[issue46341] duplicate paragraphs - asyncio Coroutines and Tasks file
Change by David : -- assignee: docs@python components: Documentation nosy: davem, docs@python priority: normal pull_requests: 28731 severity: normal status: open title: duplicate paragraphs - asyncio Coroutines and Tasks file versions: Python 3.10 ___ Python tracker <https://bugs.python.org/issue46341> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13334] Erroneous Size check in
New submission from david :
The _PyString_Resize function in stringobject.c[0] takes in a PyObject ** and a
Py_ssize_t newsize. Where Py_ssize_t is often a typedef for ssize_t(a signed
version of size_t). As such the newsize parameter could be negative.
The code checks for when the newsize is negative like so:
int
_PyString_Resize(PyObject **pv, Py_ssize_t newsize)
{
...
if (!PyString_Check(v) || Py_REFCNT(v) != 1 || newsize < 0 ||
PyString_CHECK_INTERNED(v)) {
*pv = 0;
Py_DECREF(v);
PyErr_BadInternalCall();
return -1;
}
Unfortunately, a few lines below it does the following:
*pv = (PyObject *)
PyObject_REALLOC((char *)v, PyStringObject_SIZE + newsize);
so now if PyStringObject_SIZE + newsize is enough to wrap around then realloc
through python will end up allocating insufficient space for the 'new' string.
The python interpreter is likely to crash on this line -->
sv->ob_sval[newsize] = '\0';
I haven't tried to reproduce this in the python interpreter.
IMHO the code should be checking that newline + PyStringObject_SIZE is
non-negative.
[0] - http://svn.python.org/projects/python/trunk/Objects/stringobject.c
--
messages: 146927
nosy: db
priority: normal
severity: normal
status: open
title: Erroneous Size check in
___
Python tracker
<http://bugs.python.org/issue13334>
___
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13334] Erroneous Size check in
Changes by david : -- components: +None versions: +Python 2.7 ___ Python tracker <http://bugs.python.org/issue13334> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13334] Erroneous Size check in _PyString_Resize
Changes by david : -- title: Erroneous Size check in -> Erroneous Size check in _PyString_Resize ___ Python tracker <http://bugs.python.org/issue13334> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13334] Erroneous Size check in _PyString_Resize
david added the comment: Yes my bad :-) I got my C test case wrong. -- status: pending -> open ___ Python tracker <http://bugs.python.org/issue13334> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue11357] Add support for PEP 381 Mirror Authenticity
Changes by david : -- nosy: +db ___ Python tracker <http://bugs.python.org/issue11357> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9702] Python violates most users expectations via the modification differences of immutable and mutable objects in methods
New submission from david :
Python violates most users expectations via the modification differences of
immutable and mutable objects in methods.
def foo(bar):
bar = bar + bar
def listy(bar):
bar = [1]
def dicty(bar):
bar['1'] = '1'
if __name__ == "__main__":
bar = 1
foo(bar)
print bar
baz = []
print baz
listy(baz)
print baz
dict_d = {}
print dict_d
dicty(dict_d)
print dict_d
this will output
1
[]
[]
{}
{'1': '1'}
So sure this is 'expected'(pass by reference vs new object - for immutable
objects) but it sure isn't obvious.
I feel this is a bug in python core.
I think that the behaviour should be the same for *all* objects.
If it is pass by reference, *and* the item has to be able to be updated(I feel
this breaks most people's expectations...) then the result of a modification to
an object that is immutable should be that the pointer to the original now
points to the resulting string.
Personally I do not want to be able to modify the dictionary as I did above
like I did.
--
messages: 115074
nosy: db
priority: normal
severity: normal
status: open
title: Python violates most users expectations via the modification differences
of immutable and mutable objects in methods
___
Python tracker
<http://bugs.python.org/issue9702>
___
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9702] Python violates most users expectations via the modification differences of immutable and mutable objects in methods
david added the comment: I strongly suggest you reconsider as *most* programmers will not think about it this way. No you failed to understand my bug report apparently. I understand the behaviour. However, you failed to understand the problem. *PLEASE* read and think about it. -- ___ Python tracker <http://bugs.python.org/issue9702> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9702] Python violates most users expectations via the modification differences of immutable and mutable objects in methods
Changes by david : -- resolution: wont fix -> later ___ Python tracker <http://bugs.python.org/issue9702> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9702] Python violates most users expectations via the modification differences of immutable and mutable objects in methods
Changes by david : -- status: closed -> open ___ Python tracker <http://bugs.python.org/issue9702> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9702] Python violates most users expectations via the modification differences of immutable and mutable objects in methods
david added the comment:
def list_again(foo):
foo.append("bar")
def list_again_again(foo):
foo = foo + ["1"]
if __name__ == "__main__":
bar = []
list_again(bar)
print bar
list_again_again(bar)
print bar
Ok so let me without running the above code exactly what it does AND then, stop
and think about how *most* coders expect it to behave.
--
___
Python tracker
<http://bugs.python.org/issue9702>
___
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9702] Python violates most users expectations via the modification differences of immutable and mutable objects in methods
Changes by david : -- status: closed -> open ___ Python tracker <http://bugs.python.org/issue9702> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9702] Python violates most users expectations via the modification differences of immutable and mutable objects in methods
david added the comment: In c pointers are *explicit*, ditto in c++, in java everything is a pointer. In asm, well that is asm. This behaviour in python, makes python code *really* hard to read and *hard* to understand. Can you python devs / people stop calling a bug reporter stupid when they point out language flaws? -- ___ Python tracker <http://bugs.python.org/issue9702> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9702] Python violates most users expectations via the modification differences of immutable and mutable objects in methods
Changes by david : -- status: closed -> open ___ Python tracker <http://bugs.python.org/issue9702> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9702] Python violates most users expectations via the modification differences of immutable and mutable objects in methods
Changes by david : -- resolution: invalid -> later ___ Python tracker <http://bugs.python.org/issue9702> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9702] Python violates most users expectations via the modification differences of immutable and mutable objects in methods
david added the comment: If you like I can look for this new security bugs in existing python projects and show you why this is a *very* bad idea. Please stop this python isolated mentality and autistic behaviour and consider the possibility of being wrong. -- ___ Python tracker <http://bugs.python.org/issue9702> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9702] Python violates most users expectations via the modification differences of immutable and mutable objects in methods
david added the comment: Excuse me for reporting weird and not expected behaviour on behalf of *most* coders. Here https://bugs.edge.launchpad.net/ubuntu/+source/checkbox/+bug/625076 I understand python fine. If I have to find security bugs in *lots* more python projects to prove my point I will do this *to* make this point really clear. You (responders so far) seem to not understand the nature of this problem and you are simply calling me stupid. -- ___ Python tracker <http://bugs.python.org/issue9702> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9702] Python violates most users expectations via the modification differences of immutable and mutable objects in methods
Changes by david : -- resolution: invalid -> later status: closed -> open ___ Python tracker <http://bugs.python.org/issue9702> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9702] Python violates most users expectations via the modification differences of immutable and mutable objects in methods
Changes by david : -- type: -> behavior ___ Python tracker <http://bugs.python.org/issue9702> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9702] Python violates most users expectations via the modification differences of immutable and mutable objects in methods
david added the comment: "Please stop this python isolated mentality and autistic behaviour and consider the possibility of being wrong." ... No I didn't, did you read what I said? Also, repeatedly closing this bug isn't going to make it go away. You are kidding your self if you think that 99% of python coders will be able to tell me the correct answers to the code output I have pasted here(without running it). Saying something is correct because of history is *just* plain wrong. I will happily write a PEP and anything else required to get this changed. -- resolution: invalid -> later status: closed -> open ___ Python tracker <http://bugs.python.org/issue9702> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9702] Python violates most users expectations via the modification differences of immutable and mutable objects in methods
david added the comment: To quote the zen of python: "Readability counts. Special cases aren't special enough to break the rules." -- ___ Python tracker <http://bugs.python.org/issue9702> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9702] Python violates most users expectations via the modification differences of immutable and mutable objects in methods
david added the comment: Just to clarify that last comment. By exhibiting this behaviour python, introduces the potential for a lot more errors in code that seems to be correct to most people. Remember this bug is about the differences in behaviour for 'mutable' and 'immutable' objects. -- ___ Python tracker <http://bugs.python.org/issue9702> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9702] Python violates most users expectations via the modification differences of immutable and mutable objects in methods
david added the comment:
On 28 August 2010 09:10, Theo Julienne wrote:
>
> Theo Julienne added the comment:
>
> def list_again(foo):
> foo.append("bar")
>
> def list_again_again(foo):
> foo = foo + ["1"]
>
>
> The part that can be confusing is that 'foo' is a *copy* of a *reference* to
> an object. Because 'foo' is a copy, assigning to it will only alter a local
> copy, while calling methods on it will always call on the original object
> (because it's a reference to the same place). When an object is mutable, it
> just has no methods that modify it, so the only way to change it is by
> assignment, which will never result in changes to the outside function.
Yes exactly!
>There are no special cases, but it does require understanding
>pass-by-(copy/reference) and object mutability, and is against most people's
>intuitions.
No that isn't really my point here really.
> The way that behaves is actually how most *programmers* would expect (because
> they are used to it), though. Every other language I can think of does it
> this way. For example, in C, a pointer is still a copy of a reference -- if
> you assign to the pointer, it wont propagate up to the caller. The same goes
> in Java.
Um sort of. This is kind of confusing right see the code below.
> Perhaps what makes it harder to understand in Python is that everything is an
> object and looks the same regardless of mutability, whereas other languages
> typically have conventions (such as capitalising: int, str, Dict, List) to
> make it clearer when something is an object (which usually means the same as
> a python mutable object) as opposed to a built-in type (which usually means
> the same as a python immutable object).
I actually think the problem is that python coders are not aware of
this largely (from my experience) and that the *operators* are going
to behave differently (java, for example, differs in this respect (
you don't '+' maps )).
Here are some examples of use in other languages. Mapping python can
be found some of them.
foo.cpp
#include
#include
using namespace std;
void do_More_Foo(int *it);
int main()
{
int *foo;
int bar = 0;
foo = &bar;
cout << *foo << " " << foo << endl;
do_More_Foo(foo);
cout << *foo << " " << foo << endl;
return 0;
}
void do_More_Foo(int *it)
{
cout << "do more foo " << it << " " << *it <
woops(foo)
File "python-cpp2.py", line 5, in woops
print "foo", foo, id(foo)
UnboundLocalError: local variable 'foo' referenced before assignment
As you expect it is not the foo you are looking for ;)
foo.java
import java.util.HashMap;
import javax.print.DocFlavor.STRING;
public class foo
{
public void bar(HashMap z)
{
z.put("foo", "bar");
HashMap b = z;
b.put("foo2", "ba2r");
}
void magic(String b)
{
String c = b;
b = b.replace('b', 'c');
System.out.println(c);
System.out.println(b);
}
void moremagic(StringBuilder z)
{
z.append("b");
}
public static void main(String[] args)
{
HashMap baz = new HashMap();
foo myfoo = new foo();
myfoo.bar(baz);
System.out.println(baz.toString());
String aaa = "b";
myfoo.magic(aaa);
System.out.println(aaa);
StringBuilder sb = new StringBuilder();
myfoo.moremagic(sb);
System.out.println(sb);
}
}
java foo
{foo2=ba2r, foo=bar}
b
c
b
b
#!/usr/bin/env python
def bar(a_dict):
a_dict["foo"] = "bar"
new_dict = a_dict
a_dict["foo2"] = "ba2r"
def magic(string_b):
c = string_b
string_b = string_b.replace('b', 'c')
print c
print string_b
def moremagic(list_s):
list_s.append("b")
if __name__ == "__main__":
d = dict()
bar(d)
print d
aaa = "b"
magic(aaa)
print aaa
a_list = []
moremagic(a_list)
print a_list[0]
python python-java.py
{'foo': 'bar', 'foo2': 'ba2r'}
b
c
b
b
- no problems here :) - but in python we can use an operator like '+'
on a list which introduces the very confusion I am talking about in
respect to the differing behaviour as I stated at the top of this bug
report. :)
--
___
Python tracker
<http://bugs.python.org/issue9702>
___
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9702] Python violates most users expectations via the modification differences of immutable and mutable objects in methods
david added the comment: On 28 August 2010 22:34, R. David Murray wrote: > > R. David Murray added the comment: > > This is not an appropriate discussion for the bug tracker. Please take it to > the Python mailing list. Fair enough. One last comment though (here) - I think that making mutable objects being immutable outside their immediate scope (by *default* ) would be a good solution. -- ___ Python tracker <http://bugs.python.org/issue9702> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9702] Python violates most users expectations via the modification differences of immutable and mutable objects in methods
david added the comment: On 28 August 2010 22:41, david wrote: > > david added the comment: > > On 28 August 2010 22:34, R. David Murray wrote: >> >> R. David Murray added the comment: >> >> This is not an appropriate discussion for the bug tracker. Please take it >> to the Python mailing list. > > Fair enough. > One last comment though (here) - I think that making mutable objects > being immutable outside their immediate scope (by *default* ) would > be a good solution. %s/being// -- ___ Python tracker <http://bugs.python.org/issue9702> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9983] please add a large NOTE explaining that urllib does not perform any ssl validation
New submission from david : please add a large NOTE explaining that urllib does not perform any ssl validation. -- assignee: d...@python components: Documentation messages: 117596 nosy: db, d...@python priority: normal severity: normal status: open title: please add a large NOTE explaining that urllib does not perform any ssl validation versions: Python 2.7 ___ Python tracker <http://bugs.python.org/issue9983> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9983] please add a large NOTE explaining that urllib does not perform any ssl validation
david added the comment: --> (out of the box) -- ___ Python tracker <http://bugs.python.org/issue9983> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9983] please add a large NOTE explaining that urllib does not perform any ssl validation
david added the comment: This is issue is in respect to https connections :) -- ___ Python tracker <http://bugs.python.org/issue9983> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9983] please add a large NOTE explaining that urllib does not perform any ssl validation
david added the comment: Hi pitrou, that bug you linked to is really long can state a summary of any changes made to python and their impact - alternatively the lack of (changes) and their impact. -- ___ Python tracker <http://bugs.python.org/issue9983> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9984] please add a large NOTE explaining that urllib2 does not perform any ssl validation
New submission from david : please add a large NOTE explaining that urllib2 does not perform any ssl (for https connection) validation out of the box. Also see 9983 for urrlib. -- messages: 117601 nosy: db priority: normal severity: normal status: open title: please add a large NOTE explaining that urllib2 does not perform any ssl validation ___ Python tracker <http://bugs.python.org/issue9984> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9984] please add a large NOTE explaining that urllib2 does not perform any ssl validation
Changes by david : -- assignee: -> d...@python components: +Documentation nosy: +d...@python versions: +Python 2.7 ___ Python tracker <http://bugs.python.org/issue9984> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9983] please add a large NOTE explaining that urllib does not perform any ssl validation
david added the comment: thank you :) -- resolution: fixed -> status: closed -> open ___ Python tracker <http://bugs.python.org/issue9983> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9983] please add a large NOTE explaining that urllib does not perform any ssl validation
david added the comment: @pitrou you should also put an example of how to ACTUALLY establish a connection that can't be MITMed. Because lots of people are getting this wrong -- ___ Python tracker <http://bugs.python.org/issue9983> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9983] please add a large NOTE explaining that urllib does not perform any ssl validation
david added the comment: Yes totally imho these modules should get fixed to actually do ssl checking. This means that most users of these methods, even if they think they are doing it properly as per the ssl module page, are still vulnerable to attack. I will add this comment to the bug you linked to above. As an example, it only took a few minutes to confirm that the default bzr install on ubuntu is vulnerable -> https://bugs.edge.launchpad.net/bzr/+bug/651161 (bzr is only vulnerable if pycurl isn't installed but pycurl is only a suggestion not a dependency ... ). -- ___ Python tracker <http://bugs.python.org/issue9983> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue1589] New SSL module doesn't seem to verify hostname against commonName in certificate
david added the comment: Welcome to 2010. SSL shouldn't be difficult to use anymore or support in python applications. But yet, until the changes in http://bugs.python.org/issue9983 was fixed python devs were using modules without any warning of the security implications. pycurl works ... but a *LOT* of coders are not using pycurl. Today they are still getting it wrong and are still vulnerable to mitm attacks against https on the client side. I have an example in fairly large open source project: bzr --> (by default due to a dependency failure ... on not depending on pycurl). https://bugs.edge.launchpad.net/ubuntu/+source/checkbox/+bug/625076 Less large: libcloud http://github.com/apache/libcloud/issues/issue/2 linode-python http://github.com/tjfontaine/linode-python/issues/issue/1 I would *very* much like to see these methods fixed by default. You can talk about how the ssl protocol is not secure because of ca's handling certificates poorly, but until you *actually* perform proper validation you cannot say these things imho. I can keep on looking at python projects and reporting these issues but it is really easy, just look at anything that says and is important that mitm isn't possible against it -> then check the deps. in ubuntu /debian and pick the ones that don't use pycurl, check they don't validate the common name etc. and then you have a bunch of mitm'able apps probably ;) -- nosy: +db ___ Python tracker <http://bugs.python.org/issue1589> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue1589] New SSL module doesn't seem to verify hostname against commonName in certificate
david added the comment: imho it would be nice to be 'secure by default' in say the next python stable releases... (or perhaps only 3.X ? ). -- ___ Python tracker <http://bugs.python.org/issue1589> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9983] please add a large NOTE explaining that urllib does not perform any ssl validation
david added the comment: @loewis yes.. that is assumed imho. This ticket is closed, is this a real issue? -- ___ Python tracker <http://bugs.python.org/issue9983> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9994] Python becoming orphaned over ssh
New submission from David : Hi, I mentioned this on the mailing list over here: http://mail.python.org/pipermail/python-list/2010-September/1256407.html I think it's a Python bug, so reposting it here: - Hi there, I have a strange situation. If I do this: 1. Make a script /tmp/test.py on a remote server, with this contents: #!/usr/bin/python from subprocess import check_call check_call(['ping', 'www.google.com']) 2. Call the script like this over SSH: ssh root at testbox /tmp/test.py 3. Interrupt the script with Ctrl+C. Then what happens: The SSH session terminates, as expected. However: On the testing box, the Python script is still running, and so is the ping session. However, if I make an equivalent shell script, /tmp/test.sh, with this contents: #!/bin/bash ping www.google.com And then run it over ssh like this: ssh root at testbox /tmp/test.sh And then hit Ctrl+C, then the shell script and ping are both interrupted remotely, as expected. Here is how 'pstree -p' looks for the python script on the test box, before Ctrl+C: ├─sshd(1158)─┬─sshd(19756)───test.py(19797)───ping(19798) │└─sshd(20233)───bash(20269)───pstree(19875) And after Ctrl+C: ├─sshd(1158)───sshd(20233)───bash(20269)───pstree(20218) ├─test.py(19797)───ping(19798) Basically, the server-side sshd sub-process has disconnected, but the Python script (and it's ping subprocess) have become orphaned, and now belong to the init process. Note, this only seems to happen if Python is executing a subprocess, and only while Python is being run through a non-interactive ssh session. How can I make Python behave better? I want it to close down itself and it's subprocess, and not orphan itself when I hit ctrl+C PS: The Python version on the testing box: 2.6.4, and the box itself is running Ubuntu Karmic. Also, it's not just ping, but other utilities, eg wget. PPS: I did also try adding logic to the python script, to keep an eye on all the ppids (parent, grandparent, etc), and then to interrupt itself and kill it's subprocess, but that doesn't seem to work: For whatever reason, Python seems to be unable to kill it's subprocess in this situation. The Python process closes, and ping becomes a child of init. But I can then kill ping manually, from a separate ssh session. - I've seen this in both Python 2.6 and Python 3.1. -- components: Library (Lib) messages: 117700 nosy: wizzardx priority: normal severity: normal status: open title: Python becoming orphaned over ssh type: behavior versions: Python 2.6, Python 3.1 ___ Python tracker <http://bugs.python.org/issue9994> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue1589] New SSL module doesn't seem to verify hostname against commonName in certificate
david added the comment: So I know the current patch doesn't support IP addresses but I thought I would link to what mozilla considered a security problem(just for future reference): CVE-2010-3170: http://www.mozilla.org/security/announce/2010/mfsa2010-70.html "Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard followed by a partial IP address a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address. It is extremely unlikely that such a certificate would be issued by a Certificate Authority." -- ___ Python tracker <http://bugs.python.org/issue1589> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10274] imaplib should provide a means to validate a remote server ssl certificate(s)
New submission from david :
imaplib should provide a means to validate a remote server ssl certificate(s).
So currently imaplib allows you to do the following:
import imaplib
conn = imaplib.IMAP4_SSL("imap.gmail.com")
#the following should fail
conn = imaplib.IMAP4_SSL("74.125.39.109")
conn =
imaplib.IMAP4_SSL("i.broke.the.internet.and.all.i.got.was.this.t-shirt.phreedom.org",
443)
conn = imaplib.IMAP4_SSL("insert_self_signed_imap_server_here")
However, only the first call("imap.gmail.com") should *NOT* result in an error
being raised (if the certificate is being checked :) ).
I wasn't able to find a way to get imaplib.IMAP4_SSL to take the certificate
for the remote server without wanting a private cert (which wasn't / isn't
desired ).
If an option is added / method added that takes in an optional parameter to
validate the remote IMAP's ssl certificate has been signed by a trusted
certificate authority this would be a good solution.
--
components: None
messages: 120108
nosy: db
priority: normal
severity: normal
status: open
title: imaplib should provide a means to validate a remote server ssl
certificate(s)
type: security
versions: Python 3.2
___
Python tracker
<http://bugs.python.org/issue10274>
___
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue1589] New SSL module doesn't seem to verify hostname against commonName in certificate
david added the comment: On 11 November 2010 23:31, Antoine Pitrou wrote: > > Antoine Pitrou added the comment: > >> Should we escalate this issue to CVA for Python 2.x? > > It's more of a missing feature than a security issue in itself, although > the missing feature has to do with security. Still it would be nice to see in python 2.x at some point don't you think? -- ___ Python tracker <http://bugs.python.org/issue1589> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10414] socket.gethostbyname doesn't return an ipv6 address
New submission from david : (socket.gethostbyname doesn't return an ipv6 address) So just to start with I know the documentation says [0] "and getaddrinfo() should be used instead for IPv4/v6 dual stack support." However, the getaddrinfo() method provides more information than required. Why can't getaddrinfo support ipv6 ? or a method for ipv6 added to the socket module to make getting a host address by name easier (for ipv6) ? [0] - http://docs.python.org/library/socket.html#socket.gethostbyname -- messages: 121174 nosy: db priority: normal severity: normal status: open title: socket.gethostbyname doesn't return an ipv6 address ___ Python tracker <http://bugs.python.org/issue10414> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10442] Please by default enforce ssl certificate checking in modules that can have user's which *depend* on the security of the ssl connection.
New submission from david : Please by default enforce ssl certificate checking in modules that can have user's which *depend* on the security of the ssl connection. See https://bugs.launchpad.net/ubuntu/+source/offlineimap/+bug/675120 http://bugs.python.org/issue10274 http://bugs.python.org/issue1589 and http://seclists.org/oss-sec/2010/q4/33 So I will name the following modules(as a starting point): 1. httplib http://docs.python.org/library/httplib.html 2. urllib http://docs.python.org/library/urllib.html 3. urllib2 http://docs.python.org/library/urllib2.html 4. imaplib http://docs.python.org/library/imaplib.html -- messages: 121338 nosy: db priority: normal severity: normal status: open title: Please by default enforce ssl certificate checking in modules that can have user's which *depend* on the security of the ssl connection. ___ Python tracker <http://bugs.python.org/issue10442> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10441] Please by default enforce ssl certificate checking in modules that can have user's which *depend* on the security of the ssl connection.
New submission from david : Please by default enforce ssl certificate checking in modules that can have user's which *depend* on the security of the ssl connection. See https://bugs.launchpad.net/ubuntu/+source/offlineimap/+bug/675120 http://bugs.python.org/issue10274 http://bugs.python.org/issue1589 and http://seclists.org/oss-sec/2010/q4/33 So I will name the following modules(as starting point): 1. httplib http://docs.python.org/library/httplib.html 2. urllib http://docs.python.org/library/urllib.html 3. urllib2 http://docs.python.org/library/urllib2.html 4. imaplib http://docs.python.org/library/imaplib.html -- messages: 121337 nosy: db priority: normal severity: normal status: open title: Please by default enforce ssl certificate checking in modules that can have user's which *depend* on the security of the ssl connection. ___ Python tracker <http://bugs.python.org/issue10441> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10441] some stdlib modules need to be updated to handle SSL certificate validation
david added the comment: Sorry, I don't remember seeing the change-set /commit showing that is now on by default. (for those modules). -- ___ Python tracker <http://bugs.python.org/issue10441> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10441] some stdlib modules need to be updated to handle SSL certificate validation
david added the comment: Are you referring to http://code.python.org/hg/branches/py3k/rev/86f97255bfc8 where there is now " 2.29 + .. warning:: 2.30 + If neither *cafile* nor *capath* is specified, an HTTPS request 2.31 + will not do any verification of the server's certificate. " This doesnt' by default check the certificate does it ? IMHO it should use a sane system capath by default and do the checking. -- ___ Python tracker <http://bugs.python.org/issue10441> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10441] some stdlib modules need to be updated to handle SSL certificate validation
david added the comment: Well, what are the usual paths for windows and linux? Just try those(by default) and if this fails (no ca's paths work) then raise an exception and have a parameter to disable this behaviour. -- ___ Python tracker <http://bugs.python.org/issue10441> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10441] some stdlib modules need to be updated to handle SSL certificate validation
david added the comment: Interesting but you may want to ask the openssl developers about this first. -- ___ Python tracker <http://bugs.python.org/issue10441> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue11197] information leakage with SimpleHTTPServer
david added the comment: This may be stupid but... shouldn't the example be: lynx http://localhost:8000/../../../../../etc/passwd ... which does _not_ work. -- nosy: +db ___ Python tracker <http://bugs.python.org/issue11197> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue11353] Python 2.7.1 cannot be built by 2.x baselines of Python
New submission from David : I tried to download and install the latest Python tarball (2.7.1) and use Python 2.6 to execute "setup.py". I got the error "No module named sysconfig" when running setup.py. "sysconfig" was introduced with Python 3.2 (per http://docs.python.org/dev/library/sysconfig.html). I am running Ubuntu 10.04.2 LTS and Python 2.6 trying to update to 2.7.x since Django does not support Python 3.x. It seems like a lot of trouble to install Python 3.x to downgrade to the Python version I need. Recommend providing deb source packages that can be built on Ubuntu 10.04 and 10.10, or fixing this bug. -- components: Build messages: 129712 nosy: w004dal priority: normal severity: normal status: open title: Python 2.7.1 cannot be built by 2.x baselines of Python type: compile error versions: Python 2.5, Python 2.6, Python 2.7 ___ Python tracker <http://bugs.python.org/issue11353> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue11358] Please replace the use of pickle in multiprocessing with json.
New submission from david : Please replace the use of pickle in multiprocessing with json. -- messages: 129742 nosy: db priority: normal severity: normal status: open title: Please replace the use of pickle in multiprocessing with json. ___ Python tracker <http://bugs.python.org/issue11358> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue11359] Please replace the use of pickle in subprocess with json.
New submission from david : Please replace the use of pickle in subprocess with json. -- messages: 129744 nosy: db priority: normal severity: normal status: open title: Please replace the use of pickle in subprocess with json. ___ Python tracker <http://bugs.python.org/issue11359> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue11358] Please replace the use of pickle in multiprocessing with json.
david added the comment: On 1 March 2011 18:01, Alex wrote: > > Alex added the comment: > > Why? JSON is incapable of representing most Python datastructures that can > be pickled (i.e. anything that isn't a list, tuple, dict, int, or str). I would have suggested yaml (using safe_load() ) . However there isn't a 'core' yaml module afaik. If you wanted to actually transfer a complex python data-structure no one would stop you from pickling it and sending it (json'ed). -- ___ Python tracker <http://bugs.python.org/issue11358> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue11359] Please replace the use of pickle in subprocess with json.
david added the comment: Um this isn't a duplicate this is addressing a different module to multiprocessing. Currently in subprocess you can almost remove the use of pickle with little to no side-effects. -- ___ Python tracker <http://bugs.python.org/issue11359> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue11359] Please replace the use of pickle in subprocess with json.
david added the comment: Can you please re-open this bug ? (unless you feel otherwise). -- ___ Python tracker <http://bugs.python.org/issue11359> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue11359] Please replace the use of pickle in subprocess with json.
david added the comment: I don't have 3.3 installed so I cannot test it, but here is a patch for 2.6. I am sure it breaks stuff - are there tests for the subprocess module that would cover the cases that pickle was used for? --- subprocess.py.orig 2011-03-02 00:47:59.0 +1100 +++ subprocess.py 2011-03-02 00:51:27.0 +1100 @@ -414,7 +414,7 @@ import select import errno import fcntl -import pickle +import json __all__ = ["Popen", "PIPE", "STDOUT", "call", "check_call", "CalledProcessError"] @@ -1105,7 +1105,7 @@ exc_value, tb) exc_value.child_traceback = ''.join(exc_lines) -os.write(errpipe_write, pickle.dumps(exc_value)) +os.write(errpipe_write, json.dumps(exc_value)) # This exitcode won't be reported to applications, so it # really doesn't matter what we return. @@ -1134,7 +1134,7 @@ if data != "": _eintr_retry_call(os.waitpid, self.pid, 0) -child_exception = pickle.loads(data) +child_exception = json.loads(data) for fd in (p2cwrite, c2pread, errread): if fd is not None: os.close(fd) -- ___ Python tracker <http://bugs.python.org/issue11359> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue11359] Please replace the use of pickle in subprocess with json.
david added the comment: >From my reading of the code it may be possible if I execute a command via >Popen that the child had output that went to stderror, because stderror is >associated with the fd of errpipe_write, and it was not to be 'trusted' (lets >say I ran it as another user) then it could be pickle.loaded in the parent - >and this could potentially be bad. I could be totally wrong about this tho. I haven't tested the above case yet. Regardless - the use of pickle here is not really required and json can do what pickle is doing (from my reading of the code thus far). -- ___ Python tracker <http://bugs.python.org/issue11359> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue11359] Please replace the use of pickle in subprocess with json.
david added the comment: Actually I don't think that is possible mmm. -- ___ Python tracker <http://bugs.python.org/issue11359> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue11359] Please replace the use of pickle in subprocess with json.
david added the comment: As the child will have already have exec'ed there will be no exception raised --> so the parent shouldn't pickle.load from stderror... So unless there is a path where the parent will end up pickle.load ing the exception that case I put before is not possible. -- ___ Python tracker <http://bugs.python.org/issue11359> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue11358] Please replace the use of pickle in multiprocessing with json.
david added the comment: Um ok. -- ___ Python tracker <http://bugs.python.org/issue11358> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue11358] Please replace the use of pickle in multiprocessing with json.
david added the comment: Fair enough. -- ___ Python tracker <http://bugs.python.org/issue11358> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue7305] urllib2.urlopen() segfault using SSL on Solaris
david added the comment: I have also hit this bug. It is slightly interesting that urllib is able to connect to hosts that trigger a segfault under urllib2 without an issue... -- nosy: +db ___ Python tracker <http://bugs.python.org/issue7305> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue11821] smtplib should provide a means to validate a remote server ssl certificate(s)
New submission from david : (This is similar to http://bugs.python.org/issue10274) The smtplib module should provide a means to validate a remote server ssl certificate(s). It would be 'nice' if smtplib.SMTP_SSL & smtplib.starttls took in arguments to validate the remote SMTP's ssl certificate has been signed by a trusted certificate authority(and the common name matches what it should etc.). -- messages: 133457 nosy: db priority: normal severity: normal status: open title: smtplib should provide a means to validate a remote server ssl certificate(s) ___ Python tracker <http://bugs.python.org/issue11821> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue8809] smtplib should support SSL contexts
Changes by david : -- nosy: +db ___ Python tracker <http://bugs.python.org/issue8809> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue8809] smtplib should support SSL contexts
david added the comment: It should also explain how the context can be used. An example of how to use it to establish a 'secured' connection would be a nice to have. -- ___ Python tracker <http://bugs.python.org/issue8809> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10441] some stdlib modules need to be updated to handle SSL certificate validation
david added the comment: On 19 November 2010 03:18, Martin v. Löwis wrote: > > Martin v. Löwis added the comment: > >>> The best that could be done is to provide a configuration option (e.g. >>> global variable) that should be treated as a default value, and then >>> leave it to people distributing Python to fill out this variable in a >>> sensible way. >> >> Actually, OpenSSL already does a similar thing (see issue10443). > > This may not be satisfying to users. For example, our Windows > distribution doesn't ship with any certicates (AFAIK); I have no > clue where exactly OpenSSL would be looking for them, either. > People worried about this problem probably would want a way to > fill the list of trusted CA certificates. > Martin does it matter? To be honest I don't know about that many client side python windows applications for which this is a problem for. Maybe I am mistaken. If this is the case, then how do these projects work at the moment? (or do they just not care about this...) . However, they could bundle their own certificates, so I don't see this as an issue. However, you seem confused here: " I have no > clue where exactly OpenSSL would be looking for them, either. > People worried about this problem probably would want a way to > fill the list of trusted CA certificates." Erh, those people can already do this, but the problem is by default none are selected. IMHO something is probably better than nothing in this case(by default). -- title: some stdlib modules need to be updated to handle SSL certificate validation -> some stdlib modules need to be updated to handle SSL certificate validation ___ Python tracker <http://bugs.python.org/issue10441> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10441] some stdlib modules need to be updated to handle SSL certificate validation
david added the comment: On 19 November 2010 03:48, Antoine Pitrou wrote: > > Antoine Pitrou added the comment: > >> > This may not be satisfying to users. For example, our Windows >> > distribution doesn't ship with any certicates (AFAIK); I have no >> > clue where exactly OpenSSL would be looking for them, either. >> > People worried about this problem probably would want a way to >> > fill the list of trusted CA certificates. > > Right, this is just a helper in case OpenSSL is configured correctly by > the OS vendor (the OpenSSL packaged by Linux distros usually is). > >> Erh, those people can already do this, but the problem is by default >> none are selected. >> IMHO something is probably better than nothing in this case(by default). > > We can't change anything *by default* since it would break > compatibility. We can just provide helpers and arguments to make it easy > to switch to a more "secure" behaviour (for some meaning of secure). what about an environmental setting that can be used to enforce checking (or the like) ? -- ___ Python tracker <http://bugs.python.org/issue10441> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10441] some stdlib modules need to be updated to handle SSL certificate validation
david added the comment:
On 19 November 2010 04:40, Martin v. Löwis wrote:
>
> Martin v. Löwis added the comment:
>
>>> This may not be satisfying to users. For example, our Windows
>>> distribution doesn't ship with any certicates (AFAIK); I have no
>>> clue where exactly OpenSSL would be looking for them, either.
>>> People worried about this problem probably would want a way to
>>> fill the list of trusted CA certificates.
>>>
>>
>> Martin does it matter?
>> To be honest I don't know about that many client side python windows
>> applications for which this is a problem for. Maybe I am mistaken.
>
> I can't understand why you are saying that. The very same issues
> that people perceive as problems on Unix ("users can be victim
> to man in the middle attack") also exist on Windows. If you run
> a Python script that does https on Windows, you can *also* be
> MITM-victim (as likely as you can on Unix, that is).
>
> Or are you suggesting that Python Windows applications don't use SSL?
>
>> If
>> this is the case, then how do these projects work at the moment? (or
>> do they just not care about this...) .
>
> "The projects" may be scripts that somebody developed that never get
> released. But yes, most people ignore/accept the problem (often as
> gruntingly as the Unix users).
>
>> However, they could bundle
>> their own certificates, so I don't see this as an issue.
>
> Who is "they"? Most people get their Python binaries from python.org,
> and they don't build "applications" from it, but run "scripts".
>
>> However, you seem confused here:
>> " I have no
>>> clue where exactly OpenSSL would be looking for them, either.
>>> People worried about this problem probably would want a way to
>>> fill the list of trusted CA certificates."
>>
>> Erh, those people can already do this, but the problem is by default
>> none are selected.
>
> You misunderstood. I was not proposing that scripts provide a CA
> list, but that users might deploy a CA list into their Python
> installation, which is then picked up in the same way as you are asking
> for on Ubuntu.
No I did not misunderstand at all.
I am pushing for safer defaults or a way to enable safe defaults.
Having to tamper with my python path and point at a modified version
of the ssl module doesn't sound like fun.
OH windows users those guys. Well if they don't have any certificates
at the moment and they don't know this, perhaps some one should tell
them?
I don't know I am not a windows python user.
--
title: some stdlib modules need to be updated to handle SSL certificate
validation -> some stdlib modules need to be updated to handle SSL certificate
validation
___
Python tracker
<http://bugs.python.org/issue10441>
___
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10441] some stdlib modules need to be updated to handle SSL certificate validation
david added the comment: On 21 November 2010 09:27, Antoine Pitrou wrote: > > Antoine Pitrou added the comment: > > Martin, > >> You misunderstood. I was not proposing that scripts provide a CA >> list, but that users might deploy a CA list into their Python >> installation, which is then picked up in the same way as you are asking >> for on Ubuntu. > > Could you elaborate on what kind of scheme you are proposing? > > It should be noted that the default OpenSSL paths can be modified at runtime > using environment variables SSL_CERT_FILE and SSL_CERT_DIR. Not sure we > should document this, though. Sorry is this question aimed at me? No I was saying that if we can't move to a sane default then an environmental setting or other configuration maybe nice to have to enforce certificate checking etc. It had nothing to do with those variables, but perhaps we would use them? -- ___ Python tracker <http://bugs.python.org/issue10441> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10441] some stdlib modules need to be updated to handle SSL certificate validation
david added the comment: Back to the main issue here : So for python3 is it possible to make attempting to use capath(some common ones OR the openssl location capath if this is ok for use) the default(with failure to find a valid capath result in an exception being raised) ? Obviously if cafile or capath is provided by the caller then --> do not follow this behaviour. -- ___ Python tracker <http://bugs.python.org/issue10441> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10441] some stdlib modules need to be updated to handle SSL certificate validation
david added the comment: On 21 November 2010 20:50, Martin v. Löwis wrote: > > Martin v. Löwis added the comment: > >> So for python3 is it possible to make attempting to use capath(some >> common ones OR the openssl location capath if this is ok for use) the >> default(with failure to find a valid capath result in an exception >> being raised) ? > > The default? That would be an incompatible change, and cause many > complaints. So I'm very skeptical that this can be done. > > Having applications/scripts explicitly opt-in to a default CA > certificate list would be an option (then making those applications > break in installations where the default CA list is empty). "Errors should never pass silently." IMHO it is an error not to check by default. No it wouldn't break anything that shouldn't break. Users can then pass in None for the capath (as an example). -- title: some stdlib modules need to be updated to handle SSL certificate validation -> some stdlib modules need to be updated to handle SSL certificate validation ___ Python tracker <http://bugs.python.org/issue10441> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10441] some stdlib modules need to be updated to handle SSL certificate validation
david added the comment: Fine. So if not in the ssl module what about for urllib etc.? -- ___ Python tracker <http://bugs.python.org/issue10441> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10441] some stdlib modules need to be updated to handle SSL certificate validation
david added the comment: So please close this bug. Apparently making things secure by default is to much to ask. -- ___ Python tracker <http://bugs.python.org/issue10441> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10441] some stdlib modules need to be updated to handle SSL certificate validation
Changes by david : -- resolution: -> rejected status: open -> closed ___ Python tracker <http://bugs.python.org/issue10441> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10690] IDLE Crash when running/saving Module
New submission from David : Hello, Python version 2.7.1 x64 Mac OS X 10.6.5 x86_64 Tk/Tcl version 8.5/4 Python will crash when saving/running/checking a module, i tried googling for a few hours to come up to NOTHING for a solution. Hopefully we can both get this fixed. Thank you. Attached is a Python crash log. -- components: IDLE files: Python_2010-12-12-214329_Darwin.txt messages: 123859 nosy: David_Anon priority: normal severity: normal status: open title: IDLE Crash when running/saving Module type: crash versions: Python 2.7 Added file: http://bugs.python.org/file20027/Python_2010-12-12-214329_Darwin.txt ___ Python tracker <http://bugs.python.org/issue10690> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10441] some stdlib modules need to be updated to handle SSL certificate validation
david added the comment: Thank you @loewis. However, I don't see where set_default_verify_path - is defined in the patch you have provided. It would also be nice to do something like this: import ssl ... ssl._FORCE_VERIFICATION = True and even better would be to determine the CA path as @pitrou was suggesting and incorporate this into the ssl module somehow. -- nosy: +db ___ Python tracker <http://bugs.python.org/issue10441> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10441] some stdlib modules need to be updated to handle SSL certificate validation
david added the comment: and what does it do ? -- title: some stdlib modules need to be updated to handle SSL certificate validation -> some stdlib modules need to be updated to handle SSL certificate validation ___ Python tracker <http://bugs.python.org/issue10441> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10441] some stdlib modules need to be updated to handle SSL certificate validation
david added the comment: Cool yeah. The documentation is good I asked the question because I wasn't sure if it was in a pending patch elsewhere in the bug tracker or was accepted. I guess I should have googled for it. Thank you. -- ___ Python tracker <http://bugs.python.org/issue10441> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue3087] Clean up Demos and Tools
David <[EMAIL PROTECTED]> added the comment: I will take this one on. I'll download 3.x this weekend and begin. What is the best way to proceed? Post each program as it is changed or a note that no change is required? It can get lengthy if all of the programs are posted here. -- nosy: +dwblas ___ Python tracker <[EMAIL PROTECTED]> <http://bugs.python.org/issue3087> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue3235] Improve subprocess module usage
David <[EMAIL PROTECTED]> added the comment: See if Doug Hellman's module of the week helps any http://blog.doughellmann.com/2007/07/pymotw-subprocess.html I plan on asking him if we can include some of his examples in the Python 3000 docs. Subprocess is new enough and gets enough questions on the forums that I think we should be as detailed as possible and include more examples than there are in other doc/tools examples. -- nosy: +dwblas ___ Python tracker <[EMAIL PROTECTED]> <http://bugs.python.org/issue3235> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue39700] asyncio.selector_events._SelectorTransport: Add logging when sock.getpeername() fails
New submission from David : `sock.getpeername` can fail for multiple reasons (see https://pubs.opengroup.org/onlinepubs/7908799/xns/getpeername.html) but in `asyncio.selector_events._SelectorTransport` it's try/excepted without any logging of the error: ``` if 'peername' not in self._extra: try: self._extra['peername'] = sock.getpeername() except socket.error: self._extra['peername'] = None ``` This makes it very difficult to debug. Would it be OK if I added here a log with information on the error? Thanks! -- components: asyncio messages: 362317 nosy: asvetlov, dsternlicht, yselivanov priority: normal severity: normal status: open title: asyncio.selector_events._SelectorTransport: Add logging when sock.getpeername() fails versions: Python 3.8 ___ Python tracker <https://bugs.python.org/issue39700> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue39700] asyncio.selector_events._SelectorTransport: Add logging when sock.getpeername() fails
Change by David : -- keywords: +patch Added file: https://bugs.python.org/file48900/log-peername-and-sockname-errors.patch ___ Python tracker <https://bugs.python.org/issue39700> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue39700] asyncio.selector_events._SelectorTransport: Add logging when sock.getpeername() fails
David added the comment: Hi asvetlov, Thank you for your reply. I'm currently trying to debug a network issue, but I cannot determine the root cause of it because of lack of logs. It would be extremely helpful for my debugging if we could log the error that was raised by getpeername. I noticed that in asyncio.proactor_events._set_socket_extra there *is* some logging of exceptions. ``` def _set_socket_extra(transport, sock): transport._extra['socket'] = trsock.TransportSocket(sock) try: transport._extra['sockname'] = sock.getsockname() except socket.error: if transport._loop.get_debug(): logger.warning( "getsockname() failed on %r", sock, exc_info=True) if 'peername' not in transport._extra: try: transport._extra['peername'] = sock.getpeername() except socket.error: # UDP sockets may not have a peer name transport._extra['peername'] = None ``` Although I see that there there's also a check `if transport._loop.get_debug()` so that it won't pollute the log. Would you like me to add that check to my patch too? Thanks! -- ___ Python tracker <https://bugs.python.org/issue39700> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue42777] WindowsPath does not implement is_mount but ntpath implements and offers a ismount method
New submission from David : pathlib.WindowsPath[0] does not implement is_mount but ntpath implements and offers a ismount[1] method. Perhaps WindowsPath is_mount can make use of ntpath.ismount ? [0] https://github.com/python/cpython/blob/master/Lib/pathlib.py#L1578 [1] https://github.com/python/cpython/blob/master/Lib/ntpath.py#L248 -- messages: 383955 nosy: db priority: normal severity: normal status: open title: WindowsPath does not implement is_mount but ntpath implements and offers a ismount method ___ Python tracker <https://bugs.python.org/issue42777> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14086] str(KeyError("Foo")) Unexpected Result
New submission from David :
The __str__() method of the KeyError class seems to put quotes around the
argument given to the class. This was causing bizarre, escaped quotation marks
to appear in my code (where the result of str(e) is often passed as the
argument of another Exception), and it took me a while to figure out where the
problem lies, which says to me that the behavior is obscure and
unexpected-enough to not be Python-like.
I appreciate that the quotation marks are put around the erroneous key:
>>> my_dict = {"foo": 1}
>>> my_dict["bar"]
Traceback (most recent call last):
File "", line 1, in
KeyError: 'bar'
The quotation marks should be added to the argument as or before being passed
-- not when the KeyError is converted to a str. Consider the following example,
where a server is informing the client of invalid input:
>>> def validate_parameters(parameters_dict):
try:
validate(parameters_dict["foo"])
validate(parameters_dict["bar"])
except KeyError as e:
raise KeyError("Missing parameter {}.".format(e))
>>> def handle(parameters_dict):
# Validate the parameters before we do anything with them.
try:
validate_parameters(parameters_dict)
except Exception as e:
send_to_client("ERR: {}".format(e))
In this example, the client receives a string that looks like this:
\"Missing parameter 'foo'.\"
just because I wanted to re-raise a KeyError with a little bit of
clarification. I've been doing this sort of re-raising a lot in this project
and I don't see anything wrong with it, and I haven't had this kind of problem
with any other Exception, which is why the bug took me a while to track down.
Consider these snippets from the Python Tutorial:
"For convenience, the exception instance defines __str__() so the arguments can
be printed directly without having to reference .args."
"If an exception has arguments, they are printed as the last part (‘detail’) of
the message for unhandled exceptions."
Clearly, KeyError.__str__() is not printing my arguments directly. Also, the
'detail' of an unhandled KeyError exception, because of this behavior, is also
!= to its argument.
I believe that Python should preserve consistency by fixing this behavior. If
the default KeyError arguments would look nicer with quotation marks, pass them
with quotation marks, but maintain the sanctity and simplicity of
Exception.__str__() as described in the tutorial. It makes more sense.
PS: My current project involves a lot of validation not because I don't usually
believe that it's "easier to ask forgiveness," but because it's a scheduler for
TV recordings, and, in that case, the client will want to know when there's a
problem with their input BEFORE their recording of Survivor fails while they're
at work and can't do anything about it.
--
messages: 153941
nosy: vencabot_teppoo
priority: normal
severity: normal
status: open
title: str(KeyError("Foo")) Unexpected Result
type: behavior
versions: Python 3.2
___
Python tracker
<http://bugs.python.org/issue14086>
___
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14086] str(KeyError("Foo")) Unexpected Result
David added the comment: Thanks, Julian. I'm closing this and marking it as a duplicate of #2651. -- resolution: -> duplicate status: open -> closed ___ Python tracker <http://bugs.python.org/issue14086> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue2651] Strings passed to KeyError do not round trip
David added the comment:
I'm +1 for fixing this behavior for the same reasons that are mentioned in the
OP: consistency and predictability. I raised this issue as #14086, and I was
referred to this issue before closing mine as a duplicate.
It took me a while to figure out why I was getting unexpected escaped quotation
marks in my strings, and it turned out that it was because I was passing
strings back and forth as Exception arguments (tagging built-in Exceptions with
a little bit of extra information when they occurred and re-raising), and every
time that it occurred with a KeyError (and only with a KeyError), the string
would grow another pair of quotation marks.
In my issue, I bring up the documentation in the Python Tutorial about
Exception.args and Exception.__str__(); it states very plainly and simply (as
it should be) that the __str__() method is there to be able to conveniently
print Exception arguments without calling .args, and, when an unhandled
Exception stops Python, the tail-end of the message (the details) of the
exception will be the arguments that it was given. This is not the case with
KeyError.
str(KeyError("Foo")) should be equal to "Foo", as it would be with any other
Exception and as is the documented behavior of built-in Exceptions, at least in
the tutorial (which I realize isn't the be-all, end-all document). The
documented behavior makes more sense.
--
nosy: +vencabot_teppoo
___
Python tracker
<http://bugs.python.org/issue2651>
___
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue37569] Complete your registration to Python tracker
New submission from David : Here is the link to register. From: report=bugs.python@roundup.psfhosted.org on behalf of Python tracker Sent: Thursday, July 11, 2019 8:59 PM To: davedro...@hotmail.com Subject: Complete your registration to Python tracker To complete your registration of the user "ddrouin" with Python tracker, please visit the following URL: https://bugs.python.org/?@action=confrego&otk=yx0D8CJvzNqeUY0usWJfgG0vnPc7HsWM -- messages: 347708 nosy: ddrouin priority: normal severity: normal status: open title: Complete your registration to Python tracker ___ Python tracker <https://bugs.python.org/issue37569> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue30887] Syntax checking confuses Try: class_instance_name as ... is used before glabal declaration
New submission from David: when I do anything like this: import flask ... try: current_user except NameError: global current_user current_user = User(request.form['parameter1'], request.form['parameter2'], '') I get the error that the_user was 'used' before the global declaration. The try ... except ... is so when the user enters this route / function the first time, a class instance is instantiated, but if they return the second time, the existing class instance is updated in lines of code downstream rather than declared again with the same name, and therefore overwritten. -- components: Interpreter Core, macOS messages: 298012 nosy: Davidt, ned.deily, ronaldoussoren priority: normal severity: normal status: open title: Syntax checking confuses Try: class_instance_name as ... is used before glabal declaration type: compile error versions: Python 3.6 ___ Python tracker <http://bugs.python.org/issue30887> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue30887] Syntax checking confuses Try: class_instance_name as ... is used before glabal declaration
David added the comment: when I do anything like this: import flask ... class User.. . . . try: current_user except NameError: global current_user current_user = User(request.form['parameter1'], request.form['parameter2'], '') I get the error that current_user_user was 'used' before the global declaration. The try ... except ... is so when the user enters this route / function the first time, a class instance is instantiated, but if they return the second time, the existing class instance is updated in lines of code downstream rather than declared again with the same name, and therefore overwritten. -- ___ Python tracker <http://bugs.python.org/issue30887> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue30887] Syntax checking confuses Try: class_instance_name as ... is used before glabal declaration
David added the comment: I made the syntax error go away by moving the global current_user above the try.. I will have to revisit this one when time permits and write a script that recreates the error. This will probably be later this week. Thanks for your volunteer service. David On Jul 9, 2017 10:42 PM, "Steven D'Aprano" wrote: > > Steven D'Aprano added the comment: > > Please copy and paste (don't retype from memory!) the *exact* error you > are getting. > > You should be seeing something like: > > SyntaxWarning: name 'current_user' is used prior to global declaration > > (at least that's the warning I'm getting in Python 3.5), which is correct > behaviour. The name is used prior to the global declaration. > > The Python interpreter is now discouraging the use of the "global" keyword > anywhere except at the top of the function. (It may some day become an > error.) > > If your code is unindented module-level code, as your code snippet > suggests, you don't need the global declaration since current_user is > automatically global. > > If it is function-level code, then move the global declaration to the top > of the function, as the SyntaxWarning suggests. > > I don't believe this is a bug, I believe that what you are seeing is > expected, so I am closing this bug report. If I have misunderstood what you > are experiencing, then please re-open the ticket and give us some more > information. Preferably give us some code that we can run that demonstrates > the error. (Since the error doesn't have anything to do with flask, the > `import flask` line is unnecessary.) > > -- > nosy: +steven.daprano > > ___ > Python tracker > <http://bugs.python.org/issue30887> > ___ > -- ___ Python tracker <http://bugs.python.org/issue30887> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue35350] importing "ctypes" immediately causes a segmentation fault
New submission from David : ~Environment Cross compiled Python 2.7.15 for ARM Cortex-A7 target, Linux Kernel 4.18 uname -a: Linux Test-0002 4.18.13 #1 SMP Wed Oct 31 11:20:07 CET 2018 armv7l GNU/Linux ~Description of the problem Importing the "ctypes" module in order to load shared libraries causes a segmentation fault: root [ /tmpfs/root ] $ python Python 2.7.15 (default, Nov 29 2018, 13:57:56) [GCC 8.2.0] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import ctypes Segmentation fault I have found a similiar issue here: https://bugs.python.org/issue11048 But the changes are already applied in 2.7.15. Here is the GDB output similiar to the link I posted: (gdb) file python2.7 Reading symbols from python2.7...done. (gdb) run -c "import ctypes" Starting program: /usr/bin/python2.7 -c "import ctypes" warning: Unable to find libthread_db matching inferior's thread library, thread debugging will not be available. Program received signal SIGSEGV, Segmentation fault. 0x76a4fa94 in CThunkObject_dealloc (_self=0x76adb920) at /home/user/ARM_Linux/src/Python-2.7.15/Modules/_ctypes/callbacks.c:25 25 /home/user/ARM_Linux/src/Python-2.7.15/Modules/_ctypes/callbacks.c: No such file or directory. (gdb) >From what I can see it tries to use the path from the host I cross compiled >for the callbacks.c. Is this the cause of the segmentation fault? If yes, how >can I correct the path during compilation? I also attached the strace log of the command 'python -c "import ctypes"' Thank you in advance! -- components: ctypes files: strace_python.log messages: 330696 nosy: n0s69z priority: normal severity: normal status: open title: importing "ctypes" immediately causes a segmentation fault type: crash versions: Python 2.7 Added file: https://bugs.python.org/file47954/strace_python.log ___ Python tracker <https://bugs.python.org/issue35350> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue35350] importing "ctypes" immediately causes a segmentation fault
David added the comment:
Small update:
After commenting out Py_XDECREF(self->restype) in function
CThunkObject_dealloc(PyObject *_self), I can import ctypes without getting a
segmentation fault.
static void
CThunkObject_dealloc(PyObject *_self)
{
CThunkObject *self = (CThunkObject *)_self;
PyObject_GC_UnTrack(self);
Py_XDECREF(self->converters);
Py_XDECREF(self->callable);
//Py_XDECREF(self->restype);
if (self->pcl_write)
ffi_closure_free(self->pcl_write);
PyObject_GC_Del(self);
}
But I'm afraid I don't know what other effects could result with this change.
--
___
Python tracker
<https://bugs.python.org/issue35350>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue35350] importing "ctypes" immediately causes a segmentation fault
David added the comment:
Another small update:
After I recompiled Python with the commented out statement, I did a small test
if loading a shared library works.
I compiled the following test function to testib.so:
#include
void test_func(void);
void test_func(void) {
printf("hello world\n");
}
After that I used ctypes to load this library and execute the test_func():
(gdb) file python2.7
Reading symbols from python2.7...done.
(gdb) run -c "import ctypes; lib_test =
ctypes.cdll.LoadLibrary('/tmp/testlib.so'); lib_test.test_func();"
Starting program: /usr/bin/python2.7 -c "import ctypes; lib_test =
ctypes.cdll.LoadLibrary('/tmp/testlib.so'); lib_test.test_func();"
warning: Unable to find libthread_db matching inferior's thread library, thread
debugging will not be available.
hello world
Program received signal SIGSEGV, Segmentation fault.
PyCFuncPtr_call (self=, inargs=, kwds=) at /home/user/ARM_Linux/src/Python-2.7.15/Modules/_ctypes/_ctypes.c:4108
4108/home/user/ARM_Linux/src/Python-2.7.15/Modules/_ctypes/_ctypes.c: No
such file or directory.
(gdb)
It prints the expected output, but again I get a segmentation fault, this time
in PyCFuncPtr_call function.
--
___
Python tracker
<https://bugs.python.org/issue35350>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue29750] smtplib doesn't handle unicode passwords
New submission from david:
Trying to use unicode passwords on smtplib fails miserably on python3.
My particular issue arises on line 643 of said library:
(code, resp) = self.docmd(encode_base64(password.encode('ascii'), eol=''))
which obviously dies when trying to handle unicode chars.
--
components: Library (Lib)
messages: 289184
nosy: david__
priority: normal
severity: normal
status: open
title: smtplib doesn't handle unicode passwords
versions: Python 3.4
___
Python tracker
<http://bugs.python.org/issue29750>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue29750] smtplib doesn't handle unicode passwords
david added the comment:
I'm sorry I rushed my comment. Same thing happens on line 604
return encode_base64(s.encode('ascii'), eol='')
changing both from 'ascii' to 'utf-8' works for me.
--
___
Python tracker
<http://bugs.python.org/issue29750>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue29750] smtplib doesn't handle unicode passwords
david added the comment: In my case I was doing tests with "contraseña" which is (spanish for password) and it failed On June 14, 2018 8:36:30 AM GMT+02:00, Tal Einat wrote: > >Tal Einat added the comment: > >It would be extremely helpful to have some test cases that actually >work for users but fail with smtplib. So far we have no actual >examples, likely due to these being passwords. > >> Note: it is definitely the case, regardless of what the RFC says, >that binary passwords need to be supported. > >I'm not sure what you mean by "binary". Do you mean 8-bit characters, >a.k.a. bytes? > >> utf-8 should probably be used as the default encoding for string >passwords, rather than ascii. > >It is also possible that the appropriate encoding here is "latin1" >a.k.a. ISO-8859-1 encoding. This specifically includes many >specialized versions of latin characters, e.g. those with German >umlauts as mentioned in the duplicate issue #33741. And it could even >be the very common Windows-1252 encoding: "It is probably the most-used >8-bit character encoding in the world." (Wikipedia) > >-- > >___ >Python tracker ><https://bugs.python.org/issue29750> >___ -- ___ Python tracker <https://bugs.python.org/issue29750> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue29750] smtplib doesn't handle unicode passwords
david added the comment: Both thunderbird, sogo (web) and gmail (web). On June 14, 2018 3:54:31 PM GMT+02:00, "R. David Murray" wrote: > >R. David Murray added the comment: > >While you are correct that latin1 may be common in this situation, I >think it may still be better to have utf-8 be the default, since that >is the (still emerging? :) standard. However, you are correct to call >for examples: if in the *majority* of the real-world cases it turns out >latin1 is what is used, then we could default to that (or not have a >default, but instead document our observations). > >I don't know how we accumulate enough information to make that >decision, though. Maybe we could look at what other mail programs do? >Thunderbird, etc? David, which mail program(s) did you use that were >able to successfully send that password? > >And yes, by binary passwords I mean that the module needs to support >being passed a bytes-like object as the password, since clearly there >are servers "in the wild" that support non-ascii passwords and the only >way to be sure one can send the server the correct password is by >treating it as a series of bytes. The library caller will have to be >responsible for picking the correct encoding based on local knowledge. > >-- > >___ >Python tracker ><https://bugs.python.org/issue29750> >___ -- ___ Python tracker <https://bugs.python.org/issue29750> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue29750] smtplib doesn't handle unicode passwords
david added the comment: Yes, i used thunderbird for both On June 14, 2018 5:14:31 PM GMT+02:00, "R. David Murray" wrote: > >R. David Murray added the comment: > >For the web cases I presume you also set the password using the web >interface, so that doesn't really tell us anything useful. Did you use >thunderbird to access the mailbox that you set up via gmail and/or >sogo? That would make what thunderbird does the interesting question. > >-- > >___ >Python tracker ><https://bugs.python.org/issue29750> >___ -- ___ Python tracker <https://bugs.python.org/issue29750> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue29750] smtplib doesn't handle unicode passwords
david added the comment: I would like to see the second option (allow both, warning on non-ascii) On 17 June 2018 at 21:03, Tal Einat wrote: > > Tal Einat added the comment: > > > And yes, by binary passwords I mean that the module needs to support > being passed a bytes-like object as the password, since clearly there are > servers "in the wild" that support non-ascii passwords and the only way to > be sure one can send the server the correct password is by treating it as a > series of bytes. The library caller will have to be responsible for > picking the correct encoding based on local knowledge. > > Perhaps we should make smtplib accept only bytes, passing on the > responsibility of using an appropriate encoding to its users? This seems > like the most straightforward and transparent choice. It would not be > backwards-compatible, though. > > Alternatively, we could change smtplib to accept passwords as bytes or > strings, but raise an informative exception when given strings with > non-ASCII characters. As now, users could be surprised if they have been > passing passwords as string and hadn't tested their use of smtplib with > non-ASCII passwords. We'd just improve the exception and documentation to > clarify the situation. > > -- > > ___ > Python tracker > <https://bugs.python.org/issue29750> > ___ > -- ___ Python tracker <https://bugs.python.org/issue29750> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
