To let the non-core devs know, the GitHub migration will be happening this
Friday. For those of you who use the current GitHub mirror to create
patches, do be aware that the hashes will most likely be changing so don't
expect your checkout to work past Thursday (you can always generate a patch
and apply it to a fresh checkout). Otherwise
https://cpython-devguide.readthedocs.io/en/github/ is what the devguide
will become on Friday if you want to read now instead of waiting for the
official switch-over (although for non-core devs the migration basically
means you can use GitHub to submit changes instead of uploading patches).
I would like to suggest that the OSX installer automatically run "Install Certificates.command", or display a prompt to users saying "Run Now" during installation.
Having the readme is helpful - but only after you google for 20 minutes, because of an exception you encountered. Of course nobody reads the readme during install. "I've installed python a thousand times before, I know what I'm doing."
There are so many things that require SSL, and it's reasonably assumed to be functional by default.
> On 1 Feb 2017, at 14:20, Steve Dower <steve.dower(a)python.org> wrote:
> Sorry, I misspoke when I said "certificate validation callback", I meant the same callback Cory uses below (name escapes me now, but it's unfortunately similar to what I said). There are two callbacks in OpenSSL, one that allows you to verify each certificate in the chain individually, and one that requires you to validate the entire chain.
> I do indeed take the entire chain in one go and pass it to the OS API. Christian also didn't like that I was bypassing *all* of OpenSSL's certificate handling here, but maybe there's a way to make it reliable if Chrome has done it?
So, my understanding is that bypassing OpenSSL’s cert handling is basically fine. The risks are only in cases where OpenSSL’s cert handling would be a supplement to what the OS provides, which is not really very common and I don’t think is a major risk for Python.
So in general, it is not unreasonable to ask your OS “are these certificates valid for this connection based on your trust DB” and circumventing OpenSSL entirely there. Please do bear in mind you need to ask your OS the right question. For Windows this stuff is actually kinda hard because the API is somewhat opaque, but you have to worry about setting correct certificate usages, building up chain policies, and then doing appropriate error handling (AFAIK the crypto API can “fail validation” for some reasons that have nothing to do with validation itself, so worth bearing that in mind).
The TL;DR is: I understand Christian’s concern, but I don’t think it’s important if you’re very, very careful.
I am really sorry for the OT :-( I asked elsewhere but without any
I can not figure out why in this short example the user+sys time is
bigger than real time. The example executes the task() functions twice,
with each execution in a separate thread. The task() just increment
10**6 times a global int:
$ cat foo.py
from threading import Thread, Lock
result = 0
lock = Lock()
for i in range(10**6):
result += 1
if __name__ == '__main__':
t1, t2 = Thread(target=task), Thread(target=task)
When I execute it (Python 3.6), I get a sys+user time bigger than the
$ time python foo.py
That is usually what I can expect in case of tasks executed in parallel
on different CPUs. But my example should not be the case, due to the
GIL. What am I missing? Thank you very much, and sorry again for the OT :(
INAF-Osservatorio Astronomico di Cagliari
Via della Scienza n. 5, 09047 Selargius (CA)
Phone: 070 711 80 217
There is a PR implementing typing ABC cache optimization:
The main idea is straightforward: subscripted generic ABCs like
Iterable[int], Iterable[str], etc. should not have separate ABC caches
(positive and negative), since they all are equivalent to plain Iterable at
It is proposed that they will share their caches with a parent ABC from abc
module for abstract collections, or with original (unsubscripted) class
generic for concrete classes.
Inada-san confirmed that this optimization reduces the memory footprint.
I will be grateful for a code review.
How are you guys?
I’ve just gotten off the phone with a top engineering leader from a
wonderful company in SF and they are looking for someone with python
They are looking to hire many people in the range of $100 – 160K.
Craig Rodrigues <rodrigc(a)freebsd.org>:
> Make this return a list on Python 3, like in Python 2: [(yield 1) for x in range(10)]
Give Python 2 a little more credit.
Python 2.7.10 (default, May 23 2015, 09:40:32) [MSC v.1500 32 bit (Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> [(yield 1) for x in range(10)]
File "<stdin>", line 1
SyntaxError: 'yield' outside function