trying out new style (python 2.6) documentation. I see we're using docutils + sphinx? I did: svn co http://svn.python.org/projects/doctools/trunk/ How can I install this to try it with python-2.5? From g.brandl at gmx.net Wed Sep 5 15:05:55 2007 From: g.brandl at gmx.net (Georg Brandl) Date: Wed, 05 Sep 2007 15:05:55 +0200 Subject: [Python-Dev] python sphinx install? In-Reply-To: References: Message-ID: Neal Becker schrieb: > I'm interested in trying out new style (python 2.6) documentation. I see > we're using docutils + sphinx? > > I did: svn co http://svn.python.org/projects/doctools/trunk/ > > How can I install this to try it with python-2.5? What do you want to try with Python 2.5? If you want to build the Python 2.6/3.0 docs, it's easiest to check the Python sources out from http://svn.python.org/projects/python/trunk, go to the Doc directory and do "make html". This will checkout sphinx and all other needed libraries into Doc/tools and build the docs. Georg -- Thus spake the Lord: Thou shalt indent with four spaces. No more, no less. Four shall be the number of spaces thou shalt indent, and the number of thy indenting shall be four. Eight shalt thou not indent, nor either indent thou two, excepting that thou then proceed to four. Tabs are right out. From alan.mcintyre at gmail.com Wed Sep 5 15:09:21 2007 From: alan.mcintyre at gmail.com (Alan McIntyre) Date: Wed, 5 Sep 2007 09:09:21 -0400 Subject: [Python-Dev] x86 XP trunk failure Message-ID: <1d36917a0709050609q2d8d9a24s9c3b0f214762943d@mail.gmail.com> Hi all, My build slave (http://www.python.org/dev/buildbot/trunk/x86%20XP%20trunk) keeps failing because of a crash that appears to be in the bsddb module. I assume the master deems the slave to be lost because it's sitting there waiting on me to make a choice on the "debug/abort" dialog box. I can provide details if anybody needs them. I just figured somebody might want to know that this is actual build/test problem instead of some kind of issue with the internet connection here. Thanks, Alan From ndbecker2 at gmail.com Wed Sep 5 15:18:29 2007 From: ndbecker2 at gmail.com (Neal Becker) Date: Wed, 05 Sep 2007 09:18:29 -0400 Subject: [Python-Dev] python sphinx install? References: Message-ID: Georg Brandl wrote: > Neal Becker schrieb: >> I'm interested in trying out new style (python 2.6) documentation. I see >> we're using docutils + sphinx? >> >> I did: svn co http://svn.python.org/projects/doctools/trunk/ >> >> How can I install this to try it with python-2.5? > > What do you want to try with Python 2.5? > > If you want to build the Python 2.6/3.0 docs, it's easiest to check the > Python sources out from http://svn.python.org/projects/python/trunk, go to > the Doc directory and do "make html". This will checkout sphinx and all > other needed libraries into Doc/tools and build the docs. > > Georg > I want to document my own python code. I figured I might as well start using the new documentation system - but I'm using python-2.5. I intend to use epydoc. I thought maybe I could just add sphinx to my docutils, but maybe not? From g.brandl at gmx.net Wed Sep 5 15:30:24 2007 From: g.brandl at gmx.net (Georg Brandl) Date: Wed, 05 Sep 2007 15:30:24 +0200 Subject: [Python-Dev] python sphinx install? In-Reply-To: References: Message-ID: Neal Becker schrieb: > Georg Brandl wrote: > >> Neal Becker schrieb: >>> I'm interested in trying out new style (python 2.6) documentation. I see >>> we're using docutils + sphinx? >>> >>> I did: svn co http://svn.python.org/projects/doctools/trunk/ >>> >>> How can I install this to try it with python-2.5? >> >> What do you want to try with Python 2.5? >> >> If you want to build the Python 2.6/3.0 docs, it's easiest to check the >> Python sources out from http://svn.python.org/projects/python/trunk, go to >> the Doc directory and do "make html". This will checkout sphinx and all >> other needed libraries into Doc/tools and build the docs. >> >> Georg >> > > I want to document my own python code. I figured I might as well start > using the new documentation system - but I'm using python-2.5. I intend to > use epydoc. I thought maybe I could just add sphinx to my docutils, but > maybe not? I see. Currently, sphinx is not ready to be used by other projects, at least not in conjunction with tools like epydoc. (You should, however, be able to create a rst document hierarchy like Python's and use sphinx for it.) As soon as all needs for the Python documentation are fulfilled, I'll think about how to make the toolset available for other projects. Georg -- Thus spake the Lord: Thou shalt indent with four spaces. No more, no less. Four shall be the number of spaces thou shalt indent, and the number of thy indenting shall be four. Eight shalt thou not indent, nor either indent thou two, excepting that thou then proceed to four. Tabs are right out. From martin at v.loewis.de Wed Sep 5 15:34:03 2007 From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Wed, 05 Sep 2007 15:34:03 +0200 Subject: [Python-Dev] x86 XP trunk failure In-Reply-To: <1d36917a0709050609q2d8d9a24s9c3b0f214762943d@mail.gmail.com> References: <1d36917a0709050609q2d8d9a24s9c3b0f214762943d@mail.gmail.com> Message-ID: <46DEB04B.3090500@v.loewis.de> > My build slave (http://www.python.org/dev/buildbot/trunk/x86%20XP%20trunk) > keeps failing because of a crash that appears to be in the bsddb > module. I assume the master deems the slave to be lost because it's > sitting there waiting on me to make a choice on the "debug/abort" > dialog box. What branch, and for how long has this dialog been sitting around? For crashes in 3.0, there should not be any such dialogs anymore, but there may have been before I turned them off. > I can provide details if anybody needs them. I just figured somebody > might want to know that this is actual build/test problem instead of > some kind of issue with the internet connection here. Thanks. You can discard any such dialogs - most likely, they really were from the 3.0 branch, which is known to crash in bsddb. Regards, Martin From alan.mcintyre at gmail.com Wed Sep 5 15:40:57 2007 From: alan.mcintyre at gmail.com (Alan McIntyre) Date: Wed, 5 Sep 2007 09:40:57 -0400 Subject: [Python-Dev] x86 XP trunk failure In-Reply-To: <46DEB04B.3090500@v.loewis.de> References: <1d36917a0709050609q2d8d9a24s9c3b0f214762943d@mail.gmail.com> <46DEB04B.3090500@v.loewis.de> Message-ID: <1d36917a0709050640y6fead745p6bac24f6f6bb520d@mail.gmail.com> On 9/5/07, "Martin v. L?wis" wrote: > > My build slave (http://www.python.org/dev/buildbot/trunk/x86%20XP%20trunk) > > keeps failing because of a crash that appears to be in the bsddb > > module. I assume the master deems the slave to be lost because it's > > sitting there waiting on me to make a choice on the "debug/abort" > > dialog box. > > What branch, and for how long has this dialog been sitting around? It's the trunk; at the moment the debugger is sitting there with python_d.exe at a breakpoint. The current instance of python_d being debugged is only a day or so old. I don't know when this problem started happening, but I think it's been a while (it was happening for all the visible builds on the dashboard when I first noticed it a day or two ago). > For crashes in 3.0, there should not be any such dialogs anymore, but > there may have been before I turned them off. > > > I can provide details if anybody needs them. I just figured somebody > > might want to know that this is actual build/test problem instead of > > some kind of issue with the internet connection here. > > Thanks. You can discard any such dialogs - most likely, they really were > from the 3.0 branch, which is known to crash in bsddb. Ok. From janssen at parc.com Wed Sep 5 17:17:12 2007 From: janssen at parc.com (Bill Janssen) Date: Wed, 5 Sep 2007 08:17:12 PDT Subject: [Python-Dev] frozenset C API? In-Reply-To: <46DE3DB8.6000004@v.loewis.de> References: <-4762611594645938717@unknownmsgid> <07Sep4.122146pdt."57996"@synergy1.parc.xerox.com> <46DDCD7C.40004@v.loewis.de> <07Sep4.152117pdt."57996"@synergy1.parc.xerox.com> <46DE3DB8.6000004@v.loewis.de> Message-ID: <07Sep5.081717pdt."57996"@synergy1.parc.xerox.com> > > In any case, it certainly sounds to me as if there can be multiple > > instances of AttributeTypeAndValue with the same "type" field in a > > single Name. So I'll represent them as tuples, which will preserve > > the order in which they occur in the certificate, and make the value > > immutable. > > Ok. I think this will still not support multi-valued RDNs properly, but > those are uncommon in PKI. I'm not sure why not... Can you say more? Bill From janssen at parc.com Wed Sep 5 17:44:09 2007 From: janssen at parc.com (Bill Janssen) Date: Wed, 5 Sep 2007 08:44:09 PDT Subject: [Python-Dev] frozenset C API? In-Reply-To: <46DE431B.20403@v.loewis.de> References: <-4762611594645938717@unknownmsgid> <07Sep4.122146pdt."57996"@synergy1.parc.xerox.com> <46DDCD7C.40004@v.loewis.de> <07Sep4.152117pdt."57996"@synergy1.parc.xerox.com> <07Sep4.195817pdt."57996"@synergy1.parc.xerox.com> <46DE431B.20403@v.loewis.de> Message-ID: <07Sep5.084418pdt."57996"@synergy1.parc.xerox.com> >The DNs of these are structurally different, one being >/DC=org/DC=python/CN=foo/CN=bar and the other >/DC=org/DC=python/CN=foo2+CN=bar2 Ah, I see what you're driving at. You can inspect them yourself by looking at the certs with openssl: % openssl x509 -text -in attachment-0002.crt Certificate: Data: Version: 3 (0x2) Serial Number: a9:29:70:b4:3a:72:27:5a Signature Algorithm: sha1WithRSAEncryption Issuer: DC=org, DC=python, CN=foo, CN=bar Validity Not Before: Sep 5 05:38:20 2007 GMT Not After : Sep 4 05:38:20 2008 GMT Subject: DC=org, DC=python, CN=foo, CN=bar Subject Public Key Info ... % openssl x509 -text -in attachment-0003.crt Certificate: Data: Version: 3 (0x2) Serial Number: 82:0a:4f:36:0f:ab:1a:c3 Signature Algorithm: sha1WithRSAEncryption Issuer: DC=org, DC=python, CN=bar2, CN=foo2 Validity Not Before: Sep 5 05:43:26 2007 GMT Not After : Sep 4 05:43:26 2008 GMT Subject: DC=org, DC=python, CN=bar2, CN=foo2 Subject Public Key Info: The hierarchy information does not appear to be preserved. Bill From janssen at parc.com Wed Sep 5 17:48:04 2007 From: janssen at parc.com (Bill Janssen) Date: Wed, 5 Sep 2007 08:48:04 PDT Subject: [Python-Dev] frozenset C API? In-Reply-To: <46DE431B.20403@v.loewis.de> References: <-4762611594645938717@unknownmsgid> <07Sep4.122146pdt."57996"@synergy1.parc.xerox.com> <46DDCD7C.40004@v.loewis.de> <07Sep4.152117pdt."57996"@synergy1.parc.xerox.com> <07Sep4.195817pdt."57996"@synergy1.parc.xerox.com> <46DE431B.20403@v.loewis.de> Message-ID: <07Sep5.084813pdt."57996"@synergy1.parc.xerox.com> More succinctly: % openssl x509 -subject -noout -in attachment-0002.crt subject= /DC=org/DC=python/CN=foo/CN=bar % openssl x509 -subject -noout -in attachment-0003.crt subject= /DC=org/DC=python/CN=bar2/CN=foo2 % Bill From martin at v.loewis.de Wed Sep 5 17:49:10 2007 From: martin at v.loewis.de (=?ISO-8859-15?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Wed, 05 Sep 2007 17:49:10 +0200 Subject: [Python-Dev] frozenset C API? In-Reply-To: <07Sep5.081717pdt."57996"@synergy1.parc.xerox.com> References: <-4762611594645938717@unknownmsgid> <07Sep4.122146pdt."57996"@synergy1.parc.xerox.com> <46DDCD7C.40004@v.loewis.de> <07Sep4.152117pdt."57996"@synergy1.parc.xerox.com> <46DE3DB8.6000004@v.loewis.de> <07Sep5.081717pdt."57996"@synergy1.parc.xerox.com> Message-ID: <46DECFF6.4040107@v.loewis.de> >> Ok. I think this will still not support multi-valued RDNs properly, but >> those are uncommon in PKI. > > I'm not sure why not... Can you say more? See the example certificates. If you get (('cn','a'),('email','b')), you can't tell whether that's two single-valued RDNs in a DN, or one multi-valued RDN with two attribute/value pairs. Regards, Martin From martin at v.loewis.de Wed Sep 5 18:05:27 2007 From: martin at v.loewis.de (=?ISO-8859-15?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Wed, 05 Sep 2007 18:05:27 +0200 Subject: [Python-Dev] frozenset C API? In-Reply-To: <07Sep5.084418pdt."57996"@synergy1.parc.xerox.com> References: <-4762611594645938717@unknownmsgid> <07Sep4.122146pdt."57996"@synergy1.parc.xerox.com> <46DDCD7C.40004@v.loewis.de> <07Sep4.152117pdt."57996"@synergy1.parc.xerox.com> <07Sep4.195817pdt."57996"@synergy1.parc.xerox.com> <46DE431B.20403@v.loewis.de> <07Sep5.084418pdt."57996"@synergy1.parc.xerox.com> Message-ID: <46DED3C7.3050308@v.loewis.de> > The hierarchy information does not appear to be preserved. But it only appears so. OpenSSL does not know how to render it properly (hence I say it is not very common in PKI), but they started supporting that when generating certificates, with the -multivalue-rdn option for req, and if you do openssl asn1parse -in ca1.crt you see that they differ: (ca1) l= 17 cons: SEQUENCE l= 10 prim: OBJECT :domainComponent l= 3 prim: IA5STRING :org l= 22 cons: SET l= 20 cons: SEQUENCE l= 10 prim: OBJECT :domainComponent l= 6 prim: IA5STRING :python l= 12 cons: SET l= 10 cons: SEQUENCE l= 3 prim: OBJECT :commonName l= 3 prim: PRINTABLESTRING :foo l= 12 cons: SET l= 10 cons: SEQUENCE l= 3 prim: OBJECT :commonName l= 3 prim: PRINTABLESTRING :bar (ca2) l= 17 cons: SEQUENCE l= 10 prim: OBJECT :domainComponent l= 3 prim: IA5STRING :org l= 22 cons: SET l= 20 cons: SEQUENCE l= 10 prim: OBJECT :domainComponent l= 6 prim: IA5STRING :python l= 26 cons: SET l= 11 cons: SEQUENCE l= 3 prim: OBJECT :commonName l= 4 prim: PRINTABLESTRING :bar2 l= 11 cons: SEQUENCE l= 3 prim: OBJECT :commonName l= 4 prim: PRINTABLESTRING :foo2 In the first case, foo and bar are in different sets, in the second case, they are in the same set. For people concerned about security, that makes a difference. If OpenSSL actually supports that in its APIs, my proposal would be to make a multi-valued RDN a more-than-two-tuple, e.g. (('DC','org'),('DC','python'),('CN','bar2','CN','foo2')) That would make it possible to distinguish the names (pun intended), yet still don't produce structural overhead for the normal case of single-valued RDNs. Regards, Martin From martin at v.loewis.de Wed Sep 5 18:06:53 2007 From: martin at v.loewis.de (=?ISO-8859-15?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Wed, 05 Sep 2007 18:06:53 +0200 Subject: [Python-Dev] frozenset C API? In-Reply-To: <07Sep5.084813pdt."57996"@synergy1.parc.xerox.com> References: <-4762611594645938717@unknownmsgid> <07Sep4.122146pdt."57996"@synergy1.parc.xerox.com> <46DDCD7C.40004@v.loewis.de> <07Sep4.152117pdt."57996"@synergy1.parc.xerox.com> <07Sep4.195817pdt."57996"@synergy1.parc.xerox.com> <46DE431B.20403@v.loewis.de> <07Sep5.084813pdt."57996"@synergy1.parc.xerox.com> Message-ID: <46DED41D.8010506@v.loewis.de> > % openssl x509 -subject -noout -in attachment-0002.crt > subject= /DC=org/DC=python/CN=foo/CN=bar > % openssl x509 -subject -noout -in attachment-0003.crt > subject= /DC=org/DC=python/CN=bar2/CN=foo2 Well, that's the same bug that John Nagle complains about. This output is incorrect. Regards, Martin From janssen at parc.com Wed Sep 5 18:12:34 2007 From: janssen at parc.com (Bill Janssen) Date: Wed, 5 Sep 2007 09:12:34 PDT Subject: [Python-Dev] frozenset C API? In-Reply-To: <46DECFF6.4040107@v.loewis.de> References: <-4762611594645938717@unknownmsgid> <07Sep4.122146pdt."57996"@synergy1.parc.xerox.com> <46DDCD7C.40004@v.loewis.de> <07Sep4.152117pdt."57996"@synergy1.parc.xerox.com> <46DE3DB8.6000004@v.loewis.de> <07Sep5.081717pdt."57996"@synergy1.parc.xerox.com> <46DECFF6.4040107@v.loewis.de> Message-ID: <07Sep5.091238pdt."57996"@synergy1.parc.xerox.com> > See the example certificates. If you get (('cn','a'),('email','b')), > you can't tell whether that's two single-valued RDNs in a DN, > or one multi-valued RDN with two attribute/value pairs. Yup, got it. I don't see a way in the OpenSSL library functions I'm using (X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data) to distinguish between different RDNs, but I'll take a look at the source for X509_NAME_print_ex, which does seem to be able to do this. Bill From janssen at parc.com Wed Sep 5 18:26:42 2007 From: janssen at parc.com (Bill Janssen) Date: Wed, 5 Sep 2007 09:26:42 PDT Subject: [Python-Dev] frozenset C API? In-Reply-To: <07Sep5.091238pdt."57996"@synergy1.parc.xerox.com> References: <-4762611594645938717@unknownmsgid> <07Sep4.122146pdt."57996"@synergy1.parc.xerox.com> <46DDCD7C.40004@v.loewis.de> <07Sep4.152117pdt."57996"@synergy1.parc.xerox.com> <46DE3DB8.6000004@v.loewis.de> <07Sep5.081717pdt."57996"@synergy1.parc.xerox.com> <46DECFF6.4040107@v.loewis.de> <07Sep5.091238pdt."57996"@synergy1.parc.xerox.com> Message-ID: <07Sep5.092643pdt."57996"@synergy1.parc.xerox.com> > Yup, got it. I don't see a way in the OpenSSL library functions I'm > using (X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data) to > distinguish between different RDNs, but I'll take a look at the source > for X509_NAME_print_ex, which does seem to be able to do this. There's a field on the X509_NAME_ENTRY struct which gives the level. OK, I can make it a tuple (list of RDNs) of tuples (one for each RDN) of tuples (one for each attribute in the RDN). And maybe add a flatten function to the ssl.py module :-). Bill From janssen at parc.com Wed Sep 5 18:27:04 2007 From: janssen at parc.com (Bill Janssen) Date: Wed, 5 Sep 2007 09:27:04 PDT Subject: [Python-Dev] frozenset C API? In-Reply-To: <46DED41D.8010506@v.loewis.de> References: <-4762611594645938717@unknownmsgid> <07Sep4.122146pdt."57996"@synergy1.parc.xerox.com> <46DDCD7C.40004@v.loewis.de> <07Sep4.152117pdt."57996"@synergy1.parc.xerox.com> <07Sep4.195817pdt."57996"@synergy1.parc.xerox.com> <46DE431B.20403@v.loewis.de> <07Sep5.084813pdt."57996"@synergy1.parc.xerox.com> <46DED41D.8010506@v.loewis.de> Message-ID: <07Sep5.092704pdt."57996"@synergy1.parc.xerox.com> > Well, that's the same bug that John Nagle complains about. Yes, I agree. Bill From martin at v.loewis.de Wed Sep 5 19:24:35 2007 From: martin at v.loewis.de (=?ISO-8859-15?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Wed, 05 Sep 2007 19:24:35 +0200 Subject: [Python-Dev] frozenset C API? In-Reply-To: <07Sep5.092643pdt."57996"@synergy1.parc.xerox.com> References: <-4762611594645938717@unknownmsgid> <07Sep4.122146pdt."57996"@synergy1.parc.xerox.com> <46DDCD7C.40004@v.loewis.de> <07Sep4.152117pdt."57996"@synergy1.parc.xerox.com> <46DE3DB8.6000004@v.loewis.de> <07Sep5.081717pdt."57996"@synergy1.parc.xerox.com> <46DECFF6.4040107@v.loewis.de> <07Sep5.091238pdt."57996"@synergy1.parc.xerox.com> <07Sep5.092643pdt."57996"@synergy1.parc.xerox.com> Message-ID: <46DEE653.3000909@v.loewis.de> > There's a field on the X509_NAME_ENTRY struct which gives the level. > OK, I can make it a tuple (list of RDNs) of tuples (one for each RDN) > of tuples (one for each attribute in the RDN). And maybe add a > flatten function to the ssl.py module :-). > See my other proposal as well. As nobody actually uses multi-valued RDNs, an option would be to make single tuple for each RDN, containing all attributes, with alternatingly type and value. Then, a single-valued RDN would turn out as a key-value pair (two-tuple), a multi-valued RDN would have a length of 2*number-of-attributes. As for accessor functions, I'd then rather see a get_attr_by_type, returning a list of all values of attributes of that type, across all RDNs in the DN (empty if no attribute was found). People would then do x = get_attr_by_type(subj, ssl.commonName) if len(x) != 1: unsupported_certificate() CN = x[0] Regards, Martin From janssen at parc.com Wed Sep 5 19:49:09 2007 From: janssen at parc.com (Bill Janssen) Date: Wed, 5 Sep 2007 10:49:09 PDT Subject: [Python-Dev] frozenset C API? In-Reply-To: <07Sep5.092643pdt."57996"@synergy1.parc.xerox.com> References: <-4762611594645938717@unknownmsgid> <07Sep4.122146pdt."57996"@synergy1.parc.xerox.com> <46DDCD7C.40004@v.loewis.de> <07Sep4.152117pdt."57996"@synergy1.parc.xerox.com> <46DE3DB8.6000004@v.loewis.de> <07Sep5.081717pdt."57996"@synergy1.parc.xerox.com> <46DECFF6.4040107@v.loewis.de> <07Sep5.091238pdt."57996"@synergy1.parc.xerox.com> <07Sep5.092643pdt."57996"@synergy1.parc.xerox.com> Message-ID: <07Sep5.104910pdt."57996"@synergy1.parc.xerox.com> > OK, I can make it a tuple (list of RDNs) of tuples (one for each RDN) > of tuples (one for each attribute in the RDN). Which gets us to this: {'issuer': ((('countryName', u'US'),), (('stateOrProvinceName', u'Delaware'),), (('localityName', u'Wilmington'),), (('organizationName', u'Python Software Foundation'),), (('organizationalUnitName', u'SSL'),), (('commonName', u'somemachine.python.org'),)), 'notAfter': 'Feb 16 16:54:50 2013 GMT', 'notBefore': 'Aug 27 16:54:50 2007 GMT', 'subject': ((('countryName', u'US'),), (('stateOrProvinceName', u'Delaware'),), (('localityName', u'Wilmington'),), (('organizationName', u'Python Software Foundation'),), (('organizationalUnitName', u'SSL'),), (('commonName', u'somemachine.python.org'),)), 'version': 2} and {'issuer': ((('countryName', u'US'),), (('organizationName', u'VeriSign, Inc.'),), (('organizationalUnitName', u'VeriSign Trust Network'),), (('organizationalUnitName', u'Terms of use at https://www.verisign.com/rpa (c)06'),), (('commonName', u'VeriSign Class 3 Extended Validation SSL SGC CA'),)), 'notAfter': 'May 8 23:59:59 2009 GMT', 'notBefore': 'May 9 00:00:00 2007 GMT', 'subject': ((('serialNumber', u'2497886'),), (('1.3.6.1.4.1.311.60.2.1.3', u'US'),), (('1.3.6.1.4.1.311.60.2.1.2', u'Delaware'),), (('countryName', u'US'),), (('postalCode', u'94043'),), (('stateOrProvinceName', u'California'),), (('localityName', u'Mountain View'),), (('streetAddress', u'487 East Middlefield Road'),), (('organizationName', u'VeriSign, Inc.'),), (('organizationalUnitName', u'Production Security Services'),), (('organizationalUnitName', u'Terms of use at www.verisign.com/rpa (c)06'),), (('commonName', u'www.verisign.com'),)), 'version': 2} Ugly, but accurate. Or is it? Do you really think that "serialNumber" is at the top of a naming tree somewhere? Bill From martin at v.loewis.de Wed Sep 5 20:31:27 2007 From: martin at v.loewis.de (=?ISO-8859-15?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Wed, 05 Sep 2007 20:31:27 +0200 Subject: [Python-Dev] frozenset C API? In-Reply-To: <07Sep5.104910pdt."57996"@synergy1.parc.xerox.com> References: <-4762611594645938717@unknownmsgid> <07Sep4.122146pdt."57996"@synergy1.parc.xerox.com> <46DDCD7C.40004@v.loewis.de> <07Sep4.152117pdt."57996"@synergy1.parc.xerox.com> <46DE3DB8.6000004@v.loewis.de> <07Sep5.081717pdt."57996"@synergy1.parc.xerox.com> <46DECFF6.4040107@v.loewis.de> <07Sep5.091238pdt."57996"@synergy1.parc.xerox.com> <07Sep5.092643pdt."57996"@synergy1.parc.xerox.com> <07Sep5.104910pdt."57996"@synergy1.parc.xerox.com> Message-ID: <46DEF5FF.8040602@v.loewis.de> > 'subject': ((('serialNumber', u'2497886'),), > (('1.3.6.1.4.1.311.60.2.1.3', u'US'),), > (('1.3.6.1.4.1.311.60.2.1.2', u'Delaware'),), > (('countryName', u'US'),), > (('postalCode', u'94043'),), > (('stateOrProvinceName', u'California'),), > (('localityName', u'Mountain View'),), > (('streetAddress', u'487 East Middlefield Road'),), > (('organizationName', u'VeriSign, Inc.'),), > (('organizationalUnitName', u'Production Security Services'),), > (('organizationalUnitName', > u'Terms of use at www.verisign.com/rpa (c)06'),), > (('commonName', u'www.verisign.com'),)), > 'version': 2} > > Ugly, but accurate. Or is it? Do you really think that > "serialNumber" is at the top of a naming tree somewhere? Firefox claims the same order. To bad Verisign hasn't grasped the concept of distinguished names :-( Had they done it right, incorporationStateId, incorporationLocalityId, streetAddress, localityName, postalCode would all have been in the RDN with organizationName - they are all attributes of that organization (or the address attributes perhaps belong to the OU). Also, I doubt they have an organizationalUnit "Terms of use at ...". Regards, Martin From skip at pobox.com Wed Sep 5 20:47:17 2007 From: skip at pobox.com (skip at pobox.com) Date: Wed, 5 Sep 2007 13:47:17 -0500 Subject: [Python-Dev] Errors in the csv module reader/writer methods - new w/ change to rst? Message-ID: <18142.63925.900009.894021@montanaro.dyndns.org> I was just looking for some csv DictWriter examples for a colleague at work and was myself confused by the apparent transformation which took place in the Reader Objects and Writer Objects sections. Each of the methods is now prefixed by "csv.csvreader." or "csv.csvwriter." Neither expression was previously defined in that section. Those undefined expressions are not in the old versions of the documentation, e.g.: http://www.python.org/doc/2.4.4/lib/node634.html http://www.python.org/doc/2.4.4/lib/node635.html http://www.python.org/doc/2.5/lib/node265.html http://www.python.org/doc/2.5/lib/node266.html I don't think they add anything useful to the documentation. Were they added just for the csv module (and possibly a few others) or was this a change to the entire libref documentation? That is, was this some sort of policy change? Can they be removed? Skip From janssen at parc.com Wed Sep 5 20:58:16 2007 From: janssen at parc.com (Bill Janssen) Date: Wed, 5 Sep 2007 11:58:16 PDT Subject: [Python-Dev] frozenset C API? In-Reply-To: <46DEF5FF.8040602@v.loewis.de> References: <-4762611594645938717@unknownmsgid> <07Sep4.122146pdt."57996"@synergy1.parc.xerox.com> <46DDCD7C.40004@v.loewis.de> <07Sep4.152117pdt."57996"@synergy1.parc.xerox.com> <46DE3DB8.6000004@v.loewis.de> <07Sep5.081717pdt."57996"@synergy1.parc.xerox.com> <46DECFF6.4040107@v.loewis.de> <07Sep5.091238pdt."57996"@synergy1.parc.xerox.com> <07Sep5.092643pdt."57996"@synergy1.parc.xerox.com> <07Sep5.104910pdt."57996"@synergy1.parc.xerox.com> <46DEF5FF.8040602@v.loewis.de> Message-ID: <07Sep5.115820pdt."57996"@synergy1.parc.xerox.com> All of this makes me think that some folks may want to do more processing on certificates with more advanced tools, and for that they will need access to the full bits of the certificate. I'll add the ability to retrieve that as well. I'm wondering if I should try to pull some extension attributes out of the cert, and add them to the dict, as well. Like subjectAltName, for instance. Or should we just wait till someone wants it and files a bug report? Bill From martin at v.loewis.de Wed Sep 5 21:10:52 2007 From: martin at v.loewis.de (=?ISO-8859-15?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Wed, 05 Sep 2007 21:10:52 +0200 Subject: [Python-Dev] frozenset C API? In-Reply-To: <07Sep5.115820pdt."57996"@synergy1.parc.xerox.com> References: <-4762611594645938717@unknownmsgid> <07Sep4.122146pdt."57996"@synergy1.parc.xerox.com> <46DDCD7C.40004@v.loewis.de> <07Sep4.152117pdt."57996"@synergy1.parc.xerox.com> <46DE3DB8.6000004@v.loewis.de> <07Sep5.081717pdt."57996"@synergy1.parc.xerox.com> <46DECFF6.4040107@v.loewis.de> <07Sep5.091238pdt."57996"@synergy1.parc.xerox.com> <07Sep5.092643pdt."57996"@synergy1.parc.xerox.com> <07Sep5.104910pdt."57996"@synergy1.parc.xerox.com> <46DEF5FF.8040602@v.loewis.de> <07Sep5.115820pdt."57996"@synergy1.parc.xerox.com> Message-ID: <46DEFF3C.90306@v.loewis.de> > I'm wondering if I should try to pull some extension attributes out of > the cert, and add them to the dict, as well. Like subjectAltName, for > instance. Or should we just wait till someone wants it and files a > bug report? If you have the time and inclination to do that, feel free to. Covering some of the most widely used extensions could be useful: subjectAltName, key usage, extended key usage. If you set up a framework for that, people will contribute others they like to see supported. Regards, Martin From db3l.net at gmail.com Wed Sep 5 21:48:04 2007 From: db3l.net at gmail.com (David Bolen) Date: Wed, 05 Sep 2007 15:48:04 -0400 Subject: [Python-Dev] x86 XP trunk failure References: <1d36917a0709050609q2d8d9a24s9c3b0f214762943d@mail.gmail.com> <46DEB04B.3090500@v.loewis.de> Message-ID: "Martin v. L?wis" writes: >> My build slave (http://www.python.org/dev/buildbot/trunk/x86%20XP%20trunk) >> keeps failing because of a crash that appears to be in the bsddb >> module. I assume the master deems the slave to be lost because it's >> sitting there waiting on me to make a choice on the "debug/abort" >> dialog box. > > What branch, and for how long has this dialog been sitting around? > > For crashes in 3.0, there should not be any such dialogs anymore, but > there may have been before I turned them off. I think there may actually be an issue here, if only with the tests, even though 3.0 does suppress the dialog. I think I started noticing this in the first build after bringing my buildbot online, so I think on Sep 1. I had manually done on a build on Aug 28 (running the buildbot batch file interactively) without the problem, but I haven't been able to find any relevant source tree changes in that interval. Re-fetching from that date has the problem, and I had blown away my older tree when starting up the buildbot officially (of course :-(). At least for me, it's happening on 2.5 and trunk (hard to tell about 3.0, but that's dying without a dialog), so I thought it might have been something backported. But it also appears common to more platforms than just Windows - it's just Windows that pops up that dialog. In my case, the actual dialog doesn't pop up until the end of the tests, and it seems to be occurring only if test_bsddb3 has run during the tests. On other platforms, it just shows up as a warning message, which doesn't serve to mark the tests as failing (e.g., OS X and FreeBSD) - at the of the test you get a message of: warning: DBTxn aborted in destructor. No prior commit() or abort(). which I tracked back to an abort() call within the bsddb library as final destruction is happening at Python exit. (When clearing the test_bsddb module, and the bsddb wrapper tries to access a log file related to an open transaction). So perhaps there's an issue with how one or more of the tests are constructed, or cleanup or something. I haven't narrowed it down further yet though. As with Alan, more details are available as needed. While it seems to show up in the full test run on more platforms, I have a harder time forcing it by just running test_bsddb3 on FreeBSD, for example, while I get the dialog consistently on Windows. -- David From db3l.net at gmail.com Wed Sep 5 22:25:05 2007 From: db3l.net at gmail.com (David Bolen) Date: Wed, 05 Sep 2007 16:25:05 -0400 Subject: [Python-Dev] x86 XP trunk failure References: <1d36917a0709050609q2d8d9a24s9c3b0f214762943d@mail.gmail.com> <46DEB04B.3090500@v.loewis.de> Message-ID: I previously wrote: > (...) > which I tracked back to an abort() call within the bsddb library as > final destruction is happening at Python exit. (When clearing the > test_bsddb module, and the bsddb wrapper tries to access a log file > related to an open transaction). (...) For those more familiar with bsddb, it's the test_1413192.py module in lib/bsddb/test that tickles the problem. It should have been more obvious, since I saw the 1413192 in the module name during exit cleanup, but mentally ignored it as an internal identifier of some sort. The test module clearly leaves an open transaction, but also purges its working directory, so maybe that's why the log file is missing. But since the test was specifically against object destruction, I'm not sure how best to restructure (maybe make env_name into a class that only prunes the directory in __del__? Although that would affect GC and thus destruction order too). This test has been around a bit, but the pruning of the directory was backported recently, which is probably the source of the problems. -- David From greg.ewing at canterbury.ac.nz Wed Sep 5 22:40:22 2007 From: greg.ewing at canterbury.ac.nz (Greg Ewing) Date: Thu, 06 Sep 2007 08:40:22 +1200 Subject: [Python-Dev] Product function patch [issue 1093] In-Reply-To: References: <318072440709022134m52cc729fi575a3fb99fb10b70@mail.gmail.com> <46DC91D2.7060407@canterbury.ac.nz> <46DD22F3.6070701@canterbury.ac.nz> <46DD482A.1000801@shrogers.com> <46DDCD88.7080009@canterbury.ac.nz> Message-ID: <46DF1436.4060404@canterbury.ac.nz> Guido van Rossum wrote: > By all means do write up a PEP -- it's hard to generalize from that one example. I'll write a PEP as soon as I get a chance. But the generalisation is pretty straightforward -- just replicate that signature for each of the binary operations. -- Greg From martin at v.loewis.de Wed Sep 5 23:18:34 2007 From: martin at v.loewis.de (=?UTF-8?B?Ik1hcnRpbiB2LiBMw7Z3aXMi?=) Date: Wed, 05 Sep 2007 23:18:34 +0200 Subject: [Python-Dev] x86 XP trunk failure In-Reply-To: References: <1d36917a0709050609q2d8d9a24s9c3b0f214762943d@mail.gmail.com> <46DEB04B.3090500@v.loewis.de> Message-ID: <46DF1D2A.8090506@v.loewis.de> > warning: DBTxn aborted in destructor. No prior commit() or abort(). I have seen these as well. bsddb isn't very forgiving when you have a Python exception inside a bsddb transaction, in the test suite. IIRC, the exception will abort the transaction, then the unittest fixture teardown will close the environment, and that will cause a bsddb crash because something is getting released that does not exist anymore. When I last looked at it, I did not see an easy way to fix it; contributions are welcome. Regards, Martin From db3l.net at gmail.com Thu Sep 6 00:35:10 2007 From: db3l.net at gmail.com (David Bolen) Date: Wed, 05 Sep 2007 18:35:10 -0400 Subject: [Python-Dev] x86 XP trunk failure References: <1d36917a0709050609q2d8d9a24s9c3b0f214762943d@mail.gmail.com> <46DEB04B.3090500@v.loewis.de> <46DF1D2A.8090506@v.loewis.de> Message-ID: "Martin v. L?wis" writes: >> warning: DBTxn aborted in destructor. No prior commit() or abort(). > > I have seen these as well. bsddb isn't very forgiving when you have > a Python exception inside a bsddb transaction, in the test suite. > IIRC, the exception will abort the transaction, then the unittest > fixture teardown will close the environment, and that will cause > a bsddb crash because something is getting released that does not > exist anymore. When I last looked at it, I did not see an easy way to > fix it; contributions are welcome. One thing I tried that seems to work fairly well for this case is to encapsulate much of the module-level code in the test into a class instance. That way the module-level code can instantiate and destroy the class instance rather than waiting for the interpreter exit for the latter. It definitely resolves this current issue, but when I reverted the changes to _bsddb.c that were originally made in conjunction with this test, it still seemed to pass the test. So I tried the reverted module with the original test code and it still passes. So I'm not entirely sure that the test is enforcing anything at this point, or at least I'm not sure how to be absolutely positive that the change will continue to enforce what the existing code used to test. But I can open a ticket with the proposed changes if that would help. -- David From db3l.net at gmail.com Thu Sep 6 01:01:43 2007 From: db3l.net at gmail.com (David Bolen) Date: Wed, 05 Sep 2007 19:01:43 -0400 Subject: [Python-Dev] x86 XP trunk failure References: <1d36917a0709050609q2d8d9a24s9c3b0f214762943d@mail.gmail.com> <46DEB04B.3090500@v.loewis.de> <46DF1D2A.8090506@v.loewis.de> Message-ID: I wrote: > But I can open a ticket with the proposed changes if that would help. Figure it can't hurt - I've created issue 1112 with the proposed patch to the test_1413192.py module. -- David From brett at python.org Thu Sep 6 01:38:06 2007 From: brett at python.org (Brett Cannon) Date: Wed, 5 Sep 2007 16:38:06 -0700 Subject: [Python-Dev] Google spreadsheet to collaborate on backporting Py3K stuff to 2.6 Message-ID: Neal, Anthony, Thomas W., and I have a spreadsheet that was started to keep track of what needs to be done in what needs to be done in 2.6 for Py3K transitioning: http://spreadsheets.google.com/pub?key=pCKY4oaXnT81FrGo3ShGHGg . I am opening the spreadsheet up to everyone so that others can help maintain it. There is a sheet in the Python 3000 Tasks spreadsheet that should be merged into this spreadsheet and then deleted. If anyone wants to help with that it would be great (once something has been moved from "Python 3000 Tasks" to "Python 2 -> 3 transition" just delete it from "Python 3000 Tasks"). Because Neal created this spreadsheet he is the only one who can open editing to everyone. If you would like to have edit abilities to the spreadsheet just reply to this email saying you want an invite and I will add you manually (and if you want a different address added just say so). -Brett From janssen at parc.com Thu Sep 6 05:03:58 2007 From: janssen at parc.com (Bill Janssen) Date: Wed, 5 Sep 2007 20:03:58 PDT Subject: [Python-Dev] frozenset C API? In-Reply-To: <46DEFF3C.90306@v.loewis.de> References: <-4762611594645938717@unknownmsgid> <07Sep4.122146pdt."57996"@synergy1.parc.xerox.com> <46DDCD7C.40004@v.loewis.de> <07Sep4.152117pdt."57996"@synergy1.parc.xerox.com> <46DE3DB8.6000004@v.loewis.de> <07Sep5.081717pdt."57996"@synergy1.parc.xerox.com> <46DECFF6.4040107@v.loewis.de> <07Sep5.091238pdt."57996"@synergy1.parc.xerox.com> <07Sep5.092643pdt."57996"@synergy1.parc.xerox.com> <07Sep5.104910pdt."57996"@synergy1.parc.xerox.com> <46DEF5FF.8040602@v.loewis.de> <07Sep5.115820pdt."57996"@synergy1.parc.xerox.com> <46DEFF3C.90306@v.loewis.de> Message-ID: <07Sep5.200401pdt."57996"@synergy1.parc.xerox.com> > > I'm wondering if I should try to pull some extension attributes out of > > the cert, and add them to the dict, as well. Like subjectAltName, for > > instance. Or should we just wait till someone wants it and files a > > bug report? > > If you have the time and inclination to do that, feel free to. Covering > some of the most widely used extensions could be useful: subjectAltName, > key usage, extended key usage. If you set up a framework for that, > people will contribute others they like to see supported. It's actually easier to do all or nothing. I'm tempted to just report 'critical' extensions. Bill From janssen at parc.com Thu Sep 6 05:52:08 2007 From: janssen at parc.com (Bill Janssen) Date: Wed, 5 Sep 2007 20:52:08 PDT Subject: [Python-Dev] frozenset C API? In-Reply-To: <07Sep5.200401pdt."57996"@synergy1.parc.xerox.com> References: <-4762611594645938717@unknownmsgid> <07Sep4.122146pdt."57996"@synergy1.parc.xerox.com> <46DDCD7C.40004@v.loewis.de> <07Sep4.152117pdt."57996"@synergy1.parc.xerox.com> <46DE3DB8.6000004@v.loewis.de> <07Sep5.081717pdt."57996"@synergy1.parc.xerox.com> <46DECFF6.4040107@v.loewis.de> <07Sep5.091238pdt."57996"@synergy1.parc.xerox.com> <07Sep5.092643pdt."57996"@synergy1.parc.xerox.com> <07Sep5.104910pdt."57996"@synergy1.parc.xerox.com> <46DEF5FF.8040602@v.loewis.de> <07Sep5.115820pdt."57996"@synergy1.parc.xerox.com> <46DEFF3C.90306@v.loewis.de> <07Sep5.200401pdt."57996"@synergy1.parc.xerox.com> Message-ID: <07Sep5.205217pdt."57996"@synergy1.parc.xerox.com> > > > I'm wondering if I should try to pull some extension attributes out of > > > the cert, and add them to the dict, as well. Like subjectAltName, for > > > instance. Or should we just wait till someone wants it and files a > > > bug report? > > > > If you have the time and inclination to do that, feel free to. Covering > > some of the most widely used extensions could be useful: subjectAltName, > > key usage, extended key usage. If you set up a framework for that, > > people will contribute others they like to see supported. > > It's actually easier to do all or nothing. I'm tempted to just report > 'critical' extensions. Simpler to provide them all, though I should note that the purpose of the information provided here is mainly for authorization/accounting purposes, not for "other" use of the certificate. If that's desired, they should pull the binary form of the certificate (there's an interface for that), and use M2Crypto or PyOpenSSL to decode it in general. This certificate has already been validated; the issue is how to get critical information to the app so it can make authorization decisions (like subjectAltName when the subject field is empty). Reporting non-critical extensions like "extended key usage" is nifty, but seems pointless. Here's an example: {'extensions': {'Netscape Cert Type': u'SSL Server'}, 'issuer': ((('countryName', u'US'),), (('stateOrProvinceName', u'Delaware'),), (('localityName', u'Wilmington'),), (('organizationName', u'Python Software Foundation'),), (('organizationalUnitName', u'SSL'),), (('commonName', u'somemachine.python.org'),)), 'notAfter': 'Feb 16 16:54:50 2013 GMT', 'notBefore': 'Aug 27 16:54:50 2007 GMT', 'serialNumber': 'FFAA4ADBF570818D', 'subject': ((('countryName', u'US'),), (('stateOrProvinceName', u'Delaware'),), (('localityName', u'Wilmington'),), (('organizationName', u'Python Software Foundation'),), (('organizationalUnitName', u'SSL'),), (('commonName', u'somemachine.python.org'),)), 'version': 3} and {'extensions': {'1.3.6.1.5.5.7.1.12': u'', 'Authority Information Access': u'OCSP - URI:http://EVIntl-ocsp.verisign.com\n', 'X509v3 Authority Key Identifier': u'keyid:4E:43:C8:1D:76:EF:37:53:7A:4F:F2:58:6F:94:F3:38:E2:D5:BD:DF\n', 'X509v3 Basic Constraints': u'CA:FALSE', 'X509v3 CRL Distribution Points': u'URI:http://EVIntl-crl.verisign.com/EVIntl2006.crl\n', 'X509v3 Certificate Policies': u'Policy: 2.16.840.1.113733.1.7.23.6\n', 'X509v3 Extended Key Usage': u'TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, Microsoft Server Gated Crypto', 'X509v3 Key Usage': u'Digital Signature, Key Encipherment', 'X509v3 Subject Key Identifier': u'F1:5A:89:93:55:47:4B:BA:51:F5:4E:E0:CB:16:55:F4:D7:CC:38:67'}, 'issuer': ((('countryName', u'US'),), (('organizationName', u'VeriSign, Inc.'),), (('organizationalUnitName', u'VeriSign Trust Network'),), (('organizationalUnitName', u'Terms of use at https://www.verisign.com/rpa (c)06'),), (('commonName', u'VeriSign Class 3 Extended Validation SSL SGC CA'),)), 'notAfter': 'May 8 23:59:59 2009 GMT', 'notBefore': 'May 9 00:00:00 2007 GMT', 'serialNumber': '6A4AC31B3110E6EB48F0FC51A39A171F', 'subject': ((('serialNumber', u'2497886'),), (('1.3.6.1.4.1.311.60.2.1.3', u'US'),), (('1.3.6.1.4.1.311.60.2.1.2', u'Delaware'),), (('countryName', u'US'),), (('postalCode', u'94043'),), (('stateOrProvinceName', u'California'),), (('localityName', u'Mountain View'),), (('streetAddress', u'487 East Middlefield Road'),), (('organizationName', u'VeriSign, Inc.'),), (('organizationalUnitName', u'Production Security Services'),), (('organizationalUnitName', u'Terms of use at www.verisign.com/rpa (c)06'),), (('commonName', u'www.verisign.com'),)), 'version': 3} Probably another thing that *should* be reported is the cipher used to protect the information on the channel, so that the app can decide whether it's strong enough for its taste. (If it's not, it can presumably reconnect using a different variant of SSL to try for a better result, or decide not to use the server (or talk to the client) at all.) Bill From martin at v.loewis.de Thu Sep 6 08:46:50 2007 From: martin at v.loewis.de (=?ISO-8859-15?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Thu, 06 Sep 2007 08:46:50 +0200 Subject: [Python-Dev] frozenset C API? In-Reply-To: <07Sep5.205217pdt."57996"@synergy1.parc.xerox.com> References: <-4762611594645938717@unknownmsgid> <07Sep4.122146pdt."57996"@synergy1.parc.xerox.com> <46DDCD7C.40004@v.loewis.de> <07Sep4.152117pdt."57996"@synergy1.parc.xerox.com> <46DE3DB8.6000004@v.loewis.de> <07Sep5.081717pdt."57996"@synergy1.parc.xerox.com> <46DECFF6.4040107@v.loewis.de> <07Sep5.091238pdt."57996"@synergy1.parc.xerox.com> <07Sep5.092643pdt."57996"@synergy1.parc.xerox.com> <07Sep5.104910pdt."57996"@synergy1.parc.xerox.com> <46DEF5FF.8040602@v.loewis.de> <07Sep5.115820pdt."57996"@synergy1.parc.xerox.com> <46DEFF3C.90306@v.loewis.de> <07Sep5.200401pdt."57996"@synergy1.parc.xerox.com> <07Sep5.205217pdt."57996"@synergy1.parc.xerox.com> Message-ID: <46DFA25A.1070901@v.loewis.de> >> It's actually easier to do all or nothing. I'm tempted to just report >> 'critical' extensions. > > Simpler to provide them all I very much doubt that, at least if you want to report decoded information. Conceptually, there is an infinite number of extensions, and when you are done, I can show you lots of certificates that have extensions that you don't support. > This certificate has already been validated; the issue is > how to get critical information to the app so it can make > authorization decisions (like subjectAltName when the subject field is > empty) > {'extensions': {'1.3.6.1.5.5.7.1.12': u'', > 'Authority Information Access': u'OCSP - URI:http://EVIntl-ocsp.verisign.com\n', > 'X509v3 Authority Key Identifier': u'keyid:4E:43:C8:1D:76:EF:37:53:7A:4F:F2:58:6F:94:F3:38:E2:D5:BD:DF\n', > 'X509v3 Basic Constraints': u'CA:FALSE', > 'X509v3 CRL Distribution Points': u'URI:http://EVIntl-crl.verisign.com/EVIntl2006.crl\n', > 'X509v3 Certificate Policies': u'Policy: 2.16.840.1.113733.1.7.23.6\n', > 'X509v3 Extended Key Usage': u'TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto, Microsoft Server Gated Crypto', > 'X509v3 Key Usage': u'Digital Signature, Key Encipherment', > 'X509v3 Subject Key Identifier': u'F1:5A:89:93:55:47:4B:BA:51:F5:4E:E0:CB:16:55:F4:D7:CC:38:67'}, Hmm. In this certificate, none of the extensions you report have been marked critical; they are all non-critical. Also, you are reporting the logotype (1.3.6.1.5.5.7.1.12) incorrectly; it's defined in RFC 3709, and it's definitely not an empty string in the certificate you've used. Regards, Martin From janssen at parc.com Thu Sep 6 18:11:57 2007 From: janssen at parc.com (Bill Janssen) Date: Thu, 6 Sep 2007 09:11:57 PDT Subject: [Python-Dev] frozenset C API? In-Reply-To: <46DFA25A.1070901@v.loewis.de> References: <-4762611594645938717@unknownmsgid> <07Sep4.122146pdt."57996"@synergy1.parc.xerox.com> <46DDCD7C.40004@v.loewis.de> <07Sep4.152117pdt."57996"@synergy1.parc.xerox.com> <46DE3DB8.6000004@v.loewis.de> <07Sep5.081717pdt."57996"@synergy1.parc.xerox.com> <46DECFF6.4040107@v.loewis.de> <07Sep5.091238pdt."57996"@synergy1.parc.xerox.com> <07Sep5.092643pdt."57996"@synergy1.parc.xerox.com> <07Sep5.104910pdt."57996"@synergy1.parc.xerox.com> <46DEF5FF.8040602@v.loewis.de> <07Sep5.115820pdt."57996"@synergy1.parc.xerox.com> <46DEFF3C.90306@v.loewis.de> <07Sep5.200401pdt."57996"@synergy1.parc.xerox.com> <07Sep5.205217pdt."57996"@synergy1.parc.xerox.com> <46DFA25A.1070901@v.loewis.de> Message-ID: <07Sep6.091202pdt."57996"@synergy1.parc.xerox.com> > I very much doubt that, at least if you want to report decoded > information. Conceptually, there is an infinite number of extensions, > and when you are done, I can show you lots of certificates that > have extensions that you don't support. I'm not going to decode anything; I'm just using the OpenSSL functionality and providing whatever it provides. > Hmm. In this certificate, none of the extensions you report have been > marked critical; they are all non-critical. That's what I meant by "simpler to show everything". > Also, you are reporting the logotype (1.3.6.1.5.5.7.1.12) incorrectly; > it's defined in RFC 3709, and it's definitely not an empty string in > the certificate you've used. Yes, I see. I'll poke at the OpenSSL code harder :-). Bill From radix at twistedmatrix.com Thu Sep 6 18:50:57 2007 From: radix at twistedmatrix.com (Christopher Armstrong) Date: Thu, 6 Sep 2007 12:50:57 -0400 Subject: [Python-Dev] frozenset C API? In-Reply-To: <-1936579380892715012@unknownmsgid> References: <-4762611594645938717@unknownmsgid> <46DDCD7C.40004@v.loewis.de> <46DE3DB8.6000004@v.loewis.de> <46DECFF6.4040107@v.loewis.de> <46DEF5FF.8040602@v.loewis.de> <46DEFF3C.90306@v.loewis.de> <-1936579380892715012@unknownmsgid> Message-ID: <60ed19d40709060950qe3ea6eft27b0276768ffa7bb@mail.gmail.com> On 9/5/07, Bill Janssen wrote: > > It's actually easier to do all or nothing. I'm tempted to just report > > 'critical' extensions. > > Simpler to provide them all, though I should note that the purpose of > the information provided here is mainly for authorization/accounting > purposes, not for "other" use of the certificate. If that's desired, > they should pull the binary form of the certificate (there's an > interface for that), and use M2Crypto or PyOpenSSL to decode it in > general. This certificate has already been validated; the issue is > how to get critical information to the app so it can make > authorization decisions (like subjectAltName when the subject field is > empty). Reporting non-critical extensions like "extended key usage" > is nifty, but seems pointless. RFC 2818 """If a subjectAltName extension of type dNSName is present, that MUST be used as the identity. Otherwise, the (most specific) Common Name field in the Subject field of the certificate MUST be used. Although the use of the Common Name is existing practice, it is deprecated and Certification Authorities are encouraged to use the dNSName instead. """ This is from an explanation of how to do hostname verification when doing HTTPS requests. HTTPS clients MUST do this in order to be compliant. Is an HTTPS client not in your list of use cases? """In general, HTTP/TLS requests are generated by dereferencing a URI. As a consequence, the hostname for the server is known to the client. If the hostname is available, the client MUST check it against the server's identity as presented in the server's Certificate message, in order to prevent man-in-the-middle attacks.""" I really don't understand why you would not expose all data in the certificate. It seems totally obvious. The data is there for a reason. I want the subjectAltName. Probably other people want other stuff. Why cripple it? Please include it all. -- Christopher Armstrong International Man of Twistery http://radix.twistedmatrix.com/ http://twistedmatrix.com/ http://canonical.com/ From martin at v.loewis.de Thu Sep 6 19:03:32 2007 From: martin at v.loewis.de (=?UTF-8?B?Ik1hcnRpbiB2LiBMw7Z3aXMi?=) Date: Thu, 06 Sep 2007 19:03:32 +0200 Subject: [Python-Dev] frozenset C API? In-Reply-To: <60ed19d40709060950qe3ea6eft27b0276768ffa7bb@mail.gmail.com> References: <-4762611594645938717@unknownmsgid> <46DDCD7C.40004@v.loewis.de> <46DE3DB8.6000004@v.loewis.de> <46DECFF6.4040107@v.loewis.de> <46DEF5FF.8040602@v.loewis.de> <46DEFF3C.90306@v.loewis.de> <-1936579380892715012@unknownmsgid> <60ed19d40709060950qe3ea6eft27b0276768ffa7bb@mail.gmail.com> Message-ID: <46E032E4.6050300@v.loewis.de> > I really don't understand why you would not expose all data in the > certificate. You mean, providing the entire certificate as a blob? That is planned (although perhaps not implemented). Or do you mean "expose all data in a structured manner". BECAUSE IT'S NOT POSSIBLE. Sorry for shouting, but people don't ever get the notion of "extension". > It seems totally obvious. The data is there for a reason. > I want the subjectAltName. Probably other people want other stuff. Why > cripple it? Please include it all. That's not possible. You can get the whole thing as a blob, and then you have to decode it yourself if something you want is not decoded. Regards, Martin From janssen at parc.com Thu Sep 6 19:15:41 2007 From: janssen at parc.com (Bill Janssen) Date: Thu, 6 Sep 2007 10:15:41 PDT Subject: [Python-Dev] frozenset C API? In-Reply-To: <60ed19d40709060950qe3ea6eft27b0276768ffa7bb@mail.gmail.com> References: <-4762611594645938717@unknownmsgid> <46DDCD7C.40004@v.loewis.de> <46DE3DB8.6000004@v.loewis.de> <46DECFF6.4040107@v.loewis.de> <46DEF5FF.8040602@v.loewis.de> <46DEFF3C.90306@v.loewis.de> <-1936579380892715012@unknownmsgid> <60ed19d40709060950qe3ea6eft27b0276768ffa7bb@mail.gmail.com> Message-ID: <07Sep6.101542pdt."57996"@synergy1.parc.xerox.com> > RFC 2818 > > """If a subjectAltName extension of type dNSName is present, that MUST > be used as the identity. Otherwise, the (most specific) Common Name > field in the Subject field of the certificate MUST be used. Although > the use of the Common Name is existing practice, it is deprecated and > Certification Authorities are encouraged to use the dNSName instead. > """ Yes, subjectAltName is a big one. But I think it may be the only extension I'll expose. The issue is that I don't see a generic way of mapping extension X into Python data structure Y; each one needs to be handled specially. If you can see a way around this, please speak up! > I really don't understand why you would not expose all data in the > certificate. It seems totally obvious. The data is there for a reason. > I want the subjectAltName. Probably other people want other stuff. Why > cripple it? Please include it all. I intend to "include it all", by giving you a way to pull the full DER form of the certificate into Python. But a number of fields in the certificate have nothing to do with authorization, like the signature, which has already been used for validation. So I don't intend to try to convert them into Python-friendly forms. Applications which want to use that information already need to have a more powerful library, like M2Crypto or PyOpenSSL, available; they can simply work with the DER form of the certificate. Bill From janssen at parc.com Thu Sep 6 19:25:39 2007 From: janssen at parc.com (Bill Janssen) Date: Thu, 6 Sep 2007 10:25:39 PDT Subject: [Python-Dev] frozenset C API? In-Reply-To: <60ed19d40709060950qe3ea6eft27b0276768ffa7bb@mail.gmail.com> References: <-4762611594645938717@unknownmsgid> <46DDCD7C.40004@v.loewis.de> <46DE3DB8.6000004@v.loewis.de> <46DECFF6.4040107@v.loewis.de> <46DEF5FF.8040602@v.loewis.de> <46DEFF3C.90306@v.loewis.de> <-1936579380892715012@unknownmsgid> <60ed19d40709060950qe3ea6eft27b0276768ffa7bb@mail.gmail.com> Message-ID: <07Sep6.102547pdt."57996"@synergy1.parc.xerox.com> By the way, I think the hostname matching provisions of 2818 (which is, after all, only an informational RFC, not a standard) are poorly thought out. Many machines have more hostnames than you can shake a stick at, and often provide certs with the wrong hostname in them (usually because they have no way to determine what the *right* hostname is, from inside that machine). Bill From glyph at divmod.com Thu Sep 6 19:31:55 2007 From: glyph at divmod.com (glyph at divmod.com) Date: Thu, 06 Sep 2007 17:31:55 -0000 Subject: [Python-Dev] frozenset C API? In-Reply-To: <46E032E4.6050300@v.loewis.de> References: <-4762611594645938717@unknownmsgid> <46DDCD7C.40004@v.loewis.de> <46DE3DB8.6000004@v.loewis.de> <46DECFF6.4040107@v.loewis.de> <46DEF5FF.8040602@v.loewis.de> <46DEFF3C.90306@v.loewis.de> <-1936579380892715012@unknownmsgid> <60ed19d40709060950qe3ea6eft27b0276768ffa7bb@mail.gmail.com> <46E032E4.6050300@v.loewis.de> Message-ID: <20070906173155.21185.610867885.divmod.xquotient.7040@joule.divmod.com> On 05:03 pm, martin at v.loewis.de wrote: >>I really don't understand why you would not expose all data in the >>certificate. > >You mean, providing the entire certificate as a blob? That is planned >(although perhaps not implemented). > >Or do you mean "expose all data in a structured manner". BECAUSE >IT'S NOT POSSIBLE. Sorry for shouting, but people don't ever get the >notion of "extension". "structure" is a relative term. A typical way to deal with extensions unknown to the implementation is to provide ways to deal with the *extension-specific* parts of the data in question, c.f. http://java.sun.com/j2se/1.4.2/docs/api/java/security/cert/X509Extension.html Exposing the entire certificate object as a blob so that some *other* library could parse it *again* seems like just giving up. However, as to the specific issue of subjectAltName which Chris first mentioned: if HTTPS isn't an important specification to take into account while designing an SSL layer for Python, then I can't imagine what is. subjectAltName should be directly supported regardless of how it deals with unknown extensions. >>It seems totally obvious. The data is there for a reason. >>I want the subjectAltName. Probably other people want other stuff. Why >>cripple it? Please include it all. >That's not possible. You can get the whole thing as a blob, and then >you have to decode it yourself if something you want is not decoded. Something very much like that is certainly possible, and has been done in numerous other places (including the Java implementation linked above). Providing a semantically rich interface to every possible X509 extension is of course ridiculous, but I don't think that's what anyone is actually proposing here. From glyph at divmod.com Thu Sep 6 19:45:18 2007 From: glyph at divmod.com (glyph at divmod.com) Date: Thu, 06 Sep 2007 17:45:18 -0000 Subject: [Python-Dev] frozenset C API? In-Reply-To: <07Sep6.101542pdt."57996"@synergy1.parc.xerox.com> References: <-4762611594645938717@unknownmsgid> <46DDCD7C.40004@v.loewis.de> <46DE3DB8.6000004@v.loewis.de> <46DECFF6.4040107@v.loewis.de> <46DEF5FF.8040602@v.loewis.de> <46DEFF3C.90306@v.loewis.de> <-1936579380892715012@unknownmsgid> <60ed19d40709060950qe3ea6eft27b0276768ffa7bb@mail.gmail.com> <07Sep6.101542pdt."57996"@synergy1.parc.xerox.com> Message-ID: <20070906174518.21185.1342025567.divmod.xquotient.7082@joule.divmod.com> On 05:15 pm, janssen at parc.com wrote: >>RFC 2818 >> >>"""If a subjectAltName extension of type dNSName is present, that MUST >>be used as the identity. Otherwise, the (most specific) Common Name >>field in the Subject field of the certificate MUST be used. Although >>the use of the Common Name is existing practice, it is deprecated and >>Certification Authorities are encouraged to use the dNSName instead. >>""" >Yes, subjectAltName is a big one. But I think it may be the only >extension I'll expose. The issue is that I don't see a generic way >of mapping extension X into Python data structure Y; each one needs to >be handled specially. If you can see a way around this, please speak >up! Well, I can't speak for Chris, but that will certainly make *me* happier :). >I intend to "include it all", by giving you a way to pull the full DER >form of the certificate into Python. But a number of fields in the >certificate have nothing to do with authorization, like the signature, >which has already been used for validation. So I don't intend to try >to convert them into Python-friendly forms. Applications which want to >use that information already need to have a more powerful library, like >M2Crypto or PyOpenSSL, available; they can simply work with the DER >form >of the certificate. When you say "the full DER form", are you simply referring to the full blob, or a broken-down representation by key and by extension? This begs the question: M2Crypto and PyOpenSSL already do what you're proposing to do, as far as I can tell, and are, as you say, "more powerful". There are issues with each (and issues with the GNU TLS bindings too, which I notice you didn't mention...) Speaking of issues, PyOpenSSL, for example, does not expose subjectAltName :). This has been a long thread, so I may have missed posts where this was already discussed, but even if I'm repeating this, I think it deserves to be beaten to death. *Why* are you trying to bring the number of (potentially buggy, incomplete) Python SSL bindings to 4, rather than adopting one of the existing ones and implementing a simple wrapper on top of it? PyOpenSSL, in particular, is both a popular de-facto standard *and* almost completely unmaintained; python's standard library could absorb/improve it with little fuss. From janssen at parc.com Thu Sep 6 20:15:16 2007 From: janssen at parc.com (Bill Janssen) Date: Thu, 6 Sep 2007 11:15:16 PDT Subject: [Python-Dev] frozenset C API? In-Reply-To: <20070906174518.21185.1342025567.divmod.xquotient.7082@joule.divmod.com> References: <-4762611594645938717@unknownmsgid> <46DDCD7C.40004@v.loewis.de> <46DE3DB8.6000004@v.loewis.de> <46DECFF6.4040107@v.loewis.de> <46DEF5FF.8040602@v.loewis.de> <46DEFF3C.90306@v.loewis.de> <-1936579380892715012@unknownmsgid> <60ed19d40709060950qe3ea6eft27b0276768ffa7bb@mail.gmail.com> <07Sep6.101542pdt."57996"@synergy1.parc.xerox.com> <20070906174518.21185.1342025567.divmod.xquotient.7082@joule.divmod.com> Message-ID: <07Sep6.111518pdt."57996"@synergy1.parc.xerox.com> > When you say "the full DER form", are you simply referring to the full > blob, or a broken-down representation by key and by extension? The full blob. > This begs the question: M2Crypto and PyOpenSSL already do what you're > proposing to do, as far as I can tell, and are, as you say, "more > powerful". I'm trying to give the application the ability to do some level of authorization without requiring either of those packages. Like being able to tell who's on the other side of the connection :-). Right now, I think the right fields to expose are "subject" (I see little point to exposing "issuer"), "notAfter" (you're always guaranteed to be after "notBefore", or the cert wouldn't validate, so I see little point to exposing that, but "notAfter" can be used after the connection has been established), subjectAltName if present, and perhaps the certificate's serial number. I don't see how the other fields in the cert can be profitably used. Anything else you want, you can pull over the DER blob and look into it. > PyOpenSSL, in particular, is both a popular de-facto > standard *and* almost completely unmaintained; python's standard library > could absorb/improve it with little fuss. Good idea, go for it! A full wrapper for OpenSSL is beyond the scope of my ambition; I'm simply trying to add a simple fix to what's already in the standard library. Bill From radix at twistedmatrix.com Thu Sep 6 20:18:21 2007 From: radix at twistedmatrix.com (Christopher Armstrong) Date: Thu, 6 Sep 2007 14:18:21 -0400 Subject: [Python-Dev] frozenset C API? In-Reply-To: <46E032E4.6050300@v.loewis.de> References: <-4762611594645938717@unknownmsgid> <46DDCD7C.40004@v.loewis.de> <46DE3DB8.6000004@v.loewis.de> <46DECFF6.4040107@v.loewis.de> <46DEF5FF.8040602@v.loewis.de> <46DEFF3C.90306@v.loewis.de> <-1936579380892715012@unknownmsgid> <60ed19d40709060950qe3ea6eft27b0276768ffa7bb@mail.gmail.com> <46E032E4.6050300@v.loewis.de> Message-ID: <60ed19d40709061118k2755bbfdkecb3eae94cf22f93@mail.gmail.com> On 9/6/07, "Martin v. L?wis" wrote: > You mean, providing the entire certificate as a blob? That is planned > (although perhaps not implemented). > > Or do you mean "expose all data in a structured manner". BECAUSE > IT'S NOT POSSIBLE. Sorry for shouting, but people don't ever get the > notion of "extension". > > > It seems totally obvious. The data is there for a reason. > > I want the subjectAltName. Probably other people want other stuff. Why > > cripple it? Please include it all. > > That's not possible. You can get the whole thing as a blob, and then > you have to decode it yourself if something you want is not decoded. Sorry, I guess I thought it was obvious. Please let me get at the bytes of just the unknown-to-ssl-module extension without forcing me to write an entire general ASN.1 certificate parser or use another (incomplete) one. Many extensions have simple data in them that is trivial to parse alone. -- Christopher Armstrong International Man of Twistery http://radix.twistedmatrix.com/ http://twistedmatrix.com/ http://canonical.com/ From guido at python.org Thu Sep 6 23:10:44 2007 From: guido at python.org (Guido van Rossum) Date: Thu, 6 Sep 2007 14:10:44 -0700 Subject: [Python-Dev] Google spreadsheet to collaborate on backporting Py3K stuff to 2.6 In-Reply-To: References: Message-ID: I've transferred everything from my spreadsheet to Neal's. On 9/5/07, Brett Cannon wrote: > Neal, Anthony, Thomas W., and I have a spreadsheet that was started to > keep track of what needs to be done in what needs to be done in 2.6 > for Py3K transitioning: > http://spreadsheets.google.com/pub?key=pCKY4oaXnT81FrGo3ShGHGg . I am > opening the spreadsheet up to everyone so that others can help > maintain it. > > There is a sheet in the Python 3000 Tasks spreadsheet that should be > merged into this spreadsheet and then deleted. If anyone wants to > help with that it would be great (once something has been moved from > "Python 3000 Tasks" to "Python 2 -> 3 transition" just delete it from > "Python 3000 Tasks"). > > Because Neal created this spreadsheet he is the only one who can open > editing to everyone. If you would like to have edit abilities to the > spreadsheet just reply to this email saying you want an invite and I > will add you manually (and if you want a different address added just > say so). > > -Brett > _______________________________________________ > Python-Dev mailing list > Python-Dev at python.org > http://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: http://mail.python.org/mailman/options/python-dev/guido%40python.org > -- --Guido van Rossum (home page: http://www.python.org/~guido/) From janssen at parc.com Thu Sep 6 23:55:06 2007 From: janssen at parc.com (Bill Janssen) Date: Thu, 6 Sep 2007 14:55:06 PDT Subject: [Python-Dev] Python access to data fields of SSL connection peer certificate Message-ID: <07Sep6.145509pdt."57996"@synergy1.parc.xerox.com> After a great deal of discussion, under the Subject line of "frozenset C API?" (you may have missed it :-), I'm coming to the conclusion that in revealing the fields of an SSL certificate, less is more. >From one of the messages in that thread: I'm trying to give the application the ability to do some level of authorization without requiring either of those packages. Like being able to tell who's on the other side of the connection :-). Right now, I think the right fields to expose are "subject" (I see little point to exposing "issuer"), "notAfter" (you're always guaranteed to be after "notBefore", or the cert wouldn't validate, so I see little point to exposing that, but "notAfter" can be used after the connection has been established), subjectAltName if present, and perhaps the certificate's serial number. Remember that the cert has already been validated, so I don't see how the other fields in the cert can be profitably used for authorization and/or accounting, which is the purpose of this interface. Anything else you want, you can pull over the DER blob and look into it with some other crypto package; I'll provide a way to pull the full binary form of the certificate into Python as a bytes string (as soon as the bytes API gets backported into the trunk). Under those rules, the samples in the current documentation would look like {'notAfter': 'May 8 23:59:59 2009 GMT', 'serialNumber': '6A4AC31B3110E6EB48F0FC51A39A171F', 'subject': ((('serialNumber', u'2497886'),), (('1.3.6.1.4.1.311.60.2.1.3', u'US'),), (('1.3.6.1.4.1.311.60.2.1.2', u'Delaware'),), (('countryName', u'US'),), (('postalCode', u'94043'),), (('stateOrProvinceName', u'California'),), (('localityName', u'Mountain View'),), (('streetAddress', u'487 East Middlefield Road'),), (('organizationName', u'VeriSign, Inc.'),), (('organizationalUnitName', u'Production Security Services'),), (('organizationalUnitName', u'Terms of use at www.verisign.com/rpa (c)06'),), (('commonName', u'www.verisign.com'),))} and {'notAfter': 'Feb 16 16:54:50 2013 GMT', 'serialNumber': 'FFAA4ADBF570818D', 'subject': ((('countryName', u'US'),), (('stateOrProvinceName', u'Delaware'),), (('localityName', u'Wilmington'),), (('organizationName', u'Python Software Foundation'),), (('organizationalUnitName', u'SSL'),), (('commonName', u'somemachine.python.org'),))} The server cert at https://www.dcl.hpi.uni-potsdam.de/ would look like {'notAfter': 'Mar 17 13:02:27 2008 GMT', 'serialNumber': '2567F168000300000678', 'subject': ((('countryName', u'DE'),), (('stateOrProvinceName', u'Brandenburg'),), (('localityName', u'Potsdam'),), (('organizationName', u'Hasso-Plattner-Institut'),), (('organizationalUnitName', u'Operating Systems & Middleware'),), (('commonName', u'www.dcl.hpi.uni-potsdam.de'),)), 'subjectAltName': ('DNS:www.dcl.hpi.uni-potsdam.de', 'DNS:www', 'DNS:dfw', 'DNS:dfw.dcl.hpi.uni-potsdam.de', 'IP Address:141.89.224.164')} Thanks to Martin for suggesting it. Bill From brett at python.org Fri Sep 7 04:34:42 2007 From: brett at python.org (Brett Cannon) Date: Thu, 6 Sep 2007 19:34:42 -0700 Subject: [Python-Dev] PEP 362: Signature objects Message-ID: Neal Becker over on python-3000 said that the Boost people could use this. Figured it was time to present it officially to the list to see if I can get it added for 2.6/3.0. The implementation in the sandbox works in both 2.6 and 3.0 out of the box (no 2to3 necessary) so feel free to play with it. --------------------------------------------------------- Abstract ======== Python has always supported powerful introspection capabilities, including that for functions and methods (for the rest of this PEP the word "function" refers to both functions and methods). Taking a function object, you can fully reconstruct the function's signature. Unfortunately it is a little unruly having to look at all the different attributes to pull together complete information for a function's signature. This PEP proposes an object representation for function signatures. This should help facilitate introspection on functions for various uses (e.g., decorators). The introspection information contains all possible information about the parameters in a signature (including Python 3.0 features). This object, though, is not meant to replace existing ways of introspection on a function's signature. The current solutions are there to make Python's execution work in an efficient manner. The proposed object representation is only meant to help make application code have an easier time to query a function on its signature. Signature Object ================ The overall signature of an object is represented by the Signature object. This object is to store a `Parameter object`_ for each parameter in the signature. It is also to store any information about the function itself that is pertinent to the signature. A Signature object has the following structure attributes: * name : str Name of the function. This is not fully qualified because function objects for methods do not know the class they are contained within. This makes functions and methods indistinguishable from one another when passed to decorators, preventing proper creation of a fully qualified name. * var_args : str Name of the variable positional parameter (i.e., ``*args``), if present, or the empty string. * var_kw_args : str Name of the variable keyword parameter (i.e., ``**kwargs``), if present, or the empty string. * var_annotations: dict(str, object) Dict that contains the annotations for the variable parameters. The keys are of the variable parameter with values of the annotation. If an annotation does not exist for a variable parameter then the key does not exist in the dict. * parameters : list(Parameter) List of the parameters of the function as represented by Parameter objects in the order of its definition (keyword-only arguments are in the order listed by ``code.co_varnames``). * bind(\*args, \*\*kwargs) -> dict(str, Parameter) Create a mapping from arguments to parameters. The keys are the names of the parameter that an argument maps to with the value being the value the parameter would have if this function was called with the given arguments. The Signature object is stored in the ``__signature__`` attribute of a function. When it is to be created is discussed in `Open Issues`_. Parameter Object ================ A function's signature is made up of several parameters. Python's different kinds of parameters is quite large and rich and continues to grow. Parameter objects represent any possible parameter. Originally the plan was to represent parameters using a list of parameter names on the Signature object along with various dicts keyed on parameter names to disseminate the various pieces of information one can know about a parameter. But the decision was made to incorporate all information about a parameter in a single object so as to make extending the information easier. This was originally put forth by Talin and the preferred form of Guido (as discussed at the 2006 Google Sprint). The structure of the Parameter object is: * name : (str | tuple(str)) The name of the parameter as a string if it is not a tuple. If the argument is a tuple then a tuple of strings is used. * position : int The position of the parameter within the signature of the function (zero-indexed). For keyword-only parameters the position value is arbitrary while not conflicting with positional parameters. The suggestion of setting the attribute to None or -1 to represent keyword-only parameters was rejected to prevent variable type usage and as a possible point of errors, respectively. * has_default : bool True if the parameter has a default value, else False. * default_value : object The default value for the parameter, if present, else the attribute does not exist. This is done so that the attribute is not accidentally used if no default value is set as any default value could be a legitimate default value itself. * keyword_only : bool True if the parameter is keyword-only, else False. * has_annotation : bool True if the parameter has an annotation, else False. * annotation Set to the annotation for the parameter. If ``has_annotation`` is False then the attribute does not exist to prevent accidental use. Implementation ============== An implementation can be found in Python's sandbox [#impl]_. There is a function named ``signature()`` which returns the value stored on the ``__signature__`` attribute if it exists, else it creates the Signature object for the function and sets ``__signature__``. For methods this is stored directly on the im_func function object since that is what decorators work with. Open Issues =========== When to construct the Signature object? --------------------------------------- The Signature object can either be created in an eager or lazy fashion. In the eager situation, the object can be created during creation of the function object. In the lazy situation, one would pass a function object to a function and that would generate the Signature object and store it to ``__signature__`` if needed, and then return the value of ``__signature__``. Should ``Signature.bind`` return Parameter objects as keys? ----------------------------------------------------------- Instead of returning a dict with keys consisting of the name of the parameters, would it be more useful to instead use Parameter objects? The name of the argument can easily be retrieved from the key (and the name would be used as the hash for a Parameter object). Provide a mapping of parameter name to Parameter object? -------------------------------------------------------- While providing access to the parameters in order is handy, it might also be beneficial to provide a way to retrieve Parameter objects from a Signature object based on the parameter's name. Which style of access (sequential/iteration or mapping) will influence how the parameters are stored internally and whether __getitem__ accepts strings or integers. One possible compromise is to have ``__getitem__`` provide mapping support and have ``__iter__`` return Parameter objects based on their ``position`` attribute. This allows for getting the sequence of Parameter objects easily by using the ``__iter__`` method on Signature object along with the sequence constructor (e.g., ``list`` or ``tuple``). Remove ``has_*`` attributes? ---------------------------- If an EAFP approach to the API is taken, both ``has_annotation`` and ``has_default`` are unneeded as the respective ``annotation`` and ``default_value`` attributes are simply not set. It's simply a question of whether to have a EAFP or LBYL interface. Have ``var_args`` and ``_var_kw_args`` default to ``None``? ------------------------------------------------------------ It has been suggested by Fred Drake that these two attributes have a value of ``None`` instead of empty strings when they do not exist. Deprecate ``inspect.getargspec()`` and ``.formatargspec()``? ------------------------------------------------------------- Since the Signature object replicates the use of ``getargspec()`` from the ``inspect`` module it might make sense to deprecate it in 2.6. ``formatargspec()`` could also go if Signature objects gained a __str__ representation. Issue with that is types such as ``int``, when used as annotations, do not lend themselves for output (e.g., ``"type 'int'>"`` is the string represenation for ``int``). The repr representation of types would need to change in order to make this reasonable. References ========== .. [#impl] pep362 directory in Python's sandbox (http://svn.python.org/view/sandbox/trunk/pep362/) Copyright ========= This document has been placed in the public domain. From oliphant.travis at ieee.org Fri Sep 7 07:18:07 2007 From: oliphant.travis at ieee.org (Travis Oliphant) Date: Fri, 07 Sep 2007 00:18:07 -0500 Subject: [Python-Dev] Google spreadsheet to collaborate on backporting Py3K stuff to 2.6 In-Reply-To: References: Message-ID: Brett Cannon wrote: > Neal, Anthony, Thomas W., and I have a spreadsheet that was started to > keep track of what needs to be done in what needs to be done in 2.6 > for Py3K transitioning: > http://spreadsheets.google.com/pub?key=pCKY4oaXnT81FrGo3ShGHGg . I am > opening the spreadsheet up to everyone so that others can help > maintain it. > > There is a sheet in the Python 3000 Tasks spreadsheet that should be > merged into this spreadsheet and then deleted. If anyone wants to > help with that it would be great (once something has been moved from > "Python 3000 Tasks" to "Python 2 -> 3 transition" just delete it from > "Python 3000 Tasks"). > > Because Neal created this spreadsheet he is the only one who can open > editing to everyone. If you would like to have edit abilities to the > spreadsheet just reply to this email saying you want an invite and I > will add you manually (and if you want a different address added just > say so). I would like an invite. Thanks. -Travis From janssen at parc.com Fri Sep 7 22:55:57 2007 From: janssen at parc.com (Bill Janssen) Date: Fri, 7 Sep 2007 13:55:57 PDT Subject: [Python-Dev] any tips on malloc debugging? Message-ID: <07Sep7.135559pdt."57996"@synergy1.parc.xerox.com> I've been expanding the SSL test suite, and found something like this cropping up, not always, but maybe 30% of the time. So I run it under gdb, but the "szone_error" breakpoint never gets hit. Any other malloc debugging tips I should know about? (gdb) info break Num Type Disp Enb Address What 1 breakpoint keep y 0x900f2e56 (gdb) (gdb) run ./Lib/test/regrtest.py -R :4: -u all test_ssl Starting program: /local/python/trunk/src/python.exe ./Lib/test/regrtest.py -R :4: -u all test_ssl test_ssl [...] python.exe(22696,0xa000d000) malloc: *** error for object 0x650800: double free python.exe(22696,0xa000d000) malloc: *** set a breakpoint in szone_error to debug test test_ssl failed -- Traceback (most recent call last): File "/local/python/trunk/src/Lib/test/test_ssl.py", line 304, in testSSL3 CERTFILE2, CERTFILE3) File "/local/python/trunk/src/Lib/test/test_ssl.py", line 203, in serverParamsTest raise test_support.TestFailed("Unexpected SSL error: " + str(x)) TestFailed: Unexpected SSL error: (8, '_ssl.c:394: EOF occurred in violation of protocol') 1 test failed: test_ssl [23436 refs] Program exited with code 01. (gdb) Bill From guido at python.org Fri Sep 7 23:16:05 2007 From: guido at python.org (Guido van Rossum) Date: Fri, 7 Sep 2007 14:16:05 -0700 Subject: [Python-Dev] any tips on malloc debugging? In-Reply-To: <7018697645894217094@unknownmsgid> References: <7018697645894217094@unknownmsgid> Message-ID: I think there's a way to enable heavier malloc debugging than the normal --with-pydebug. You'll have to enable it manually by editing Python.h I believe. Though it may already be on if you define Py_DEBUG. (Is WITH_PYMALLOC always on?) Ther may also be a libmalloc that enables heavier debugging; the malloc man page would have info. On 9/7/07, Bill Janssen wrote: > I've been expanding the SSL test suite, and found something like this > cropping up, not always, but maybe 30% of the time. So I run it under > gdb, but the "szone_error" breakpoint never gets hit. Any other > malloc debugging tips I should know about? > > (gdb) info break > Num Type Disp Enb Address What > 1 breakpoint keep y 0x900f2e56 > (gdb) (gdb) run ./Lib/test/regrtest.py -R :4: -u all test_ssl > Starting program: /local/python/trunk/src/python.exe ./Lib/test/regrtest.py -R :4: -u all test_ssl > test_ssl > [...] > python.exe(22696,0xa000d000) malloc: *** error for object 0x650800: double free > python.exe(22696,0xa000d000) malloc: *** set a breakpoint in szone_error to debug > test test_ssl failed -- Traceback (most recent call last): > File "/local/python/trunk/src/Lib/test/test_ssl.py", line 304, in testSSL3 > CERTFILE2, CERTFILE3) > File "/local/python/trunk/src/Lib/test/test_ssl.py", line 203, in serverParamsTest > raise test_support.TestFailed("Unexpected SSL error: " + str(x)) > TestFailed: Unexpected SSL error: (8, '_ssl.c:394: EOF occurred in violation of protocol') > > 1 test failed: > test_ssl > [23436 refs] > > Program exited with code 01. > (gdb) > > Bill > _______________________________________________ > Python-Dev mailing list > Python-Dev at python.org > http://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: http://mail.python.org/mailman/options/python-dev/guido%40python.org > -- --Guido van Rossum (home page: http://www.python.org/~guido/) From martin at v.loewis.de Fri Sep 7 23:19:52 2007 From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Fri, 07 Sep 2007 23:19:52 +0200 Subject: [Python-Dev] any tips on malloc debugging? In-Reply-To: <07Sep7.135559pdt."57996"@synergy1.parc.xerox.com> References: <07Sep7.135559pdt."57996"@synergy1.parc.xerox.com> Message-ID: <46E1C078.2030501@v.loewis.de> > I've been expanding the SSL test suite, and found something like this > cropping up, not always, but maybe 30% of the time. So I run it under > gdb, but the "szone_error" breakpoint never gets hit. Any other > malloc debugging tips I should know about? Is this a --with-pydebug build? If not, it should be. If that still does not give insights, I usually try valgrind (although usually with little success). Regards, Martin From jimjjewett at gmail.com Fri Sep 7 23:43:59 2007 From: jimjjewett at gmail.com (Jim Jewett) Date: Fri, 7 Sep 2007 17:43:59 -0400 Subject: [Python-Dev] PEP 362: Signature objects In-Reply-To: References: Message-ID: Brett Cannon wrote: > A Signature object has the following structure attributes: > * name : str > Name of the function. This is not fully qualified because > function objects for methods do not know the class they are > contained within. This makes functions and methods > indistinguishable from one another when passed to decorators, > preventing proper creation of a fully qualified name. (1) Would this change with the new static __class__ attribute used for the new super? (2) What about functions without a name? Do you want to say str or NoneType, or is that assumed? (3) Is the Signature object live or frozen? (name is writable ... will the Signature object reflect the new name, or the name in use at the time it was created?) > * var_annotations: dict(str, object) > Dict that contains the annotations for the variable parameters. > The keys are of the variable parameter with values of the Is there a special key for the "->" returns annotation, or is that available as a separate property? > The structure of the Parameter object is: > * name : (str | tuple(str)) > The name of the parameter as a string if it is not a tuple. If > the argument is a tuple then a tuple of strings is used. What is used for unnamed arguments (typically provided by C)? I like None, but I see the arguments for both "" and missing attribute. > * position : int > The position of the parameter within the signature of the > function (zero-indexed). For keyword-only parameters the position > value is arbitrary while not conflicting with positional > parameters. Is this just a property/alias for signature.parameters.index(self) ? What should a "parameter" object not associated with a specific signature return? -1, None, or missing attribute? Is there a way to get the associated Signature, or is it "compiled out" when the Signature and its child Parameters are first constructed? (I think the position property is the only attribute that would use it, unless you want some of the other attributes -- like annotations -- to be live.) ... I would also like to see a * value : object attribute; this would be missing on most functions, but might be filled in on a Signature representing a closure, or an execution frame. > When to construct the Signature object? > --------------------------------------- > The Signature object can either be created in an eager or lazy > fashion. In the eager situation, the object can be created during > creation of the function object. Since most code doesn't need it, I would expect it to be optimized out at least as often as docstrings are. > In the lazy situation, one would > pass a function object to a function and that would generate the > Signature object and store it to ``__signature__`` if > needed, and then return the value of ``__signature__``. Why store it? Do you expect many use cases to need the signature more than once (but not to save it themselves)? If there is a __signature__ attribute on a object, you have to specify whether it can be replaced, which parts of it are writable, how that will affect the function's own behavior, etc. I also suspect it might become a source of heisenbugs, like the "reference leaks" that were really DUMMY items in a dict. If the Signature is just a snapshot no longer attached to the original function, then people won't expect changes to the Signature to affect the callable. > Should ``Signature.bind`` return Parameter objects as keys? (see above) If a Signature is a snapshot (rather than a live part of the function), then it might make more sense to just add a value attribute to Parameter objects. > Provide a mapping of parameter name to Parameter object? > -------------------------------------------------------- > While providing access to the parameters in order is handy, it might > also be beneficial to provide a way to retrieve Parameter objects from > a Signature object based on the parameter's name. Which style of > access (sequential/iteration or mapping) will influence how the > parameters are stored internally and whether __getitem__ accepts > strings or integers. I think it should accept both. What storage mechanism to use is an internal detail that should be left to the implementation. I wouldn't expect Signature inspection to be inside a tight loop anyhow, unless it were part of a Generic Function dispatch engine ... and those authors (just PJE?) can optimize on what they actually need. > Remove ``has_*`` attributes? > ---------------------------- > If an EAFP approach to the API is taken, Please leave them; it is difficult to catch Exceptions in a list comprehension. > Have ``var_args`` and ``_var_kw_args`` default to ``None``? Makes sense to me, particularly since it should probably be consistent with function name, and that should probably be None. -jJ From janssen at parc.com Fri Sep 7 23:44:21 2007 From: janssen at parc.com (Bill Janssen) Date: Fri, 7 Sep 2007 14:44:21 PDT Subject: [Python-Dev] any tips on malloc debugging? In-Reply-To: <46E1C078.2030501@v.loewis.de> References: <07Sep7.135559pdt."57996"@synergy1.parc.xerox.com> <46E1C078.2030501@v.loewis.de> Message-ID: <07Sep7.144424pdt."57996"@synergy1.parc.xerox.com> > Is this a --with-pydebug build? If not, it should be. Yes. > If that still does not give insights, I usually try valgrind > (although usually with little success). Actually, Google is your friend here. The message in malloc is misleading; set a breakpoint in malloc_printf instead. Bill From janssen at parc.com Fri Sep 7 23:53:36 2007 From: janssen at parc.com (Bill Janssen) Date: Fri, 7 Sep 2007 14:53:36 PDT Subject: [Python-Dev] OpenSSL thread safety when reading files? Message-ID: <07Sep7.145340pdt."57996"@synergy1.parc.xerox.com> I'm seeing a number of malloc (actully, free) errors, now that I'm pounding on the OpenSSL server/client setup with lots of server threads and client threads. They all look like either (gdb) bt #0 0x9010b807 in malloc_printf () #1 0x900058ad in szone_free () #2 0x90005588 in free () #3 0x9194e508 in CRYPTO_free () #4 0x91993e77 in ERR_clear_error () #5 0x919b1884 in PEM_X509_INFO_read_bio () #6 0x9197a692 in X509_load_cert_crl_file () #7 0x9197a80e in by_file_ctrl () #8 0x919d6e2e in X509_STORE_load_locations () [...] or (much more frequently) (gdb) bt #0 0x9010b807 in malloc_printf () #1 0x900058ad in szone_free () #2 0x90005588 in free () #3 0x9194e508 in CRYPTO_free () #4 0x91993e77 in ERR_clear_error () #5 0x949fcf11 in SSL_CTX_use_certificate_chain_file () [...] Always in ERR_clear_error(), always from some frame that's reading a certificate file for some purpose. If I disable Py_BEGIN_ALLOW_THREADS/Py_END_ALLOW_THREADS around the places where the C code reads the certificate files, all these free errors go away. ERR_clear_error() is supposed to be thread-safe; it operates on a per-thread error state structure (which I make sure is initialized in my C code). But it sure looks like the client and server threads are both working with the same error state. Bill From janssen at parc.com Sat Sep 8 00:10:10 2007 From: janssen at parc.com (Bill Janssen) Date: Fri, 7 Sep 2007 15:10:10 PDT Subject: [Python-Dev] OpenSSL thread safety when reading files? In-Reply-To: <07Sep7.145340pdt."57996"@synergy1.parc.xerox.com> References: <07Sep7.145340pdt."57996"@synergy1.parc.xerox.com> Message-ID: <07Sep7.151015pdt."57996"@synergy1.parc.xerox.com> > I'm seeing a number of malloc (actully, free) errors, now that I'm > pounding on the OpenSSL server/client setup with lots of server > threads and client threads. They all look like either The issue seems to be that we assume OpenSSL is thread-safe (that is, we call Py_BEGIN_ALLOW_THREADS / Py_END_ALLOW_THREADS), but the _ssl.c code never did what was necessary to support that assumption. See http://www.openssl.org/docs/crypto/threads.html#DESCRIPTION. My analysis is that we need to add lock and unlock functions to the OpenSSL initialization code we currently use, which looks like this: /* Init OpenSSL */ SSL_load_error_strings(); SSLeay_add_ssl_algorithms(); Or, just not allow threads, which seems wrong. Bill From trentm at activestate.com Sat Sep 8 00:37:55 2007 From: trentm at activestate.com (Trent Mick) Date: Fri, 07 Sep 2007 15:37:55 -0700 Subject: [Python-Dev] [PEPs] Email addresses in PEPs? In-Reply-To: <4335d2c40708201232s19b10c69ye44d39351a4da97d@mail.gmail.com> References: <18121.47310.218893.540750@montanaro.dyndns.org> <4335d2c40708201232s19b10c69ye44d39351a4da97d@mail.gmail.com> Message-ID: <46E1D2C3.5030705@activestate.com> David Goodger wrote: > On 8/20/07, Brett Cannon wrote: >> I believe email addresses are automatically obfuscated as part of the >> HTML generation process, but one of the PEP editors can correct me if >> I am wrong. > > Yes, email addresses are obfuscated in PEPs. > > For example, in PEPs 0 & 12, my address is encoded as > "goodger at python.org" (the "@" is changed to " at " and > further obfuscated from there). More tricks could be played, but that > would only decrease the usefulness of addresses for legitimate > purposes. If some would find it useful, here is a snippet of code that obfuscates email addresses for HTML as done by Markdown (a text-to-html markup translator). It randomly encodes each charater as a hex or decimal HTML entity (roughly 10% raw, 45% hex, 45% dec). The email still appears normally in the browser, but is pretty obtuse when slicing and dicing the raw HTML. Would others find this useful in pep2html.py? ------------------- from random import random def _encode_email_address(self, addr): # Input: an email address, e.g. "foo at example.com" # # Output: the email address as a mailto link, with each character # of the address encoded as either a decimal or hex entity, in # the hopes of foiling most address harvesting spam bots. E.g.: # # foo@exa # mple.com # # Based on a filter by Matthew Wickline, posted to the BBEdit-Talk # mailing list: chars = [_xml_encode_email_char_at_random(ch) for ch in "mailto:" + addr] # Strip the mailto: from the visible part. addr = '%s' \ % (''.join(chars), ''.join(chars[7:])) return addr def _xml_encode_email_char_at_random(ch): r = random() # Roughly 10% raw, 45% hex, 45% dec. # '@' *must* be encoded. I [John Gruber] insist. if r > 0.9 and ch != "@": return ch elif r < 0.45: # The [1:] is to drop leading '0': 0x63 -> x63 return '&#%s;' % hex(ord(ch))[1:] else: return '&#%s;' % ord(ch) ------------------- -- Trent Mick trentm at activestate.com From janssen at parc.com Sat Sep 8 00:56:08 2007 From: janssen at parc.com (Bill Janssen) Date: Fri, 7 Sep 2007 15:56:08 PDT Subject: [Python-Dev] OpenSSL thread safety when reading files? In-Reply-To: <07Sep7.151015pdt."57996"@synergy1.parc.xerox.com> References: <07Sep7.145340pdt."57996"@synergy1.parc.xerox.com> <07Sep7.151015pdt."57996"@synergy1.parc.xerox.com> Message-ID: <07Sep7.155615pdt."57996"@synergy1.parc.xerox.com> > My analysis is that we need to add lock and unlock functions to the > OpenSSL initialization code we currently use Yep, this seems to fix the problem. I'm now able to re-enable Py_BEGIN_ALLOW_THREADS / Py_END_ALLOW_THREADS, and still get a clean run: (gdb) run Starting program: /local/python/trunk/src/python.exe ./Lib/test/regrtest.py -R :4: -u all test_ssl test_ssl /local/python/trunk/src/Lib/test/test_ssl.py:247: DeprecationWarning: socket.ssl() is deprecated. Use ssl.sslsocket() instead. ssl_sock = socket.ssl(s) beginning 9 repetitions 123456789 ......... 1 test OK. [30009 refs] Program exited normally. (gdb) Bill From janssen at parc.com Sat Sep 8 01:09:09 2007 From: janssen at parc.com (Bill Janssen) Date: Fri, 7 Sep 2007 16:09:09 PDT Subject: [Python-Dev] working with Python threads from C extension module? Message-ID: <07Sep7.160910pdt."57996"@synergy1.parc.xerox.com> Reading through the C API documentation, I find: ``This is done so that dynamically loaded extensions compiled with thread support enabled can be loaded by an interpreter that was compiled with disabled thread support.'' I've currently got the set-up-SSL-threading code in _ssl.c surrounded by a "#ifdef HAVE_THREAD" bracket. It sounds like that might not be sufficient. It sounds like I need a runtime test for thread availability, instead, like this: #ifdef HAVE_THREAD if (PyEval_ThreadsInitialized()) _setup_ssl_threads(); #endif Seem right? So what happens when someone loads the _ssl module, initializes the threads, and tries to use SSL? It's going to start failing again. I think I need my own version of Py_BEGIN_ALLOW_THREADS and Py_END_ALLOW_THREADS, don't I? Which also checks to see if the SSL threading support has been initialized, in addition to the Python threading support. Something like #define SSL_ALLOW_THREADS {if (_ssl_locks != NULL) { Py_BEGIN_ALLOW_THREADS }} #define SSL_DISALLOW_THREADS {if (_ssl_locks != NULL) { Py_BEGIN_ALLOW_THREADS }} Any comments? Bill From janssen at parc.com Sat Sep 8 01:20:35 2007 From: janssen at parc.com (Bill Janssen) Date: Fri, 7 Sep 2007 16:20:35 PDT Subject: [Python-Dev] working with Python threads from C extension module? In-Reply-To: <07Sep7.160910pdt."57996"@synergy1.parc.xerox.com> References: <07Sep7.160910pdt."57996"@synergy1.parc.xerox.com> Message-ID: <07Sep7.162040pdt."57996"@synergy1.parc.xerox.com> > #define SSL_ALLOW_THREADS {if (_ssl_locks != NULL) { Py_BEGIN_ALLOW_THREADS }} > #define SSL_DISALLOW_THREADS {if (_ssl_locks != NULL) { Py_BEGIN_ALLOW_THREADS }} I'd forgotten how convoluted Py_BEGIN_ALLOW_THREADS and Py_END_ALLOW_THREADS were. Anyone have any other suggestions about how to do this? Raise an error if loaded in a non-threaded environment, then used in a threaded environment? Dynamic initialization of threading? Bill From janssen at parc.com Sat Sep 8 01:31:06 2007 From: janssen at parc.com (Bill Janssen) Date: Fri, 7 Sep 2007 16:31:06 PDT Subject: [Python-Dev] working with Python threads from C extension module? In-Reply-To: <07Sep7.160910pdt."57996"@synergy1.parc.xerox.com> References: <07Sep7.160910pdt."57996"@synergy1.parc.xerox.com> Message-ID: <07Sep7.163111pdt."57996"@synergy1.parc.xerox.com> > So what happens when someone loads the _ssl module, initializes the > threads, and tries to use SSL? It's going to start failing again. I Which turns out to be exactly what test_ssl.py does. I'm tempted to have the _ssl module call PyEval_InitThreads(). Would that be kosher? Bill From guido at python.org Sat Sep 8 01:46:13 2007 From: guido at python.org (Guido van Rossum) Date: Fri, 7 Sep 2007 16:46:13 -0700 Subject: [Python-Dev] working with Python threads from C extension module? In-Reply-To: <6121031531930291931@unknownmsgid> References: <6121031531930291931@unknownmsgid> Message-ID: Well, one shouldn't be bothering with threads unless the user intends to create threads. So I think it's not kosher. Once threads are initialized, everything runs a tad slower because the GIL manipulations actually cost time (even if there are no other threads). On 9/7/07, Bill Janssen wrote: > > So what happens when someone loads the _ssl module, initializes the > > threads, and tries to use SSL? It's going to start failing again. I > > Which turns out to be exactly what test_ssl.py does. I'm tempted > to have the _ssl module call PyEval_InitThreads(). Would that be kosher? -- --Guido van Rossum (home page: http://www.python.org/~guido/) From janssen at parc.com Sat Sep 8 01:57:40 2007 From: janssen at parc.com (Bill Janssen) Date: Fri, 7 Sep 2007 16:57:40 PDT Subject: [Python-Dev] working with Python threads from C extension module? In-Reply-To: References: <6121031531930291931@unknownmsgid> Message-ID: <07Sep7.165746pdt."57996"@synergy1.parc.xerox.com> > Well, one shouldn't be bothering with threads unless the user intends > to create threads. So I think it's not kosher. Once threads are > initialized, everything runs a tad slower because the GIL > manipulations actually cost time (even if there are no other threads). I think that doing it in _ssl.c might be OK; it would only happen when the user loaded that extension module. In any case, I'm going to do it that way till we figure out a better solution. The alternatives right now are (1) let OpenSSL step all over itself (and potentially other things), or (2) remove the Py_BEGIN_ALLOW_THREADS on SSL context reads and writes. > On 9/7/07, Bill Janssen wrote: > > > So what happens when someone loads the _ssl module, initializes the > > > threads, and tries to use SSL? It's going to start failing again. I > > > > Which turns out to be exactly what test_ssl.py does. I'm tempted > > to have the _ssl module call PyEval_InitThreads(). Would that be kosher? The problem is the sequencing of the loading of the extension module, compared to when the user gets around to initializing threading. If we want to keep it kosher, we need a way to hook into PyEval_InitThreads() so that it will call the thread initialization routines of other dynamically loaded libraries that have already been loaded. Or a way to have Py_BEGIN_ALLOW_THREADS take into account that there may be more than one thread-dependent thing to check on. Bill From skip at pobox.com Sat Sep 8 02:04:11 2007 From: skip at pobox.com (skip at pobox.com) Date: Fri, 7 Sep 2007 19:04:11 -0500 Subject: [Python-Dev] [PEPs] Email addresses in PEPs? In-Reply-To: <46E1D2C3.5030705@activestate.com> References: <18121.47310.218893.540750@montanaro.dyndns.org> <4335d2c40708201232s19b10c69ye44d39351a4da97d@mail.gmail.com> <46E1D2C3.5030705@activestate.com> Message-ID: <18145.59131.323002.910688@montanaro.dyndns.org> Trent> If some would find it useful, here is a snippet of code that Trent> obfuscates email addresses for HTML as done by Markdown (a Trent> text-to-html markup translator). It randomly encodes each Trent> charater as a hex or decimal HTML entity (roughly 10% raw, 45% Trent> hex, 45% dec). Aren't most spammers' scrapers going to be intelligent enough by now (several years since they first arrived on the scene) to "see through" these sorts of common obfuscations? Skip From brett at python.org Sat Sep 8 02:59:35 2007 From: brett at python.org (Brett Cannon) Date: Fri, 7 Sep 2007 17:59:35 -0700 Subject: [Python-Dev] PEP 362: Signature objects In-Reply-To: References: Message-ID: On 9/7/07, Jim Jewett wrote: > > A Signature object has the following structure attributes: > > > * name : str > > Name of the function. This is not fully qualified because > > function objects for methods do not know the class they are > > contained within. This makes functions and methods > > indistinguishable from one another when passed to decorators, > > preventing proper creation of a fully qualified name. > > (1) Would this change with the new static __class__ attribute used > for the new super? > I don't know enough about the super implementation to know. If you can figure out the class from the function object alone then sure, this can change. > (2) What about functions without a name? Do you want to say str or > NoneType, or is that assumed? > What functions don't have a name? Even lambdas have the name ''. > (3) Is the Signature object live or frozen? (name is writable ... > will the Signature object reflect the new name, or the name in use at > the time it was created?) > They are currently one-time creation objects. One could change it to use properties and do the look up dynamically by caching the function object. But I currently have it implemented as all created in __init__ and then just left alone. > > * var_annotations: dict(str, object) > > Dict that contains the annotations for the variable parameters. > > The keys are of the variable parameter with values of the > > Is there a special key for the "->" returns annotation, or is that > available as a separate property? > Oops, that didn't get into the PEP for some reason. The Signature object has ``has_annotation``/``annotation`` attributes for the 'return' annotation. > > The structure of the Parameter object is: > > > * name : (str | tuple(str)) > > The name of the parameter as a string if it is not a tuple. If > > the argument is a tuple then a tuple of strings is used. > > What is used for unnamed arguments (typically provide by C)? I like > None, but I see the arguments for both "" and missing attribute. > It's open for debate. I didn't even think about functions not having __name__ set. Basically whatever people want to go with for var_args and var_kw_args. > > * position : int > > The position of the parameter within the signature of the > > function (zero-indexed). For keyword-only parameters the position > > value is arbitrary while not conflicting with positional > > parameters. > > Is this just a property/alias for signature.parameters.index(self) ? > Assuming that 'self' refers to some parameter, yes. > What should a "parameter" object not associated with a specific > signature return? -1, None, or missing attribute? > This is not an option as it must be specified by the Parameter constructor. A Parameter object should not exist without belonging to a Signature object. That's why neither Signature nor Parameter have their constructors specified; the signature() function is the only way you should cause the construction of either object. > Is there a way to get the associated Signature, or is it "compiled > out" when the Signature and its child Parameters are first > constructed? (I think the position property is the only attribute > that would use it, unless you want some of the other attributes -- > like annotations -- to be live.) There is currently no way to work backwards from a Parameter object to its parent Signature. It could be added if people wanted. > > ... > > I would also like to see a > > * value : object > > attribute; this would be missing on most functions, but might be > filled in on a Signature representing a closure, or an execution > frame. What for? How does either have bearing on the call signature of a function? > > > > When to construct the Signature object? > > --------------------------------------- > > > The Signature object can either be created in an eager or lazy > > fashion. In the eager situation, the object can be created during > > creation of the function object. > > Since most code doesn't need it, I would expect it to be optimized out > at least as often as docstrings are. > > > In the lazy situation, one would > > pass a function object to a function and that would generate the > > Signature object and store it to ``__signature__`` if > > needed, and then return the value of ``__signature__``. > > Why store it? Do you expect many use cases to need the signature more > than once (but not to save it themselves)? Because you can use these with decorators to allow introspection redirection:: def dec(fxn): def inner(*args, **kwargs): return fxn(*args, **kwargs) sig = signature(fxn) inner.__signature__ = sig return inner > > If there is a __signature__ attribute on a object, you have to specify > whether it can be replaced, It can. > which parts of it are writable, Any of it. > how that > will affect the function's own behavior, etc. It won't. > I also suspect it might > become a source of heisenbugs, like the "reference leaks" that were > really DUMMY items in a dict. > > If the Signature is just a snapshot no longer attached to the original > function, then people won't expect changes to the Signature to affect > the callable. > They are just snapshots unless people really want them to be live for some reason. > > Should ``Signature.bind`` return Parameter objects as keys? > > (see above) If a Signature is a snapshot (rather than a live part of > the function), then it might make more sense to just add a value > attribute to Parameter objects. > Why? You might make several calls to bind() and thus setting what a Parameter object would be bound to should be considered a temporary thing. > > Provide a mapping of parameter name to Parameter object? > > -------------------------------------------------------- > > > While providing access to the parameters in order is handy, it might > > also be beneficial to provide a way to retrieve Parameter objects from > > a Signature object based on the parameter's name. Which style of > > access (sequential/iteration or mapping) will influence how the > > parameters are stored internally and whether __getitem__ accepts > > strings or integers. > > I think it should accept both. > > What storage mechanism to use is an internal detail that should be > left to the implementation. I wouldn't expect Signature inspection to > be inside a tight loop anyhow, unless it were part of a Generic > Function dispatch engine ... and those authors (just PJE?) can > optimize on what they actually need. > I guess I can just try to do ``item.__index__()`` and if that triggers an AttributeError assume it is a name. > > Remove ``has_*`` attributes? > > ---------------------------- > > > If an EAFP approach to the API is taken, > > Please leave them; it is difficult to catch Exceptions in a list comprehension. > You can also just use hasattr() if needed. > > Have ``var_args`` and ``_var_kw_args`` default to ``None``? > > Makes sense to me, particularly since it should probably be consistent > with function name, and that should probably be None. So another vote for None. Thanks for the feedback, Jim! From guido at python.org Sat Sep 8 05:15:18 2007 From: guido at python.org (Guido van Rossum) Date: Fri, 7 Sep 2007 20:15:18 -0700 Subject: [Python-Dev] PEP 362: Signature objects In-Reply-To: References: Message-ID: On 9/7/07, Brett Cannon wrote: > On 9/7/07, Jim Jewett wrote: > > > A Signature object has the following structure attributes: > > > > > * name : str > > > Name of the function. This is not fully qualified because > > > function objects for methods do not know the class they are > > > contained within. This makes functions and methods > > > indistinguishable from one another when passed to decorators, > > > preventing proper creation of a fully qualified name. > > > > (1) Would this change with the new static __class__ attribute used > > for the new super? > > I don't know enough about the super implementation to know. If you > can figure out the class from the function object alone then sure, > this can change. I don't think it'll work -- the __class__ variable is only available *within* the function, not when one is introspecting the function object. Also, it is only available for functions that reference 'super' (or __class__ directly). As __class__ is passed into the function call as a "cell" variable (like references to variables from outer scopes), its mere presense slows down the call somewhat, hence it is only present when used. (BTW, it is not an attribute.) BTW there's a good reason why functions don't have easier access to the class in which they are defined: functions can easily be moved or shared between classes. The __class__ variable only records the class inside which the function is defined lexically, if any. -- --Guido van Rossum (home page: http://www.python.org/~guido/) From hrvoje.niksic at avl.com Sat Sep 8 12:36:48 2007 From: hrvoje.niksic at avl.com (Hrvoje =?UTF-8?Q?Nik=C5=A1i=C4=87?=) Date: Sat, 08 Sep 2007 12:36:48 +0200 Subject: [Python-Dev] working with Python threads from C extension module? In-Reply-To: <07Sep7.162040pdt."57996"@synergy1.parc.xerox.com> References: <07Sep7.160910pdt."57996"@synergy1.parc.xerox.com> <07Sep7.162040pdt."57996"@synergy1.parc.xerox.com> Message-ID: <1189247808.11322.212.camel@localhost> On Fri, 2007-09-07 at 16:20 -0700, Bill Janssen wrote: > > #define SSL_ALLOW_THREADS {if (_ssl_locks != NULL) { Py_BEGIN_ALLOW_THREADS }} > > #define SSL_DISALLOW_THREADS {if (_ssl_locks != NULL) { Py_BEGIN_ALLOW_THREADS }} > > I'd forgotten how convoluted Py_BEGIN_ALLOW_THREADS and > Py_END_ALLOW_THREADS were. Anyone have any other suggestions about > how to do this? Be convoluted yourself and do this: #define PySSL_BEGIN_ALLOW_THREADS { if (_ssl_locks) { Py_BEGIN_ALLOW_THREADS #define PySSL_END_ALLOW_THREADS Py_END_ALLOW_THREADS } } (Untested, but I think it should work.) From martin at v.loewis.de Sat Sep 8 14:41:38 2007 From: martin at v.loewis.de (=?ISO-8859-15?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Sat, 08 Sep 2007 14:41:38 +0200 Subject: [Python-Dev] Buildbot upgraded to 0.7.5 Message-ID: <46E29882.8080707@v.loewis.de> I just upgraded the buildbot master to 0.7.5. If you see any problems, please let me know. Neal: buildbot now supports reloading of configurations, without interrupting builds. Try "buildbot reconfig" when you make a change (certain changes would still require a restart). Regards, Martin From janssen at parc.com Sat Sep 8 17:18:35 2007 From: janssen at parc.com (Bill Janssen) Date: Sat, 8 Sep 2007 08:18:35 PDT Subject: [Python-Dev] working with Python threads from C extension module? In-Reply-To: <1189247808.11322.212.camel@localhost> References: <07Sep7.160910pdt."57996"@synergy1.parc.xerox.com> <07Sep7.162040pdt."57996"@synergy1.parc.xerox.com> <1189247808.11322.212.camel@localhost> Message-ID: <07Sep8.081836pdt."57996"@synergy1.parc.xerox.com> > Be convoluted yourself and do this: > > #define PySSL_BEGIN_ALLOW_THREADS { if (_ssl_locks) { Py_BEGIN_ALLOW_THREADS > #define PySSL_END_ALLOW_THREADS Py_END_ALLOW_THREADS } } > > (Untested, but I think it should work.) Yes, that had occurred to me. We want the code inside the braces still to run if the locks aren't held, so something more like #define PySSL_BEGIN_ALLOW_THREADS { \ PyThreadState *_save; \ if (_ssl_locks_count>0) {_save = PyEval_SaveThread();} #define PySSL_BLOCK_THREADS if (_ssl_locks_count>0){PyEval_RestoreThread(_save)}; #define PySSL_UNBLOCK_THREADS if (_ssl_locks_count>0){_save = PyEval_SaveThread()}; #define PySSL_END_ALLOW_THREADS if (_ssl_locks_count>0){PyEval_RestoreThread(_save);} \ } would do the trick. Unfortunately, this doesn't deal with the macro behaviour. The user has "turned on" threading; they expect reads and writes to yield the GIL so that other threads can make progress. But the fact that threading has been "turned on" after the SSL module has been initialized, means that threads don't work inside the SSL code. So the user's understanding of the system will be broken. No, I don't see any good way to fix this except to add a callback chain inside PyThread_init_thread, which is run down when threads are initialized. Any module which needs to set up threads registers itself on that chain, and gets called as part of PyThread_init_thread. But I'm far from the smartest person on this list :-), so perhaps someone else will see a good solution. This has got to be a problem with other extension modules linked to libraries which have their own threading abstractions. Bill From gjcarneiro at gmail.com Sat Sep 8 17:37:07 2007 From: gjcarneiro at gmail.com (Gustavo Carneiro) Date: Sat, 8 Sep 2007 16:37:07 +0100 Subject: [Python-Dev] working with Python threads from C extension module? In-Reply-To: <7088780289868241160@unknownmsgid> References: <1189247808.11322.212.camel@localhost> <7088780289868241160@unknownmsgid> Message-ID: On 08/09/2007, Bill Janssen wrote: > > > Be convoluted yourself and do this: > > > > #define PySSL_BEGIN_ALLOW_THREADS { if (_ssl_locks) { > Py_BEGIN_ALLOW_THREADS > > #define PySSL_END_ALLOW_THREADS Py_END_ALLOW_THREADS } } > > > > (Untested, but I think it should work.) > > Yes, that had occurred to me. We want the code inside the braces > still to run if the locks aren't held, so something more like > > #define PySSL_BEGIN_ALLOW_THREADS { \ > PyThreadState *_save; \ > if (_ssl_locks_count>0) {_save = > PyEval_SaveThread();} > #define PySSL_BLOCK_THREADS if > (_ssl_locks_count>0){PyEval_RestoreThread(_save)}; > #define PySSL_UNBLOCK_THREADS if (_ssl_locks_count>0){_save = > PyEval_SaveThread()}; > #define PySSL_END_ALLOW_THREADS if > (_ssl_locks_count>0){PyEval_RestoreThread(_save);} \ > } > > would do the trick. Unfortunately, this doesn't deal with the macro > behaviour. The user has "turned on" threading; they expect reads and > writes to yield the GIL so that other threads can make progress. But > the fact that threading has been "turned on" after the SSL module has > been initialized, means that threads don't work inside the SSL code. > So the user's understanding of the system will be broken. > > No, I don't see any good way to fix this except to add a callback > chain inside PyThread_init_thread, which is run down when threads are > initialized. Any module which needs to set up threads registers itself > on that chain, and gets called as part of PyThread_init_thread. But > I'm far from the smartest person on this list :-), so perhaps someone > else will see a good solution. I think this is a helpful additional tool to solve threading problems. Doesn't solve everything, but it certainly helps :-) For instance, one thing it doesn't solve is when a library being wrapped can be initialized with multithreading support, but only allows such initialization as a very first API call; you can't initialize threading at any arbitrary time during application runtime. Unfortunately I don't think there is any sane way to fix this problem :-( This has got to be a problem with other extension modules linked to > libraries which have their own threading abstractions. Yes. Another problem is that python extensions may not wish to incur performance penalty of python threading calls. For instance, pyorbit has these macros: #define pyorbit_gil_state_ensure() (PyEval_ThreadsInitialized()? (PyGILState_Ensure()) : 0) #define pyorbit_gil_state_release(state) G_STMT_START { \ if (PyEval_ThreadsInitialized()) \ PyGILState_Release(state); \ } G_STMT_END #define pyorbit_begin_allow_threads \ G_STMT_START { \ PyThreadState *_save = NULL; \ if (PyEval_ThreadsInitialized()) \ _save = PyEval_SaveThread(); #define pyorbit_end_allow_threads \ if (PyEval_ThreadsInitialized()) \ PyEval_RestoreThread(_save); \ } G_STMT_END They all call PyEval_ThreadsInitialized() before doing anything thread related to save some performance. The other reason to do it this way is that the Python API calls themselves abort if they are called with threading not initialized. It would be nice the upstream python GIL macros were more like pyorbit and became no-ops when threading is not enabled. -- Gustavo J. A. M. Carneiro INESC Porto, Telecommunications and Multimedia Unit "The universe is always one step beyond logic." -- Frank Herbert -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.python.org/pipermail/python-dev/attachments/20070908/5d3a01f6/attachment.htm From janssen at parc.com Sat Sep 8 18:51:41 2007 From: janssen at parc.com (Bill Janssen) Date: Sat, 8 Sep 2007 09:51:41 PDT Subject: [Python-Dev] which SSL client protocols work with which server protocols? Message-ID: <07Sep8.095142pdt."57996"@synergy1.parc.xerox.com> I've now built a framework in test_ssl to test all client protocols (SSL2, SSL3, SSL23, TLS1) against all server protocols, and here's what I've come up with. Servers are along the X axis, and clients are on the Y axis. "Yes" means that that client protocol can talk to that server protocol. SSL2 SSL3 SS23 TLS1 SSL2 yes no no no SSL3 yes yes yes no SSL23 no no yes no TLS1 no no yes yes I'm a bit surprised by the facts that (1) an SSL2 client can't connect to an SSL23 server, and (2) an SSL23 client can *only* connect to an SSL23 server. Can anyone verify that these combos (the results of testing with the Python framework) are indeed to be expected? Bill From janssen at parc.com Sat Sep 8 20:41:42 2007 From: janssen at parc.com (Bill Janssen) Date: Sat, 8 Sep 2007 11:41:42 PDT Subject: [Python-Dev] working with Python threads from C extension module? In-Reply-To: <07Sep8.081836pdt."57996"@synergy1.parc.xerox.com> References: <07Sep7.160910pdt."57996"@synergy1.parc.xerox.com> <07Sep7.162040pdt."57996"@synergy1.parc.xerox.com> <1189247808.11322.212.camel@localhost> <07Sep8.081836pdt."57996"@synergy1.parc.xerox.com> Message-ID: <07Sep8.114147pdt."57996"@synergy1.parc.xerox.com> > This has got to be a problem with other extension modules linked to > libraries which have their own threading abstractions. Sure enough, sqlite3 simply assumes threads (won't build without them), and turns them on if it's used (by calling PyThread_get_thread_ident(), which in turn calls PyThread_init_thread()). Bill From janssen at parc.com Sat Sep 8 20:57:33 2007 From: janssen at parc.com (Bill Janssen) Date: Sat, 8 Sep 2007 11:57:33 PDT Subject: [Python-Dev] testing in a Python --without-threads build Message-ID: <07Sep8.115742pdt."57996"@synergy1.parc.xerox.com> I can't seem to run the regression tests in a --without-threads build. Might be interesting to configure a buildbot this way to keep ourselves honest. Bill From janssen at parc.com Sat Sep 8 21:19:26 2007 From: janssen at parc.com (Bill Janssen) Date: Sat, 8 Sep 2007 12:19:26 PDT Subject: [Python-Dev] testing in a Python --without-threads build In-Reply-To: <07Sep8.115742pdt."57996"@synergy1.parc.xerox.com> References: <07Sep8.115742pdt."57996"@synergy1.parc.xerox.com> Message-ID: <07Sep8.121928pdt."57996"@synergy1.parc.xerox.com> > I can't seem to run the regression tests in a --without-threads build. > Might be interesting to configure a buildbot this way to keep > ourselves honest. Because regrtest.py was importing test_socket_ssl without catching the ImportError exception: % ./python.exe ./Lib/test/regrtest.py test_socket_ssl test_socket_ssl test_socket_ssl skipped -- No module named thread 1 test skipped: test_socket_ssl Traceback (most recent call last): File "./Lib/test/regrtest.py", line 1190, in main() File "./Lib/test/regrtest.py", line 416, in main e = _ExpectedSkips() File "./Lib/test/regrtest.py", line 1111, in __init__ from test import test_socket_ssl File "/local/python/trunk/src/Lib/test/test_socket_ssl.py", line 8, in import threading File "/local/python/trunk/src/Lib/threading.py", line 6, in import thread ImportError: No module named thread % So, is this an "expected skip" or not? Bill From martin at v.loewis.de Sat Sep 8 21:40:52 2007 From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Sat, 08 Sep 2007 21:40:52 +0200 Subject: [Python-Dev] testing in a Python --without-threads build In-Reply-To: <07Sep8.121928pdt."57996"@synergy1.parc.xerox.com> References: <07Sep8.115742pdt."57996"@synergy1.parc.xerox.com> <07Sep8.121928pdt."57996"@synergy1.parc.xerox.com> Message-ID: <46E2FAC4.2030900@v.loewis.de> >> I can't seem to run the regression tests in a --without-threads build. >> Might be interesting to configure a buildbot this way to keep >> ourselves honest. > > Because regrtest.py was importing test_socket_ssl without catching the > ImportError exception: If that is the reason you cannot run it, then it seems it works just fine. There is nothing wrong with tests getting skipped. > So, is this an "expected skip" or not? No. IIUC, "expected skips" are a platform property. For your platform, support for threads is expected (whatever your platform is as log as it was built in this millenium). Regards, Martin From janssen at parc.com Sat Sep 8 22:16:47 2007 From: janssen at parc.com (Bill Janssen) Date: Sat, 8 Sep 2007 13:16:47 PDT Subject: [Python-Dev] testing in a Python --without-threads build In-Reply-To: <46E2FAC4.2030900@v.loewis.de> References: <07Sep8.115742pdt."57996"@synergy1.parc.xerox.com> <07Sep8.121928pdt."57996"@synergy1.parc.xerox.com> <46E2FAC4.2030900@v.loewis.de> Message-ID: <07Sep8.131648pdt."57996"@synergy1.parc.xerox.com> > > Because regrtest.py was importing test_socket_ssl without catching the > > ImportError exception: > > If that is the reason you cannot run it, then it seems it works just > fine. There is nothing wrong with tests getting skipped. It wasn't getting skipped, it was crashing the regression testing harness. test_unittest catches the ImportError, but this was imported directly from regrtest.py. > > So, is this an "expected skip" or not? > > No. IIUC, "expected skips" are a platform property. For your platform, > support for threads is expected (whatever your platform is as log as > it was built in this millenium). OK. I'll put in a check for this. In fact, here's a patch: Index: Lib/test/regrtest.py =================================================================== --- Lib/test/regrtest.py (revision 58052) +++ Lib/test/regrtest.py (working copy) @@ -1108,7 +1108,6 @@ class _ExpectedSkips: def __init__(self): import os.path - from test import test_socket_ssl from test import test_timeout self.valid = False @@ -1122,8 +1121,13 @@ if not os.path.supports_unicode_filenames: self.expected.add('test_pep277') - if test_socket_ssl.skip_expected: - self.expected.add('test_socket_ssl') + try: + from test import test_socket_ssl + except ImportError: + pass + else: + if test_socket_ssl.skip_expected: + self.expected.add('test_socket_ssl') if test_timeout.skip_expected: self.expected.add('test_timeout') Bill From janssen at parc.com Sat Sep 8 22:28:22 2007 From: janssen at parc.com (Bill Janssen) Date: Sat, 8 Sep 2007 13:28:22 PDT Subject: [Python-Dev] what platforms require RAND_add() before using SSL? Message-ID: <07Sep8.132823pdt."57996"@synergy1.parc.xerox.com> There are some functions in _ssl.c for gathering randomness from a daemon, and adding that randomness to the pseudo-random number generator in SSL, before using SSL. There's a note there saying that "on some platform" this is necessary. Anyone know which platforms? Bill From janssen at parc.com Sat Sep 8 22:36:39 2007 From: janssen at parc.com (Bill Janssen) Date: Sat, 8 Sep 2007 13:36:39 PDT Subject: [Python-Dev] [Python-3000] 3.0 crypto In-Reply-To: <07Sep8.123933pdt."58663"@synergy1.parc.xerox.com> References: <07Sep8.123933pdt."58663"@synergy1.parc.xerox.com> Message-ID: <07Sep8.133648pdt."57996"@synergy1.parc.xerox.com> > We're already linking against the OpenSSL EVP libraries for hashlib > (and against the OpenSSL SSL libraries for the SSL support). It > wouldn't be hard to expose the EVP functions a bit more, essentially > as hash functions that return long (and reversible) hashes: > > encryptor = opensslevp.encryptor("AES-256-CBC", ...maybe some options...) > encryptor.update(...some plaintext...) Almost certainly this signature should be encryptor = opensslevp.encryptor("AES-256-CBC", KEY, ...options...) and correspondingly decryptor = opensslevp.decryptor("AES-256-CBC", KEY, ...options...) Bill From janssen at parc.com Sun Sep 9 02:19:30 2007 From: janssen at parc.com (Bill Janssen) Date: Sat, 8 Sep 2007 17:19:30 PDT Subject: [Python-Dev] can't run test_tcl remotely logged in on an OS X machine Message-ID: <07Sep8.171933pdt."57996"@synergy1.parc.xerox.com> "test_tcl" fails on me (OS X 10.4.10 on an Intel Mac, remotely logged in via SSH and X Windows): % test_tcl 2007-09-08 17:00:22.629 python.exe[4163] CFLog (0): CFMessagePort: bootstrap_register(): failed 1100 (0x44c), port = 0x3a03, name = 'Processes-0.58327041' See /usr/include/servers/bootstrap_defs.h for the error codes. 2007-09-08 17:00:22.630 python.exe[4163] CFLog (99): CFMessagePortCreateLocal(): failed to name Mach port (Processes-0.58327041) CFMessagePortCreateLocal failed (name = Processes-0.58327041 error = 0) Abort % This is on the trunk. Bill From nick.bastin at gmail.com Sun Sep 9 05:05:23 2007 From: nick.bastin at gmail.com (Nicholas Bastin) Date: Sat, 8 Sep 2007 23:05:23 -0400 Subject: [Python-Dev] testing in a Python --without-threads build In-Reply-To: <46E2FAC4.2030900@v.loewis.de> References: <46E2FAC4.2030900@v.loewis.de> Message-ID: <66d0a6e10709082005u4af353ebpbd0b7cd6c27db242@mail.gmail.com> Might expected skips instead be based on your current configuration instead of what someone statically decided what would be appropriate for your platform? Every new release I have to go through the 'unexpected skips' to determine that they're perfectly fine for how I configured python. It seems that we ought to provide a mechanism for querying python for how the build was configured (although for non-unittest cases, failing to import some modules is usually sufficient information - knowing why they fail probably doesn't matter) On 9/8/07, "Martin v. L?wis" wrote: > >> I can't seem to run the regression tests in a --without-threads build. > >> Might be interesting to configure a buildbot this way to keep > >> ourselves honest. > > > > Because regrtest.py was importing test_socket_ssl without catching the > > ImportError exception: > > If that is the reason you cannot run it, then it seems it works just > fine. There is nothing wrong with tests getting skipped. > > > So, is this an "expected skip" or not? > > No. IIUC, "expected skips" are a platform property. For your platform, > support for threads is expected (whatever your platform is as log as > it was built in this millenium). > > Regards, > Martin > _______________________________________________ > Python-Dev mailing list > Python-Dev at python.org > http://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > http://mail.python.org/mailman/options/python-dev/nick.bastin%40gmail.com > From martin at v.loewis.de Sun Sep 9 09:38:29 2007 From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Sun, 09 Sep 2007 09:38:29 +0200 Subject: [Python-Dev] what platforms require RAND_add() before using SSL? In-Reply-To: <07Sep8.132823pdt."57996"@synergy1.parc.xerox.com> References: <07Sep8.132823pdt."57996"@synergy1.parc.xerox.com> Message-ID: <46E3A2F5.9020305@v.loewis.de> > There are some functions in _ssl.c for gathering randomness from a > daemon, and adding that randomness to the pseudo-random number > generator in SSL, before using SSL. There's a note there saying that > "on some platform" this is necessary. Anyone know which platforms? In general, anything that does not have /dev/[u]random; older Solaris releases and HP-UX in particular. Regards, Martin From martin at v.loewis.de Sun Sep 9 09:41:30 2007 From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Sun, 09 Sep 2007 09:41:30 +0200 Subject: [Python-Dev] can't run test_tcl remotely logged in on an OS X machine In-Reply-To: <07Sep8.171933pdt."57996"@synergy1.parc.xerox.com> References: <07Sep8.171933pdt."57996"@synergy1.parc.xerox.com> Message-ID: <46E3A3AA.6030103@v.loewis.de> > "test_tcl" fails on me (OS X 10.4.10 on an Intel Mac, remotely logged > in via SSH and X Windows): > > % test_tcl > 2007-09-08 17:00:22.629 python.exe[4163] CFLog (0): CFMessagePort: bootstrap_register(): failed 1100 (0x44c), port = 0x3a03, name = 'Processes-0.58327041' > See /usr/include/servers/bootstrap_defs.h for the error codes. > 2007-09-08 17:00:22.630 python.exe[4163] CFLog (99): CFMessagePortCreateLocal(): failed to name Mach port (Processes-0.58327041) > CFMessagePortCreateLocal failed (name = Processes-0.58327041 error = 0) > Abort > % > > This is on the trunk. That's no surprise, I would say: it seems you link against TkAqua (not X11 Tk); for that to work, you need a reference to WindowServer, which won't be available when logged in through SSL. Regards, Martin From giszo at nyomi.hu Sun Sep 9 11:17:31 2007 From: giszo at nyomi.hu (Giszo) Date: Sun, 9 Sep 2007 11:17:31 +0200 Subject: [Python-Dev] Porting python Message-ID: Hi! I've tried to port Python (2.3.6 and 2.5.1) to my own OS. The compilation of the python library is done after a few hours of work. When i try to run the compiled executable i got an error shown on the following screenshot: http://giszo.lame.hu/jshot/screens/screen31.png After a little while of debugging i know that it fails bootstrapping the exceptions because the initializer function failes to get the "__builtin__" module. Adding debug printfs to the bltinmodule.c init code it looks like the builtin module is initialized properly. I'd like to ask some help where i should start checking the code to fix the error. Thanks! ________________________________________________ Message sent using UebiMiau 2.7.9 From martin at v.loewis.de Sun Sep 9 11:46:27 2007 From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Sun, 09 Sep 2007 11:46:27 +0200 Subject: [Python-Dev] Porting python In-Reply-To: References: Message-ID: <46E3C0F3.6080701@v.loewis.de> > I'd like to ask some help where i should start checking the code to fix the > error. Python searches possible candidate locations of the standard library for a landmark, see getpath.c; currently, the landmark is os.py. If it doesn't find the landmark, it complains. Regards, Martin From janssen at parc.com Sun Sep 9 17:44:17 2007 From: janssen at parc.com (Bill Janssen) Date: Sun, 9 Sep 2007 08:44:17 PDT Subject: [Python-Dev] what platforms require RAND_add() before using SSL? In-Reply-To: <46E3A2F5.9020305@v.loewis.de> References: <07Sep8.132823pdt."57996"@synergy1.parc.xerox.com> <46E3A2F5.9020305@v.loewis.de> Message-ID: <07Sep9.084424pdt."57996"@synergy1.parc.xerox.com> > > There are some functions in _ssl.c for gathering randomness from a > > daemon, and adding that randomness to the pseudo-random number > > generator in SSL, before using SSL. There's a note there saying that > > "on some platform" this is necessary. Anyone know which platforms? > > In general, anything that does not have /dev/[u]random; > older Solaris releases and HP-UX in particular. Thanks, I"ll add that to the documentation. Any ideas what the values of the "entropy" parameter to RAND_add() are like, or how they are derived? I did a rapid skim of RFC 1750, but didn't see it there. Bill From janssen at parc.com Sun Sep 9 17:46:34 2007 From: janssen at parc.com (Bill Janssen) Date: Sun, 9 Sep 2007 08:46:34 PDT Subject: [Python-Dev] can't run test_tcl remotely logged in on an OS X machine In-Reply-To: <46E3A3AA.6030103@v.loewis.de> References: <07Sep8.171933pdt."57996"@synergy1.parc.xerox.com> <46E3A3AA.6030103@v.loewis.de> Message-ID: <07Sep9.084639pdt."57996"@synergy1.parc.xerox.com> > > "test_tcl" fails on me (OS X 10.4.10 on an Intel Mac, remotely logged > > in via SSH and X Windows): > > That's no surprise, I would say: it seems you link against TkAqua > (not X11 Tk); for that to work, you need a reference to WindowServer, > which won't be available when logged in through SSL. Actually, I think it literally *is* a surprise; if it were truly "no surprise", the testing harness would have caught it and moved on to the other tests. But if you mean, "no big deal", I agree. Bill From lukem at NetBSD.org Mon Sep 10 01:54:30 2007 From: lukem at NetBSD.org (Luke Mewburn) Date: Mon, 10 Sep 2007 09:54:30 +1000 Subject: [Python-Dev] Word size inconsistencies in C extension modules Message-ID: <20070909235430.GV25031@mewburn.net> Hi folks. While working on an in-house application that uses the curses module, we noticed that it didn't work as expected on an AIX system (powerpc 64-bit big-endian LP64), using python 2.3.5. On a hunch, I took a look through the _cursesmodule.c code and noticed the use of PyArg_ParseTuple()'s "l" decoding mode to retrieve a "long" from python into a C type (attr_t) that on AIX is an int. On 64-bit LP64 platforms, sizeof(long) > sizeof(int), so this doesn't quite work, especially on big-endian systems. Further research into curses shows that different platforms use a different underlying C type for the attr_t type (int, unsigned int, long, unsigned long), so changing the PyArg_ParseTuple() to using the "i" decoding mode probably wasn't portable. I documented this problem and provided a patch that fixes it against the head of the svn trunk in http://bugs.python.org/issue1114 (because the problem appears to still exist in the latest code.) My workaround was to use a separate explicit C "long" to decode the value from python into, and then just assign that to the final value and hope that the type promotion does the right thing on the native platfomr. My questions are: (a) What's the "preferred" style in python extension modules of parsing a number from python into a C type, where the C type size may change on different platforms? Is my method of guessing what the largest common size will be (long, unsigned long, ...), reading into that, and assigning to the final type, acceptable? (b) Is there a desire to see the standard python C extension modules cleaned up to use the answer to (a), especially where said modules may be susceptable to the word size problems I mentioned? (64bit big-endian platforms such as powerpc and sparc64 are good for detecting word-size lossage) cheers, Luke. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available Url : http://mail.python.org/pipermail/python-dev/attachments/20070910/734b38ce/attachment.pgp From janssen at parc.com Mon Sep 10 03:41:32 2007 From: janssen at parc.com (Bill Janssen) Date: Sun, 9 Sep 2007 18:41:32 PDT Subject: [Python-Dev] tests expanded for SSL module -- other suggestions? Message-ID: <07Sep9.184134pdt."57996"@synergy1.parc.xerox.com> I'm looking for suggestions for other SSL module tests. Here's the result of running my (not yet checked-in) test_ssl.py module in verbose mode. I'm pretty happy with the codebase right now, and barring other tests, I'm ready to check it in and start on the 3.x patch (or perhaps the 2.3 package). In the client/server tests, a new server thread is created for each test. In the STARTTLS test, several messages are exchanged in the clear, then the client sends a STARTTLS message and after the server replies "OK", initiates the TLS handshake. It would be nice to have an external HTTPS server on python.org that could be used for an HTTPS connection test. Is there one? Bill % ./python.exe ./Lib/test/regrtest.py -u all -v test_ssl test_ssl testCrucialConstants (test.test_ssl.BasicTests) ... ok testParseCert (test.test_ssl.BasicTests) ... {'notAfter': 'Feb 16 16:54:50 2013 GMT', 'subject': ((('countryName', u'US'),), (('stateOrProvinceName', u'Delaware'),), (('localityName', u'Wilmington'),), (('organizationName', u'Python Software Foundation'),), (('organizationalUnitName', u'SSL'),), (('commonName', u'somemachine.python.org'),))} ok testRAND (test.test_ssl.BasicTests) ... RAND_status is 1 (sufficient randomness) ok testSSLconnect (test.test_ssl.BasicTests) ... ok testEcho (test.test_ssl.ConnectedTests) ... server: new connection from ('127.0.0.1', 51840) server: connection cipher is now ('AES256-SHA', 'TLSv1/SSLv3', 256) client: sending 'FOO\n'... server: read 'FOO\n', sending back 'foo\n'... client: read 'foo\n' client: closing connection. server: client closed connection ok testMalformedCert (test.test_ssl.ConnectedTests) ... ok testMalformedKey (test.test_ssl.ConnectedTests) ... ok testNULLcert (test.test_ssl.ConnectedTests) ... ok testReadCert (test.test_ssl.ConnectedTests) ... {'notAfter': 'Feb 16 16:54:50 2013 GMT', 'subject': ((('countryName', u'US'),), (('stateOrProvinceName', u'Delaware'),), (('localityName', u'Wilmington'),), (('organizationName', u'Python Software Foundation'),), (('organizationalUnitName', u'SSL'),), (('commonName', u'somemachine.python.org'),))} Connection cipher is ('AES256-SHA', 'TLSv1/SSLv3', 256). ok testRudeShutdown (test.test_ssl.ConnectedTests) ... ok testSSL2 (test.test_ssl.ConnectedTests) ... SSLv2->SSLv2 CERT_NONE SSLv2->SSLv2 CERT_OPTIONAL SSLv2->SSLv2 CERT_REQUIRED SSLv23->SSLv2 CERT_NONE {SSLv3->SSLv2} CERT_NONE {TLSv1->SSLv2} CERT_NONE ok testSSL23 (test.test_ssl.ConnectedTests) ... {SSLv2->SSLv23} CERT_NONE SSLv3->SSLv23 CERT_NONE SSLv23->SSLv23 CERT_NONE TLSv1->SSLv23 CERT_NONE {SSLv2->SSLv23} CERT_OPTIONAL SSLv3->SSLv23 CERT_OPTIONAL SSLv23->SSLv23 CERT_OPTIONAL TLSv1->SSLv23 CERT_OPTIONAL {SSLv2->SSLv23} CERT_REQUIRED SSLv3->SSLv23 CERT_REQUIRED SSLv23->SSLv23 CERT_REQUIRED TLSv1->SSLv23 CERT_REQUIRED ok testSSL3 (test.test_ssl.ConnectedTests) ... SSLv3->SSLv3 CERT_NONE SSLv3->SSLv3 CERT_OPTIONAL SSLv3->SSLv3 CERT_REQUIRED {SSLv2->SSLv3} CERT_NONE {SSLv23->SSLv3} CERT_NONE {TLSv1->SSLv3} CERT_NONE ok testSTARTTLS (test.test_ssl.ConnectedTests) ... client: sending 'msg 1'... server: new connection from ('127.0.0.1', 51870) server: read 'msg 1', sending back 'msg 1'... client: read 'msg 1' from server client: sending 'MSG 2'... server: read 'MSG 2', sending back 'msg 2'... client: read 'msg 2' from server client: sending 'STARTTLS'... server: read STARTTLS from client, sending OK... client: read 'OK\n' from server, starting TLS... server: connection cipher is now ('AES256-SHA', 'TLSv1/SSLv3', 256) client: sending 'MSG 3'... server: read 'MSG 3', sending back 'msg 3'... client: read 'msg 3' from server client: sending 'msg 4'... server: read 'msg 4', sending back 'msg 4'... client: read 'msg 4' from server client: closing connection. server: client closed connection ok testTLS1 (test.test_ssl.ConnectedTests) ... TLSv1->TLSv1 CERT_NONE TLSv1->TLSv1 CERT_OPTIONAL TLSv1->TLSv1 CERT_REQUIRED {SSLv2->TLSv1} CERT_NONE {SSLv3->TLSv1} CERT_NONE {SSLv23->TLSv1} CERT_NONE ok ---------------------------------------------------------------------- Ran 15 tests in 6.866s OK 1 test OK. CAUTION: stdout isn't compared in verbose mode: a test that passes in verbose mode may fail without it. [23679 refs] From pfdubois at gmail.com Mon Sep 10 07:30:14 2007 From: pfdubois at gmail.com (Paul Dubois) Date: Sun, 9 Sep 2007 22:30:14 -0700 Subject: [Python-Dev] summaries not arriving Message-ID: The weekly summaries from the new bug tracker are disappearing somewhere between the tracker and python-dev. My attempt to post one by hand was rejected by python-dev-owner (Barry Warsaw?) without explanation. Perhaps he has bounced the others; emails to python-dev-owner result in an automated message suggesting that my mail may never be read so I don't know how to ask him. As a small boy I once knew wrote, I must not use bad words. (:-> Paul Dubois -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.python.org/pipermail/python-dev/attachments/20070909/f23e68ee/attachment.htm From martin at v.loewis.de Mon Sep 10 07:37:02 2007 From: martin at v.loewis.de (=?ISO-8859-15?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Mon, 10 Sep 2007 07:37:02 +0200 Subject: [Python-Dev] Word size inconsistencies in C extension modules In-Reply-To: <20070909235430.GV25031@mewburn.net> References: <20070909235430.GV25031@mewburn.net> Message-ID: <46E4D7FE.5090905@v.loewis.de> > (a) What's the "preferred" style in python extension modules > of parsing a number from python into a C type, where the > C type size may change on different platforms? > Is my method of guessing what the largest common size > will be (long, unsigned long, ...), reading into that, > and assigning to the final type, acceptable? Yes, that's the best thing we have come up with. You then have the issue on potential truncation on assignment: if the value passed fits into a long (say) but not an attr_t, it would be good if an error was raised. In the past, we have typically coded that ValueError explicitly after the ParseTuple call. In principle, it is possible to deal with these in ParseTuple. To do so: a) in configure.in, make a configure-time check to compute the size of the type, and possibly its signedness. b) in _cursesmodule.c, make a conditional define of ATTR_T_FMT, which would be either "i" or "l" (or #error if it's neither the size of int nor the size of long). Then rely on string concatenation in using that define. > (b) Is there a desire to see the standard python C extension > modules cleaned up to use the answer to (a), especially > where said modules may be susceptable to the word > size problems I mentioned? Most certainly. There shouldn't be that many places left, though; most have been fixed over the years already. I have a GCC patch which checks for correctness of ParseTuple calls (in terms of data size) if you are interested. Regards, Martin From glyph at divmod.com Mon Sep 10 07:58:52 2007 From: glyph at divmod.com (glyph at divmod.com) Date: Mon, 10 Sep 2007 05:58:52 -0000 Subject: [Python-Dev] Design and direction of the SSL module (was Re: frozenset C API?) In-Reply-To: <07Sep6.111518pdt."57996"@synergy1.parc.xerox.com> References: <-4762611594645938717@unknownmsgid> <46DDCD7C.40004@v.loewis.de> <46DE3DB8.6000004@v.loewis.de> <46DECFF6.4040107@v.loewis.de> <46DEF5FF.8040602@v.loewis.de> <46DEFF3C.90306@v.loewis.de> <-1936579380892715012@unknownmsgid> <60ed19d40709060950qe3ea6eft27b0276768ffa7bb@mail.gmail.com> <07Sep6.101542pdt."57996"@synergy1.parc.xerox.com> <20070906174518.21185.1342025567.divmod.xquotient.7082@joule.divmod.com> <07Sep6.111518pdt."57996"@synergy1.parc.xerox.com> Message-ID: <20070910055852.5579.246755534.divmod.xquotient.735@joule.divmod.com> Sorry for the late response. As always, I have a lot of other stuff going on at the moment, but I'm very interested in this subject. On 6 Sep, 06:15 pm, janssen at parc.com wrote: >>PyOpenSSL, in particular, is both a popular de-facto >>standard *and* almost completely unmaintained; python's standard >>library >>could absorb/improve it with little fuss. > >Good idea, go for it! A full wrapper for OpenSSL is beyond the scope >of my ambition; I'm simply trying to add a simple fix to what's >already in the standard library. I guess I'd like to know two things. One, what *is* the scope of your amibition? I feel silly for asking, because I am pretty sure that somewhere in the beginning of this thread I missed either a proposal, a PEP reference, or a ticket number, but I've poked around a little and I can't seem to find it. Can you provide a reference, or describe what it is you're trying to do? Two, what's the scope of "the" plans for the SSL module in general for Python? I think I misinterpreted several things that you said as "the plan" rather than your own personal requirements: but if in reality, I can "go for it", I'd really like to help make the stdlib SSL module to be a really good, full-featured OpenSSL implementation for Python so we can have it elsewhere. (If I recall correctly you mentioned you'd like to use it with earlier Python versions as well...?) Many of the things that you recommend using another SSL library for, like pulling out arbitrary extensions, are incredibly unweildy or flat- out broken in these libraries. It's not that I mind going to a different source for this functionality; it's that in many cases, there *isn't* another source :). I think I might have said this already, but subjectAltName, for example, isn't exposed in any way by PyOpenSSL. I didn't particularly want to start my own brand-new SSL wrapper project, and contributing to the actively-maintained stdlib implementation is a lot more appealing than forking the moribund PyOpenSSL. However, even with lots of help on the maintenance, converting the current SSL module into a complete SSL library is a lot of work. Here are the questions that I'd like answers to before starting to think seriously about it: * Is this idea even congruent with the overall goals of other developers interested in SSL for Python? If not, I'm obviously barking up the wrong tree. * Would it be possible to distribute as a separate library? (I think I remember Bill saying something about that already...) * When would such work have to be completed by to fit into the 2.6 release? (I just want a rough estimate, here.) * Should someone - and I guess by someone I mean me - write up a PEP describing this? My own design for an SSL wrapper - although this simply a Python layer around PyOpenSSL - is here: http://twistedmatrix.com/trac/browser/trunk/twisted/internet/_sslverify.py This isn't really complete - in particular, the documentation is lacking, and it can't implement the stuff PyOpenSSL is missing - but I definitely like the idea of having objects for DNs, certificates, CRs, keys, key pairs, and the ubiquitous certificate-plus-matching-private- key-in-one-file that you need to run an HTTPS server :). If I am going to write a PEP, it will look a lot like that file. _sslverify was originally designed for a system that does lots of automatic signing, so I am particularly interested in it being easy to implement a method like PrivateCertificate.signCertificateRequest - it's always such a pain to get all the calls for signing a CR in any given library *just so*. >>This begs the question: M2Crypto and PyOpenSSL already do what you're >>proposing to do, as far as I can tell, and are, as you say, "more >>powerful". To clarify my point here, when I say that they "already do" what you're doing, what I mean is, they already wrap SSL, and you are trying to wrap SSL :). >I'm trying to give the application the ability to do some level of >authorization without requiring either of those packages. I'd say "why wouldn't you want to require either of those packages?" but actually, I know why you wouldn't want to, and it's that they're bad. So, given that we don't want to require them, wouldn't it be nice if we didn't need to require them at all? :). >Like being >able to tell who's on the other side of the connection :-). Right >now, I think the right fields to expose are I don't quite understand what you mean by "right" fields. Right fields for what use case? This definitely isn't "right" for what I want to use SSL for. > "subject" (I see little point to exposing "issuer"), This is a good example of what I mean. For HTTPS, the relationship between the subject and the issuer is moot, but in my own projects, the relationship is very interesting. Specifically, properties of the issuer define what properties the subject may have, in the verification scheme for Vertex ( http://divmod.org/trac/wiki/DivmodVertex ). (On the other hand, Vertex requires STARTTLS, so it itself can't be an *actual* use-case for this SSL library until it also starts supporting mid- connection TLS startup.) I can understand that you might not have use-cases for exposing these features, but your phrasing suggests that it would be a bad idea to expose them, not just that it's too much work. Am I misinterpreting? Are you just saying it isn't worth the work at this point? > "notAfter" (you're always guaranteed to be after "notBefore", or the > cert wouldn't validate, so I see little point to exposing that, but > "notAfter" can be used after the connection has been established), Wouldn't it be nice to know *why* the cert didn't validate? To provide the user with a message including the notBefore date, in case their clock is set wrong or something? >I don't see how the other fields in the cert can be profitably used. The entire idea of "extensions" is pretty direct about the fact that the original implementor need not understand their profitable use :). >>When you say "the full DER form", are you simply referring to the full >>blob, or a broken-down representation by key and by extension? > >The full blob. Obviously, I think the broken-down representation would be nicer :). I know I'll have to wrangle with a bit of ASN.1 if I want to get anything useful out of most extensions, but if it's just the extension data there are a lot of cases where I think I could fake it. Re-parsing the whole DER is going to require a real, full-on ASN.1 library. From greg at krypto.org Mon Sep 10 08:40:05 2007 From: greg at krypto.org (Gregory P. Smith) Date: Sun, 9 Sep 2007 23:40:05 -0700 Subject: [Python-Dev] BerkeleyDB 4.6.19 is buggy and causes test_bsddb3 to hang Message-ID: <52dc1c820709092340t39986c5er3a6d782409849a03@mail.gmail.com> BerkeleyDB 4.6.19 is a buggy release, the DB_HASH access method databases can lockup the process. This is why several of the bleeding edge distro buildbots are timing out while running test_bsddb3. I've created a simple C test case and made sleepycat^Woracle aware of the problem. I have a change in my sandbox to explicitly avoid linking with 4.6.19 but it seems like committing it would just pollute setup.py with vague notions of what versions of a specific library are bad. I'd prefer to just disallow use of libdb 4.6 completely in setup.py until oracle fixes this and we're sure no OS release ships with 4.6.19. thoughts? -gps http://groups.google.com/group/comp.databases.berkeley-db/browse_thread/thread/abf12452613ca7ec -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.python.org/pipermail/python-dev/attachments/20070909/6a2862d8/attachment.htm From lukem at NetBSD.org Mon Sep 10 09:11:59 2007 From: lukem at NetBSD.org (Luke Mewburn) Date: Mon, 10 Sep 2007 17:11:59 +1000 Subject: [Python-Dev] Word size inconsistencies in C extension modules In-Reply-To: <46E4D7FE.5090905@v.loewis.de> References: <20070909235430.GV25031@mewburn.net> <46E4D7FE.5090905@v.loewis.de> Message-ID: <20070910071159.GA27320@mewburn.net> On Mon, Sep 10, 2007 at 07:37:02AM +0200, "Martin v. L?wis" wrote: | In principle, it is possible to deal with these in ParseTuple. | To do so: | a) in configure.in, make a configure-time check to compute the | size of the type, and possibly its signedness. | b) in _cursesmodule.c, make a conditional define of ATTR_T_FMT, | which would be either "i" or "l" (or #error if it's neither | the size of int nor the size of long). Then rely on string | concatenation in using that define. Are there some good examples in the Python source where this technique has been used already? Or were you proposing a cleaner solution that could be experimented with? | I have a GCC patch which checks for correctness of ParseTuple | calls (in terms of data size) if you are interested. Sounds like a useful variation of the standard -Wformat stuff. This probably wouldn't have helped in the AIX situation I experienced (because the IBM compiler was used in that situation), but it could be useful on other BE LP64 platforms that are more gcc-friendly (e.g, NetBSD/sparc64). -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available Url : http://mail.python.org/pipermail/python-dev/attachments/20070910/8af04ed8/attachment.pgp From martin at v.loewis.de Mon Sep 10 09:54:08 2007 From: martin at v.loewis.de (=?ISO-8859-15?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Mon, 10 Sep 2007 09:54:08 +0200 Subject: [Python-Dev] Word size inconsistencies in C extension modules In-Reply-To: <20070910071159.GA27320@mewburn.net> References: <20070909235430.GV25031@mewburn.net> <46E4D7FE.5090905@v.loewis.de> <20070910071159.GA27320@mewburn.net> Message-ID: <46E4F820.1050204@v.loewis.de> Luke Mewburn schrieb: > On Mon, Sep 10, 2007 at 07:37:02AM +0200, "Martin v. L?wis" wrote: > | In principle, it is possible to deal with these in ParseTuple. > | To do so: > | a) in configure.in, make a configure-time check to compute the > | size of the type, and possibly its signedness. > | b) in _cursesmodule.c, make a conditional define of ATTR_T_FMT, > | which would be either "i" or "l" (or #error if it's neither > | the size of int nor the size of long). Then rely on string > | concatenation in using that define. > > Are there some good examples in the Python source where > this technique has been used already? Not directly. A check for the size of a library type can be found for fpos_t, but there, no ParseTuple depends on it. An example for using variable formatters (though again not for ParseTuple) is PY_FORMAT_SIZE_T. > Or were you proposing a cleaner solution that could be > experimented with? More that, yes. > | I have a GCC patch which checks for correctness of ParseTuple > | calls (in terms of data size) if you are interested. > > Sounds like a useful variation of the standard -Wformat stuff. Indeed, it's an extension to it. Unfortunately, introducing new kinds of formats is only possible by editing GCC (and then, the existing framework is focussed on %-style patterns, so I had to bypass that framework as well - but there were hooks for doing so). Regards, Martin From barry at python.org Mon Sep 10 13:14:30 2007 From: barry at python.org (Barry Warsaw) Date: Mon, 10 Sep 2007 07:14:30 -0400 Subject: [Python-Dev] summaries not arriving In-Reply-To: References: Message-ID: <48199DF6-10D5-413D-9DAD-F7F1FD849072@python.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sep 10, 2007, at 1:30 AM, Paul Dubois wrote: > The weekly summaries from the new bug tracker are disappearing > somewhere > between the tracker and python-dev. My attempt to post one by hand was > rejected by python-dev-owner (Barry Warsaw?) without explanation. > Perhaps he > has bounced the others; emails to python-dev-owner result in an > automated > message suggesting that my mail may never be read so I don't know > how to ask > him. Nope, I didn't bounce them. I don't /think/ they'll bounce automatically. Can you forward a bounce message to me directly? - -Barry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iQCVAwUBRuUnF3EjvBPtnXfVAQKDvwQAnNbVXwY1Fc00TLLFrOffFwU+jRJVxSyJ J0HV/+ssVuX85+LfM7kAsbwZSAWM0PkTVrhfldtbD5j6D0x0II/C5GX21fQ0V+pg fyf9HQ9i1LSUe7TvvCyXGSI7d8snNBqBpsyQ2EakQ3OGlcMjILPVVmyVSDFd2mLr Z2VbrlinB58= =HohF -----END PGP SIGNATURE----- From anthony at ekit-inc.com Mon Sep 10 07:43:09 2007 From: anthony at ekit-inc.com (Anthony Baxter) Date: Mon, 10 Sep 2007 15:43:09 +1000 Subject: [Python-Dev] summaries not arriving In-Reply-To: References: Message-ID: <200709101543.10576.anthony@ekit-inc.com> On Monday 10 September 2007, Paul Dubois wrote: > As a small boy I once knew wrote, I must not use bad words. (:-> It's OK to use them about Barry, though, surely? *wave* Hi Barry. -- Anthony Baxter, ekit. anthony at ekit-inc.com (03) 9674 7015 Level 3 The Teahouse, 28 Clarendon St, Sth Melbourne Australia 3205 From barry at python.org Mon Sep 10 13:39:25 2007 From: barry at python.org (Barry Warsaw) Date: Mon, 10 Sep 2007 07:39:25 -0400 Subject: [Python-Dev] summaries not arriving In-Reply-To: <200709101543.10576.anthony@ekit-inc.com> References: <200709101543.10576.anthony@ekit-inc.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sep 10, 2007, at 1:43 AM, Anthony Baxter wrote: > On Monday 10 September 2007, Paul Dubois wrote: >> As a small boy I once knew wrote, I must not use bad words. (:-> > > It's OK to use them about Barry, though, surely? > > *wave* Hi Barry. It's okay from /you/ Anthony, because it's the only way I know you still care. baby-unicorn-hugs-ly y'rs, - -Barry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iQCVAwUBRuUs7XEjvBPtnXfVAQJZSQP+JoApQY+tY4zkZDN2OlE+jFv8xdF0vqRW LCK+p8yIQjlrkMC58c2CChvOsWTcH6tZMFAd0jK8d9q8NxyyN3tM7mbh25Rnm9fo KC9uDt787fY8RpRC5YC+zEtM589Y6omL3S4XcqdkTS9UWg6S50e9EDkqrjKmE1gb 8/1LSynRnF8= =W6ef -----END PGP SIGNATURE----- From martin at v.loewis.de Mon Sep 10 16:21:39 2007 From: martin at v.loewis.de (=?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=) Date: Mon, 10 Sep 2007 16:21:39 +0200 Subject: [Python-Dev] BerkeleyDB 4.6.19 is buggy and causes test_bsddb3 to hang In-Reply-To: <52dc1c820709092340t39986c5er3a6d782409849a03@mail.gmail.com> References: <52dc1c820709092340t39986c5er3a6d782409849a03@mail.gmail.com> Message-ID: <46E552F3.10707@v.loewis.de> > I have a change in my sandbox to explicitly avoid linking with 4.6.19 > but it seems like committing it would just pollute setup.py with vague > notions of what versions of a specific library are bad. I'd prefer to > just disallow use of libdb 4.6 completely in setup.py until oracle fixes > this and we're sure no OS release ships with 4.6.19. > > thoughts? That sounds like the right solution to me. We should review it when/if a patch is available. "No OS release ships" is a difficult-to-test-for condition, given things like Gentoo and Debian unstable that simultaneously ship in dozens of versions (i.e. with "releases" every two hours or more often). After a bug fix is available, and some time has passed, I'd rather reallow 4.6.x, and put something into README about this bug. Thanks for investigating it. Regards, Martin From janssen at parc.com Mon Sep 10 17:37:14 2007 From: janssen at parc.com (Bill Janssen) Date: Mon, 10 Sep 2007 08:37:14 PDT Subject: [Python-Dev] Design and direction of the SSL module (was Re: frozenset C API?) In-Reply-To: <20070910055852.5579.246755534.divmod.xquotient.735@joule.divmod.com> References: <-4762611594645938717@unknownmsgid> <46DDCD7C.40004@v.loewis.de> <46DE3DB8.6000004@v.loewis.de> <46DECFF6.4040107@v.loewis.de> <46DEF5FF.8040602@v.loewis.de> <46DEFF3C.90306@v.loewis.de> <-1936579380892715012@unknownmsgid> <60ed19d40709060950qe3ea6eft27b0276768ffa7bb@mail.gmail.com> <07Sep6.101542pdt."57996"@synergy1.parc.xerox.com> <20070906174518.21185.1342025567.divmod.xquotient.7082@joule.divmod.com> <07Sep6.111518pdt."57996"@synergy1.parc.xerox.com> <20070910055852.5579.246755534.divmod.xquotient.735@joule.divmod.com> Message-ID: <07Sep10.083715pdt."57996"@synergy1.parc.xerox.com> > One, what *is* the scope of your > amibition? I feel silly for asking, because I am pretty sure that > somewhere in the beginning of this thread I missed either a proposal, a > PEP reference, or a ticket number, but I've poked around a little and I > can't seem to find it. Can you provide a reference, or describe what it > is you're trying to do? Sorry about that. We kind of did this on the fly at the Python sprint. I was trying to fix two problems: One, that the current socket.ssl support didn't validate certificates, and two, that you couldn't do server-side SSL with it. I'm only interested in that aspect, and in the simplest possible solution to those problems. I don't want to provide user validation callbacks, or arbitrary certificate decoding, or general-purpose crypto, or support for building automatic CA systems, or wrapping most of that great grab-bag of useful stuff called OpenSSL. Just fix the core issues with socket.ssl. Along the way I've found a nasty little threading/malloc bug in the existing code, and fixed that. I've added real documentation for the existing functionality. I've gone around with you and Martin, mainly, on what information to expose from the validated certificate, to support authorization and accounting (the answer so far: "notAfter", "subject", and "subjectAltName", if it's there). > I'd really like to help make the stdlib SSL module to > be a really good, full-featured OpenSSL implementation for Python so we > can have it elsewhere. Well, remember, it's just a socket-layer wrapper for TLS, it's not an "OpenSSL implementation", by which I suppose you mean a full wrapper for OpenSSL, much like PyOpenSSL is supposed to be. For that purpose, doesn't it make more sense to to extend/fix PyOpenSSL, rather than try to grow the deliberately limited-purpose socket.ssl support into another version of that? Can't it be revived, if it is in fact moribund? > * Would it be possible to distribute as a separate library? (I think > I remember Bill saying something about that already...) Just to be clear that what you seem to want to work on and what I'm working on seem to be two different things... I plan to build a back-port of the improved socket.ssl support as a standalone package for 2.3 (because I need to use it on OS X 10.4). > I'd say "why wouldn't you want to require either of those packages?" but > actually, I know why you wouldn't want to, and it's that they're bad. It's that they are too big and complicated to easily see how to fix. But that seems to be a side-effect of trying to wrap all of OpenSSL, which is a big, evolving project. > Wouldn't it be nice to know *why* the cert didn't validate? To provide Yes, so I've put in a bit of work making sure the OpenSSL errors are properly relayed back to the Python application. > The entire idea of "extensions" is pretty direct about the fact that the > original implementor need not understand their profitable use :). Not really. Each extension is proposed, debated, and approved before it's added to the spec for extensions. My idea is that as support for various extensions appear in OpenSSL, we can evaluate them and see if they are worth supporting in Python. > Specifically, properties of the > issuer define what properties the subject may have, in the verification > scheme for Vertex ( http://divmod.org/trac/wiki/DivmodVertex ) I didn't see a write-up of your scheme at that URL; can you point me to a particular page in the Wiki which describes the use case? I should point out that we're (actually, Greg Smith) also wrapping another chunk of the OpenSSL library for hashing. And last week I suggested that we might wrap yet another chunk for doing cryptography. This chunk-by-chunk approach might be a good way to go. If a chunk that did general X509 certificate munging did appear, I'd be happy to change the SSL support to use it. Bill From janssen at parc.com Mon Sep 10 19:30:54 2007 From: janssen at parc.com (Bill Janssen) Date: Mon, 10 Sep 2007 10:30:54 PDT Subject: [Python-Dev] which SSL client protocols work with which server protocols? In-Reply-To: <07Sep8.095142pdt."57996"@synergy1.parc.xerox.com> References: <07Sep8.095142pdt."57996"@synergy1.parc.xerox.com> Message-ID: <07Sep10.103100pdt."57996"@synergy1.parc.xerox.com> > I've now built a framework in test_ssl to test all client protocols > (SSL2, SSL3, SSL23, TLS1) against all server protocols, and here's > what I've come up with. Servers are along the X axis, and clients are > on the Y axis. "Yes" means that that client protocol can talk to that > server protocol. > > SSL2 SSL3 SS23 TLS1 > SSL2 yes no no no > SSL3 yes yes yes no > SSL23 no no yes no > TLS1 no no yes yes > > I'm a bit surprised by the facts that (1) an SSL2 client can't connect > to an SSL23 server, and (2) an SSL23 client can *only* connect to an > SSL23 server. Can anyone verify that these combos (the results of > testing with the Python framework) are indeed to be expected? Sure enough, in testing on my FC7 platform, which has a more modern version of OpenSSL (0.9.8e instead of the older 0.9.7l platform I was using), an SSL2 client *can* connect to an SSL23 server. And I got one of the above entries wrong: an SSL23 client can connect to an SSL2 server. I guess in the test harness, I'll just note the discrepancy, but not fail the test either way. And I'll add a note to the documentation. Bill From pfdubois at gmail.com Mon Sep 10 19:30:47 2007 From: pfdubois at gmail.com (Paul Dubois) Date: Mon, 10 Sep 2007 10:30:47 -0700 Subject: [Python-Dev] Fwd: Summary of Tracker Issues In-Reply-To: References: <20070910030148.856EA78098@psf.upfronthosting.co.za> Message-ID: Something seems to have gone wrong with the automation of the weekly reports. They were working I think until we went live. While I work on finding out what the trouble is, here is a report covering the period since we went live. -- Paul Dubois ACTIVITY SUMMARY (08/23/07 - 09/10/07) Tracker at http://bugs.python.org/ To view or respond to any of the issues listed below, simply click on the issue ID. Do *not* respond to this message. 1274 open (+64) / 11347 closed (+76) / 12621 total (+140) Average duration of open issues: 673 days. Median duration of open issues: 623 days. Open Issues Breakdown STATUS NumberChange open 1271 +64 pending 3 +0 Issues Created Or Reopened (140) Title Status Date Action By Patch to rename *Server modules to lower-case 08/23/07 created jasonpjason 2to3 crashes on input files with no trailing newlines CLOSED 08/23/07 created adrianholovaty Patch to rename HTMLParser module to lower_case 08/23/07 created paulsmith zipfile password fails validation 08/23/07 created djw MultiMethods with type annotations in 3000 08/23/07 created jasonpjason Patches to rename Queue module to queue 08/23/07 created paulsmith Refactor test_winreg.py to use unittest. CLOSED 08/24/07 created varmaa [py3k] Fix dumbdbm, which fixes test_shelve (for me); instrument other t CLOSED 08/24/07 created larryhastings Refactor test_signal.py to use unittest. CLOSED 08/24/07 created varmaa Implementation of PEP 3101, Advanced String Formatting CLOSED 08/24/07 created eric.smith Broken bug tracker url CLOSED 08/24/07 created nirs Wrong documentation for rfc822.Message.getheader CLOSED 08/24/07 created nirs Broken URL at Doc/install/index.rst CLOSED 08/24/07 created orsenthil eval error CLOSED 08/24/07 created Rayfward cgi: parse_qs and parse_qsl misbehave on empty strings 08/24/07 created dljessup [PATCH] Updated patch for rich dict view (dict().keys()) comparisons CLOSED 08/24/07 created keir [PATCH] Updated fix for string to unicode fixes in time and datetime CLOSED 08/24/07 created ero.carrera [PATCH] Add set operations (and, or, xor, subtract) to dict views CLOSED 08/24/07 created keir server-side ssl support CLOSED 08/25/07 created gvanrossum Cleanup pass on _curses and _curses_panel 08/25/07 created larryhastings pydoc doesn't work on pyexpat 08/25/07 created nnorwitz logging.basicConfig does not allow to set NOTSET level 08/25/07 created viper use bytes for code objects 08/25/07 created nnorwitz [PATCH] Unicode fixes in floatobject and moduleobject CLOSED 08/25/07 created ero.carrera documentation for new SSL module CLOSED 08/26/07 created janssen tracebacks from list comps (probably other comps) don't show full stack 08/26/07 created nnorwitz Backport ABC to 2.6 08/26/07 created baranguren uudecoding (uu.py) does not supprt base64, patch attached 08/26/07 created dudek Tkinter binding involving Control-spacebar raises unicode error CLOSED 08/26/07 created kbk py3k: io.StringIO.getvalue() returns \r\n CLOSED 08/26/07 created amaury.forgeotdarc py3k: Adapt _winreg.c to the new buffer API CLOSED 08/26/07 created amaury.forgeotdarc py3k: compilation with VC2005 CLOSED 08/26/07 created amaury.forgeotdarc Improve the hackish runtime_library_dirs support for gcc 08/26/07 created alexandre.vassalotti Support for newline and encoding in tempfile module CLOSED 08/27/07 created hupp [patch] Add 2to3 support for displaying warnings as Python comments 08/27/07 created adrianholovaty bytes buffer API needs to support PyBUF_LOCKDATA 08/27/07 created gregory.p.smith py3k _bsddb.c patch to use the new buffer API CLOSED 08/27/07 created gregory.p.smith Ill-coded identifier crashes python when coding spec is utf-8 CLOSED 08/27/07 created hyeshik.chang [py3k] pdb does not work in python 3000 08/27/07 created gregory.p.smith Asssertion in Windows debug build CLOSED 08/28/07 created theller Unicode problem with TZ CLOSED 08/28/07 created theller io.py problems on Windows CLOSED 08/28/07 created theller test_glob fails with UnicodeDecodeError 08/28/07 created theller test_builtin failure on Windows CLOSED 08/28/07 created theller tarfile insecure pathname extraction CLOSED 08/28/07 created lars.gustaebel Performance regression in 2.5 08/28/07 created inducer HTMLCalendar.formatyearpage not behaving as documented CLOSED 08/28/07 created inefab py3k: corrections for test_subprocess on windows 08/28/07 created amaury.forgeotdarc py3k: correction for test_float on Windows CLOSED 08/28/07 created amaury.forgeotdarc socket.socket.getsockname() has inconsistent UNIX/Windows behavior CLOSED 08/28/07 created janssen py3k: correction for test_marshal on Windows CLOSED 08/29/07 created amaury.forgeotdarc certificate in Lib/test/test_ssl.py expires in February 2013 08/29/07 created janssen SSL patch for Windows buildbots problem CLOSED 08/29/07 created janssen bogus attributes reported in asyncore doc 08/29/07 created billiejoex scriptsinstall target fails in alternate build dir 08/29/07 created skip.montanaro argument parsing in datetime_strptime CLOSED 08/29/07 created loewis test_cmd_line starts python without -E 08/29/07 created twouters Incorrect URL with webbrowser and firefox under Gnome CLOSED 08/29/07 created bingham Code Example for 'property' bug CLOSED 08/29/07 created KennethLove *args and **kwargs in function definitions CLOSED 08/29/07 created lars.gustaebel zipfile cannot handle files larger than 2GB (inside archive) 08/29/07 created Kevin Ar18 ABC caches should use weak refs 08/30/07 created gvanrossum nice to have a way to tell if a socket is bound 08/30/07 created janssen Small typo in properties example CLOSED 08/30/07 created cgrohmann Test issue CLOSED 08/30/07 created loewis ssl.py shouldn't change class names from 2.6 to 3.x 08/30/07 created janssen Implement PEPs 3109, 3134 CLOSED 08/30/07 created collinwinter test_smtplib failures (caused by asyncore) 09/01/07 reopened gvanrossum Documentation Updates for PEP 3101 string formatting CLOSED 08/31/07 created talin invalid file encoding results in "SyntaxError: None" CLOSED 08/31/07 created georg.brandl unicode identifiers in error messages CLOSED 08/31/07 created georg.brandl unicode.translate() doesn't error out on invalid translation table 08/31/07 created georg.brandl Documentaion font size too small CLOSED 08/31/07 created nirs Mysterious failure under Windows CLOSED 08/31/07 created akineko python3.0-config script does not run on py3k CLOSED 08/31/07 created koen py3k: Unicode error in os.stat on Windows CLOSED 08/31/07 created amaury.forgeotdarc py3 patch: full Unicode version for winreg module CLOSED 08/31/07 created amaury.forgeotdarc itertools missing, causes interactive help to break 09/01/07 created mattrussell cachersrc.py using tuple unpacking args CLOSED 09/01/07 created jinok decode_header does not follow RFC 2047 09/01/07 created kael Search broken CLOSED 09/01/07 created nirs file.seek allows float arguments 09/01/07 created georg.brandl platform system may be Windows or Microsoft since Vista 09/01/07 created p.lavarre at ieee.org Confusing error message when dividing timedelta using / 09/01/07 created skip.montanaro ''.find() gives wrong result in Python built with ICC CLOSED 09/01/07 created sanders_muc OS X 10.5.x Build Problems CLOSED 09/02/07 created noahgift test_email failed 09/02/07 created xyb py3k os.popen result is not iterable, patch attached 09/02/07 created carsten.haese News page broken link to 3.0a1 CLOSED 09/02/07 created grahamh ever considered adding static typing to python? CLOSED 09/02/07 created adamjw doctools/sphinx/web/application.py does not start on windows CLOSED 09/03/07 created osuchw py3k Mac installation errors CLOSED 09/03/07 created hdiogenes Unexpected results in Tutorial about Unicode CLOSED 09/03/07 created Viscaynot product function patch CLOSED 09/03/07 created ryan.freckleton TypeError in poplib.py CLOSED 09/03/07 created serge.julien make install failed CLOSED 09/03/07 created akineko Deeply recursive repr segfault 09/04/07 created rhamphoryncus input() should respect sys.stdin.encoding when in interactive mode CLOSED 09/04/07 created philyoon decode_unicode doesn't nul-terminate 09/04/07 created rhamphoryncus Mac compile fails with pydebug and framework enabled 09/04/07 created hdiogenes Can't input non-ascii characters in interactive mode CLOSED 09/04/07 created philyoon Is there just no PRINT statement any more? Or it just doesn't work. CLOSED 09/06/07 reopened loewis Add support for _msi.Record.GetString() and _msi.Record.GetInteger() 09/04/07 created atuining Typo in dummy_threading documentation CLOSED 09/04/07 created dthomasset msilib.SummaryInfo.GetProperty() truncates the string by one character 09/04/07 created atuining patch for readme.txt in PCbuild8 CLOSED 09/05/07 created chipped Error in random.shuffle CLOSED 09/05/07 created Viscaynot 2to3, lambda with non-tuple argument inside parenthesis CLOSED 09/05/07 created falsetru Problem with doctest and decorated functions 09/05/07 created danilo Warning required when calling register() on an ABCMeta subclass 09/05/07 created mark Problems with the msi installer - python-3.0a1.msi 09/05/07 created vbr Users' directories information CLOSED 09/05/07 created uzytkownik Test debug assertion in bsddb test_1413192.py CLOSED 09/05/07 created db3l interrupt_main() fails to interrupt raw_input() CLOSED 09/05/07 created anand _curses issues on 64-bit big-endian (e.g, AIX) 09/06/07 created lukemewburn Minor Change For Better cross compile 09/06/07 created zengbo reference in extending doc to non-existing file CLOSED 09/06/07 created anthon Spurious warning about missing _sha256 and _sha512 when not needed CLOSED 09/06/07 created dripton hashlib module fails with TypeError CLOSED 09/06/07 created dripton Search index is messed up after partial rebuilding CLOSED 09/06/07 created lars.gustaebel "make altinstall" installs pydoc, idle, smtpd.py with broken shebang lin 09/06/07 created dripton Document inspect.getfullargspec() 09/06/07 created brett.cannon PyTuple_Size and PyTuple_GET_SIZE return type documentation incorrect 09/07/07 created gaul split(None, maxsplit) does not strip whitespace correctly 09/07/07 created nirs Webchecker not parsing css "@import url" 09/07/07 created ready.eddy bytes.split shold have same interface as str.split, or different name 09/07/07 created nirs file.fileno and file.isatty() should be implementable by any file like o 09/07/07 created nirs No tests for inspect.getfullargspec() 09/07/07 created brett.cannon msilib.Directory.make_short only handles file names with a single dot in 09/07/07 created atuining OpenSSL detection broken for Python 3.0a1 CLOSED 09/07/07 created pythonmeister Idle - Save (buffer) - closes IDLE and does not save file (Windows XP) 09/08/07 created infixum Reference Manual: "for statement" links to "break statement" 09/08/07 created Martoon compile error in poplib.py CLOSED 09/08/07 created andre python3.0-config raises SyntaxError CLOSED 09/09/07 created complex Parsing a simple script eats all of your memory 09/09/07 created complex xview/yview of Tix.Grid is broken 09/09/07 created ocean-city Bdb documentation 09/09/07 created arklad pyexpat patch for changing buffer_size 09/09/07 created AchimGaedke Fixer needed for __future__ imports 09/09/07 created collinwinter Make python build with gcc-4.2 on OS X 10.4.9 08/23/07 created jyasskin Issues Now Closed (188) Title By Duration 2to3 crashes on input files with no trailing newlines collinwinter 14 days Refactor test_winreg.py to use unittest. loewis 10 days [py3k] Fix dumbdbm, which fixes test_shelve (for me); instrument other t loewis 10 days Refactor test_signal.py to use unittest. georg.brandl 1 days Implementation of PEP 3101, Advanced String Formatting gvanrossum 6 days Broken bug tracker url georg.brandl 0 days Wrong documentation for rfc822.Message.getheader georg.brandl 0 days Broken URL at Doc/install/index.rst loewis 9 days eval error georg.brandl 0 days [PATCH] Updated patch for rich dict view (dict().keys()) comparisons loewis 9 days [PATCH] Updated fix for string to unicode fixes in time and datetime loewis 9 days [PATCH] Add set operations (and, or, xor, subtract) to dict views loewis 9 days server-side ssl support janssen 1 days [PATCH] Unicode fixes in floatobject and moduleobject loewis 8 days documentation for new SSL module gvanrossum 2 days Tkinter binding involving Control-spacebar raises unicode error kbk 0 days py3k: io.StringIO.getvalue() returns \r\n loewis 7 days py3k: Adapt _winreg.c to the new buffer API loewis 7 days py3k: compilation with VC2005 nnorwitz 0 days Support for newline and encoding in tempfile module gvanrossum 1 days py3k _bsddb.c patch to use the new buffer API gregory.p.smith 1 days Ill-coded identifier crashes python when coding spec is utf-8 gvanrossum 2 days Asssertion in Windows debug build theller 2 days Unicode problem with TZ loewis 2 days io.py problems on Windows gvanrossum 2 days test_builtin failure on Windows georg.brandl 6 days tarfile insecure pathname extraction lars.gustaebel 2 days HTMLCalendar.formatyearpage not behaving as documented doerwalter 0 days py3k: correction for test_float on Windows gvanrossum 1 days socket.socket.getsockname() has inconsistent UNIX/Windows behavior loewis 1 days py3k: correction for test_marshal on Windows gvanrossum 1 days SSL patch for Windows buildbots problem janssen 1 days argument parsing in datetime_strptime gvanrossum 1 days Incorrect URL with webbrowser and firefox under Gnome orsenthil 1 days Code Example for 'property' bug georg.brandl 0 days *args and **kwargs in function definitions georg.brandl 1 days Small typo in properties example georg.brandl 0 days Test issue georg.brandl 0 days Implement PEPs 3109, 3134 collinwinter 0 days Documentation Updates for PEP 3101 string formatting georg.brandl 0 days invalid file encoding results in "SyntaxError: None" loewis 0 days unicode identifiers in error messages loewis 0 days Documentaion font size too small georg.brandl 1 days Mysterious failure under Windows loewis 0 days python3.0-config script does not run on py3k georg.brandl 0 days py3k: Unicode error in os.stat on Windows loewis 2 days py3 patch: full Unicode version for winreg module loewis 2 days cachersrc.py using tuple unpacking args georg.brandl 2 days Search broken georg.brandl 0 days ''.find() gives wrong result in Python built with ICC sanders_muc 0 days OS X 10.5.x Build Problems loewis 0 days News page broken link to 3.0a1 loewis 0 days ever considered adding static typing to python? loewis 0 days doctools/sphinx/web/application.py does not start on windows georg.brandl 0 days py3k Mac installation errors