Change by David :
--
assignee: docs@python
components: Documentation
nosy: davem, docs@python
priority: normal
pull_requests: 28731
severity: normal
status: open
title: duplicate paragraphs - asyncio Coroutines and Tasks file
versions: Python 3.10
New submission from david :
The _PyString_Resize function in stringobject.c[0] takes in a PyObject ** and a
Py_ssize_t newsize. Where Py_ssize_t is often a typedef for ssize_t(a signed
version of size_t). As such the newsize parameter could be negative.
The code checks for when the newsize is
Changes by david :
--
components: +None
versions: +Python 2.7
___
Python tracker
<http://bugs.python.org/issue13334>
___
___
Python-bugs-list mailing list
Unsub
Changes by david :
--
title: Erroneous Size check in -> Erroneous Size check in _PyString_Resize
___
Python tracker
<http://bugs.python.org/issue13334>
___
_
david added the comment:
Yes my bad :-) I got my C test case wrong.
--
status: pending -> open
___
Python tracker
<http://bugs.python.org/issue13334>
___
_
Changes by david :
--
nosy: +db
___
Python tracker
<http://bugs.python.org/issue11357>
___
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/m
New submission from david :
Python violates most users expectations via the modification differences of
immutable and mutable objects in methods.
def foo(bar):
bar = bar + bar
def listy(bar):
bar = [1]
def dicty(bar):
bar['1'] = '1'
if __name__ == &qu
david added the comment:
I strongly suggest you reconsider as *most* programmers will not think about it
this way.
No you failed to understand my bug report apparently. I understand the
behaviour. However, you failed to understand the problem.
*PLEASE* read and think about it
Changes by david :
--
resolution: wont fix -> later
___
Python tracker
<http://bugs.python.org/issue9702>
___
___
Python-bugs-list mailing list
Unsubscri
Changes by david :
--
status: closed -> open
___
Python tracker
<http://bugs.python.org/issue9702>
___
___
Python-bugs-list mailing list
Unsubscri
david added the comment:
def list_again(foo):
foo.append("bar")
def list_again_again(foo):
foo = foo + ["1"]
if __name__ == "__main__":
bar = []
list_again(bar)
print bar
list_again_again(bar)
print bar
Changes by david :
--
status: closed -> open
___
Python tracker
<http://bugs.python.org/issue9702>
___
___
Python-bugs-list mailing list
Unsubscri
david added the comment:
In c pointers are *explicit*, ditto in c++, in java everything is a pointer.
In asm, well that is asm.
This behaviour in python, makes python code *really* hard to read and *hard* to
understand.
Can you python devs / people stop calling a bug reporter stupid when
Changes by david :
--
status: closed -> open
___
Python tracker
<http://bugs.python.org/issue9702>
___
___
Python-bugs-list mailing list
Unsubscri
Changes by david :
--
resolution: invalid -> later
___
Python tracker
<http://bugs.python.org/issue9702>
___
___
Python-bugs-list mailing list
Unsubscri
david added the comment:
If you like I can look for this new security bugs in existing python projects
and show you why this is a *very* bad idea.
Please stop this python isolated mentality and autistic behaviour and consider
the possibility of being wrong
david added the comment:
Excuse me for reporting weird and not expected behaviour on behalf of *most*
coders.
Here https://bugs.edge.launchpad.net/ubuntu/+source/checkbox/+bug/625076
I understand python fine. If I have to find security bugs in *lots* more python
projects to prove my point I
Changes by david :
--
resolution: invalid -> later
status: closed -> open
___
Python tracker
<http://bugs.python.org/issue9702>
___
___
Python-bugs-list
Changes by david :
--
type: -> behavior
___
Python tracker
<http://bugs.python.org/issue9702>
___
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.p
david added the comment:
"Please stop this python isolated mentality and autistic behaviour and consider
the possibility of being wrong."
... No I didn't, did you read what I said?
Also, repeatedly closing this bug isn't going to make it go away.
You are kidding your self
david added the comment:
To quote the zen of python:
"Readability counts.
Special cases aren't special enough to break the rules."
--
___
Python tracker
<http://bugs.py
david added the comment:
Just to clarify that last comment.
By exhibiting this behaviour python, introduces the potential for a lot more
errors in code that seems to be correct to most people.
Remember this bug is about the differences in behaviour for 'mutable' and
'imm
david added the comment:
On 28 August 2010 09:10, Theo Julienne wrote:
>
> Theo Julienne added the comment:
>
> def list_again(foo):
> foo.append("bar")
>
> def list_again_again(foo):
> foo = foo + ["1"]
>
>
> The part
david added the comment:
On 28 August 2010 22:34, R. David Murray wrote:
>
> R. David Murray added the comment:
>
> This is not an appropriate discussion for the bug tracker. Please take it to
> the Python mailing list.
Fair enough.
One last comment though (here) - I thi
david added the comment:
On 28 August 2010 22:41, david wrote:
>
> david added the comment:
>
> On 28 August 2010 22:34, R. David Murray wrote:
>>
>> R. David Murray added the comment:
>>
>> This is not an appropriate discussion for the bug tracker. Plea
New submission from david :
please add a large NOTE explaining that urllib does not perform any ssl
validation.
--
assignee: d...@python
components: Documentation
messages: 117596
nosy: db, d...@python
priority: normal
severity: normal
status: open
title: please add a large NOTE
david added the comment:
--> (out of the box)
--
___
Python tracker
<http://bugs.python.org/issue9983>
___
___
Python-bugs-list mailing list
Unsubscri
david added the comment:
This is issue is in respect to https connections :)
--
___
Python tracker
<http://bugs.python.org/issue9983>
___
___
Python-bugs-list m
david added the comment:
Hi pitrou, that bug you linked to is really long can state a summary of any
changes made to python and their impact - alternatively the lack of (changes)
and their impact.
--
___
Python tracker
<http://bugs.python.
New submission from david :
please add a large NOTE explaining that urllib2 does not perform any ssl (for
https connection) validation out of the box.
Also see 9983 for urrlib.
--
messages: 117601
nosy: db
priority: normal
severity: normal
status: open
title: please add a large NOTE
Changes by david :
--
assignee: -> d...@python
components: +Documentation
nosy: +d...@python
versions: +Python 2.7
___
Python tracker
<http://bugs.python.org/iss
david added the comment:
thank you :)
--
resolution: fixed ->
status: closed -> open
___
Python tracker
<http://bugs.python.org/issue9983>
___
___
Pyth
david added the comment:
@pitrou you should also put an example of how to ACTUALLY establish a
connection that can't be MITMed. Because lots of people are getting this
wrong
--
___
Python tracker
<http://bugs.python.org/i
david added the comment:
Yes totally imho these modules should get fixed to actually do ssl checking.
This means that most users of these methods, even if they think they
are doing it properly as per the ssl module page, are still vulnerable
to attack.
I will add this comment to the bug you
david added the comment:
Welcome to 2010.
SSL shouldn't be difficult to use anymore or support in python applications.
But yet, until the changes in http://bugs.python.org/issue9983 was fixed python
devs were using modules without any warning of the security implications.
pycurl
david added the comment:
imho it would be nice to be 'secure by default' in say the next python stable
releases... (or perhaps only 3.X ? ).
--
___
Python tracker
<http://bugs.python.
david added the comment:
@loewis yes.. that is assumed imho.
This ticket is closed, is this a real issue?
--
___
Python tracker
<http://bugs.python.org/issue9
New submission from David :
Hi, I mentioned this on the mailing list over here:
http://mail.python.org/pipermail/python-list/2010-September/1256407.html
I think it's a Python bug, so reposting it here:
-
Hi there, I have a strange situation.
If I do this:
1. Make a script
david added the comment:
So I know the current patch doesn't support IP addresses but I thought I would
link to what mozilla considered a security problem(just for future reference):
CVE-2010-3170: http://www.mozilla.org/security/announce/2010/mfsa2010-70.html
"Security research
New submission from david :
imaplib should provide a means to validate a remote server ssl certificate(s).
So currently imaplib allows you to do the following:
import imaplib
conn = imaplib.IMAP4_SSL("imap.gmail.com")
#the following should fail
conn = imaplib.IMAP4_SSL("74.12
david added the comment:
On 11 November 2010 23:31, Antoine Pitrou wrote:
>
> Antoine Pitrou added the comment:
>
>> Should we escalate this issue to CVA for Python 2.x?
>
> It's more of a missing feature than a security issue in itself, although
> the missing fe
New submission from david :
(socket.gethostbyname doesn't return an ipv6 address)
So just to start with I know the documentation says [0] "and getaddrinfo()
should be used instead for IPv4/v6 dual stack support."
However, the getaddrinfo() method provides more information tha
New submission from david :
Please by default enforce ssl certificate checking in modules that can have
user's which *depend* on the security of the ssl connection.
See https://bugs.launchpad.net/ubuntu/+source/offlineimap/+bug/675120
http://bugs.python.org/issue10274
http://bugs.pytho
New submission from david :
Please by default enforce ssl certificate checking in modules that can have
user's which *depend* on the security of the ssl connection.
See https://bugs.launchpad.net/ubuntu/+source/offlineimap/+bug/675120
http://bugs.python.org/issue10274
http://bugs.pytho
david added the comment:
Sorry, I don't remember seeing the change-set /commit showing that is now on by
default. (for those modules).
--
___
Python tracker
<http://bugs.python.org/is
david added the comment:
Are you referring to
http://code.python.org/hg/branches/py3k/rev/86f97255bfc8
where there is now
"
2.29 + .. warning::
2.30 + If neither *cafile* nor *capath* is specified, an HTTPS request
2.31 + will not do any verification of the ser
david added the comment:
Well, what are the usual paths for windows and linux?
Just try those(by default) and if this fails (no ca's paths work) then
raise an exception and have a parameter to disable this behaviour.
--
___
Python tracker
david added the comment:
Interesting but you may want to ask the openssl developers about this first.
--
___
Python tracker
<http://bugs.python.org/issue10
david added the comment:
This may be stupid but...
shouldn't the example be:
lynx http://localhost:8000/../../../../../etc/passwd
... which does _not_ work.
--
nosy: +db
___
Python tracker
<http://bugs.python.org/is
New submission from David :
I tried to download and install the latest Python tarball (2.7.1) and use
Python 2.6 to execute "setup.py".
I got the error "No module named sysconfig" when running setup.py. "sysconfig"
was introduced with Python 3.2 (per
http
New submission from david :
Please replace the use of pickle in multiprocessing with json.
--
messages: 129742
nosy: db
priority: normal
severity: normal
status: open
title: Please replace the use of pickle in multiprocessing with json.
___
Python
New submission from david :
Please replace the use of pickle in subprocess with json.
--
messages: 129744
nosy: db
priority: normal
severity: normal
status: open
title: Please replace the use of pickle in subprocess with json.
___
Python tracker
david added the comment:
On 1 March 2011 18:01, Alex wrote:
>
> Alex added the comment:
>
> Why? JSON is incapable of representing most Python datastructures that can
> be pickled (i.e. anything that isn't a list, tuple, dict, int, or str).
I would have suggested y
david added the comment:
Um this isn't a duplicate this is addressing a different module to
multiprocessing. Currently in subprocess you can almost remove the use of
pickle with little to no side-effects.
--
___
Python tracker
david added the comment:
Can you please re-open this bug ? (unless you feel otherwise).
--
___
Python tracker
<http://bugs.python.org/issue11359>
___
___
Pytho
david added the comment:
I don't have 3.3 installed so I cannot test it, but here is a patch for 2.6. I
am sure it breaks stuff - are there tests for the subprocess module that would
cover the cases that pickle was used for?
--- subprocess.py.orig 2011-03-02 00:47:59.0
david added the comment:
>From my reading of the code it may be possible if I execute a command via
>Popen that the child had output that went to stderror, because stderror is
>associated with the fd of errpipe_write, and it was not to be 'trusted' (lets
>say I ran it
david added the comment:
Actually I don't think that is possible mmm.
--
___
Python tracker
<http://bugs.python.org/issue11359>
___
___
Python-bugs-list m
david added the comment:
As the child will have already have exec'ed there will be no exception raised
--> so the parent shouldn't pickle.load from stderror... So unless there is a
path where the parent will end up pickle.load ing the exception that case I put
before is
david added the comment:
Um ok.
--
___
Python tracker
<http://bugs.python.org/issue11358>
___
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.pyth
david added the comment:
Fair enough.
--
___
Python tracker
<http://bugs.python.org/issue11358>
___
___
Python-bugs-list mailing list
Unsubscribe:
david added the comment:
I have also hit this bug. It is slightly interesting that urllib is able to
connect to hosts that trigger a segfault under urllib2 without an issue...
--
nosy: +db
___
Python tracker
<http://bugs.python.org/issue7
New submission from david :
(This is similar to http://bugs.python.org/issue10274)
The smtplib module should provide a means to validate a remote server ssl
certificate(s).
It would be 'nice' if smtplib.SMTP_SSL & smtplib.starttls took in arguments to
validate the rem
Changes by david :
--
nosy: +db
___
Python tracker
<http://bugs.python.org/issue8809>
___
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/m
david added the comment:
It should also explain how the context can be used.
An example of how to use it to establish a 'secured' connection would be a nice
to have.
--
___
Python tracker
<http://bugs.python.
david added the comment:
On 19 November 2010 03:18, Martin v. Löwis wrote:
>
> Martin v. Löwis added the comment:
>
>>> The best that could be done is to provide a configuration option (e.g.
>>> global variable) that should be treated as a default value, and
david added the comment:
On 19 November 2010 03:48, Antoine Pitrou wrote:
>
> Antoine Pitrou added the comment:
>
>> > This may not be satisfying to users. For example, our Windows
>> > distribution doesn't ship with any certicates (AFAIK); I have no
>>
david added the comment:
On 19 November 2010 04:40, Martin v. Löwis wrote:
>
> Martin v. Löwis added the comment:
>
>>> This may not be satisfying to users. For example, our Windows
>>> distribution doesn't ship with any certicates (AFAIK); I have no
>>
david added the comment:
On 21 November 2010 09:27, Antoine Pitrou wrote:
>
> Antoine Pitrou added the comment:
>
> Martin,
>
>> You misunderstood. I was not proposing that scripts provide a CA
>> list, but that users might deploy a CA list into their Python
>
david added the comment:
Back to the main issue here :
So for python3 is it possible to make attempting to use capath(some
common ones OR the openssl location capath if this is ok for use) the
default(with failure to find a valid capath result in an exception
being raised) ?
Obviously if
david added the comment:
On 21 November 2010 20:50, Martin v. Löwis wrote:
>
> Martin v. Löwis added the comment:
>
>> So for python3 is it possible to make attempting to use capath(some
>> common ones OR the openssl location capath if this is ok for use) the
>> def
david added the comment:
Fine.
So if not in the ssl module what about for urllib etc.?
--
___
Python tracker
<http://bugs.python.org/issue10441>
___
___
Pytho
david added the comment:
So please close this bug.
Apparently making things secure by default is to much to ask.
--
___
Python tracker
<http://bugs.python.org/issue10
Changes by david :
--
resolution: -> rejected
status: open -> closed
___
Python tracker
<http://bugs.python.org/issue10441>
___
___
Python-bugs-list
New submission from David :
Hello,
Python version 2.7.1 x64
Mac OS X 10.6.5 x86_64
Tk/Tcl version 8.5/4
Python will crash when saving/running/checking a module, i tried googling for a
few hours to come up to NOTHING for a solution. Hopefully we can both get this
fixed. Thank you.
Attached
david added the comment:
Thank you @loewis. However, I don't see where set_default_verify_path - is
defined in the patch you have provided.
It would also be nice to do something like this:
import ssl
...
ssl._FORCE_VERIFICATION = True
and even better would be to determine the CA pa
david added the comment:
and what does it do ?
--
title: some stdlib modules need to be updated to handle SSL certificate
validation -> some stdlib modules need to be updated to handle SSL certificate
validation
___
Python tracker
&l
david added the comment:
Cool yeah. The documentation is good I asked the question because I
wasn't sure if it was in a pending patch elsewhere in the bug tracker
or was accepted. I guess I should have googled for it.
Thank you.
--
___
P
David <[EMAIL PROTECTED]> added the comment:
I will take this one on. I'll download 3.x this weekend and begin.
What is the best way to proceed? Post each program as it is changed or a
note that no change is required? It can get lengthy if all of the
programs are
David <[EMAIL PROTECTED]> added the comment:
See if Doug Hellman's module of the week helps any
http://blog.doughellmann.com/2007/07/pymotw-subprocess.html I plan on
asking him if we can include some of his examples in the Python 3000
docs. Subprocess is new enough and gets enough q
New submission from David :
`sock.getpeername` can fail for multiple reasons (see
https://pubs.opengroup.org/onlinepubs/7908799/xns/getpeername.html) but in
`asyncio.selector_events._SelectorTransport` it's try/excepted without any
logging of the error:
```
if 'peerna
Change by David :
--
keywords: +patch
Added file:
https://bugs.python.org/file48900/log-peername-and-sockname-errors.patch
___
Python tracker
<https://bugs.python.org/issue39
David added the comment:
Hi asvetlov,
Thank you for your reply.
I'm currently trying to debug a network issue, but I cannot determine the root
cause of it because of lack of logs. It would be extremely helpful for my
debugging if we could log the error that was raised by getpeernam
New submission from David :
pathlib.WindowsPath[0] does not implement is_mount but ntpath implements and
offers a ismount[1] method. Perhaps WindowsPath is_mount can make use of
ntpath.ismount ?
[0] https://github.com/python/cpython/blob/master/Lib/pathlib.py#L1578
[1] https://github.com
New submission from David :
The __str__() method of the KeyError class seems to put quotes around the
argument given to the class. This was causing bizarre, escaped quotation marks
to appear in my code (where the result of str(e) is often passed as the
argument of another Exception), and it
David added the comment:
Thanks, Julian. I'm closing this and marking it as a duplicate of #2651.
--
resolution: -> duplicate
status: open -> closed
___
Python tracker
<http://bugs.python.
David added the comment:
I'm +1 for fixing this behavior for the same reasons that are mentioned in the
OP: consistency and predictability. I raised this issue as #14086, and I was
referred to this issue before closing mine as a duplicate.
It took me a while to figure out why I was ge
New submission from David :
Here is the link to register.
From: report=bugs.python@roundup.psfhosted.org
on behalf of Python tracker
Sent: Thursday, July 11, 2019 8:59 PM
To: davedro...@hotmail.com
Subject: Complete your registration to Python tracker
New submission from David:
when I do anything like this:
import flask ...
try:
current_user
except NameError:
global current_user
current_user = User(request.form['parameter1'], request.form['parameter2'],
'')
I get the error that the_use
David added the comment:
when I do anything like this:
import flask ...
class User..
.
.
.
try:
current_user
except NameError:
global current_user
current_user = User(request.form['parameter1'], request.form['parameter2'],
'')
I get the er
David added the comment:
I made the syntax error go away by moving the global current_user above the
try..
I will have to revisit this one when time permits and write a script that
recreates the error. This will probably be later this week.
Thanks for your volunteer service.
David
On Jul
New submission from David :
~Environment
Cross compiled Python 2.7.15 for ARM Cortex-A7 target, Linux Kernel 4.18
uname -a: Linux Test-0002 4.18.13 #1 SMP Wed Oct 31 11:20:07 CET 2018 armv7l
GNU/Linux
~Description of the problem
Importing the "ctypes" module in order to l
David added the comment:
Small update:
After commenting out Py_XDECREF(self->restype) in function
CThunkObject_dealloc(PyObject *_self), I can import ctypes without getting a
segmentation fault.
static void
CThunkObject_dealloc(PyObject *_self)
{
CThunkObject *self = (CThunkObj
David added the comment:
Another small update:
After I recompiled Python with the commented out statement, I did a small test
if loading a shared library works.
I compiled the following test function to testib.so:
#include
void test_func(void);
void test_func(void) {
printf
New submission from david:
Trying to use unicode passwords on smtplib fails miserably on python3.
My particular issue arises on line 643 of said library:
(code, resp) = self.docmd(encode_base64(password.encode('ascii'), eol=''))
which obviously dies when trying to
david added the comment:
I'm sorry I rushed my comment. Same thing happens on line 604
return encode_base64(s.encode('ascii'), eol='')
changing both from 'ascii' to 'utf-8' works for me.
--
___
Pytho
david added the comment:
In my case I was doing tests with "contraseña" which is (spanish for password)
and it failed
On June 14, 2018 8:36:30 AM GMT+02:00, Tal Einat wrote:
>
>Tal Einat added the comment:
>
>It would be extremely helpful to have some test cases t
david added the comment:
Both thunderbird, sogo (web) and gmail (web).
On June 14, 2018 3:54:31 PM GMT+02:00, "R. David Murray"
wrote:
>
>R. David Murray added the comment:
>
>While you are correct that latin1 may be common in this situation, I
>think it may stil
david added the comment:
Yes, i used thunderbird for both
On June 14, 2018 5:14:31 PM GMT+02:00, "R. David Murray"
wrote:
>
>R. David Murray added the comment:
>
>For the web cases I presume you also set the password using the web
>interface, so that doesn't
david added the comment:
I would like to see the second option (allow both, warning on non-ascii)
On 17 June 2018 at 21:03, Tal Einat wrote:
>
> Tal Einat added the comment:
>
> > And yes, by binary passwords I mean that the module needs to support
> being passed a bytes-
1 - 100 of 3932 matches
Mail list logo
