How come a description of how to exploit a security vulnerability
comes before a release for said vulnerability? I'm talking about this:
My understanding is that the whole point of asking people not to
report security vulnerability publicly was to allow time to release a
If developers haven't had enough time to release the fix, that's fine.
But I can't think of a sensible reason why it should be announced
On Sun, Apr 17, 2011 at 08:22:20AM +0200, Stefan Behnel wrote:
> Matt Billenstein, 17.04.2011 00:47:
> >On Sat, Apr 16, 2011 at 01:30:13PM +0200, Antoine Pitrou wrote:
> >>On Sat, 16 Apr 2011 00:41:03 +0000
> >>Matt Billenstein wrote:
> >>>Slightly less crude benchmark showing simplejson is quite a bit faster:
> >>>250ms vs 5.5s encoding and decoding an 11KB json object 1000 times...
> >>This doesn't have much value if you don't say which version of Python
> >>you ran json with. You should use 3.2, otherwise you might miss some
> >Yes, that was 2.6.5 -- 3.2 native json is comparable to simplejson here taking
> >about 330ms...
> From the POV of CPython 3.2, is "native" Python or C?
"Native" as in the version that ships with 3.2.
And actually I think my test with 2.6.5 wasn't using the C extension for some
reason so that 5.5s number isn't right -- a fresh build of 2.7.1 gives me a
runtime of around 350ms.
On Sat, Apr 16, 2011 at 01:30:13PM +0200, Antoine Pitrou wrote:
> On Sat, 16 Apr 2011 00:41:03 +0000
> Matt Billenstein <matt(a)vazor.com> wrote:
> > Slightly less crude benchmark showing simplejson is quite a bit faster:
> > http://pastebin.com/g1WqUPwm
> > 250ms vs 5.5s encoding and decoding an 11KB json object 1000 times...
> This doesn't have much value if you don't say which version of Python
> you ran json with. You should use 3.2, otherwise you might miss some
Yes, that was 2.6.5 -- 3.2 native json is comparable to simplejson here taking
-----BEGIN PGP SIGNED MESSAGE-----
http://docs.python.org/py3k/ takes you to 2.7, by default.
Should we update it to point to 3.2?. If the point is to promote Python 3...
I would point it to 3.2, with a big "access to documentation to legacy
2.7" (beside the small left column link). What do you think?.
Jesus Cea Avion _/_/ _/_/_/ _/_/_/
jcea(a)jcea.es - http://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/
jabber / xmpp:firstname.lastname@example.org _/_/ _/_/ _/_/_/_/_/
. _/_/ _/_/ _/_/ _/_/ _/_/
"Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/
"My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
There's been some chatter in the past about moving some of Jython's infrastructure from SF.net to python.org.
We're in the process of finishing the conversion of Jython's subversion repo to mercurial. Can we host our new repo on http://hg.python.org? To whom should I speak to about setting this up?
The one question that comes to mind is how will repo write permissions be handled/shared between all our repos? With the recent policy of granting Jython committers cpython commit access if they want it, sharing the permissions wouldn't be a problem. In turn we like the idea of reciprocating commit rights to Jython back to cpython committers.