On 06:19 pm, p.mayers@imperial.ac.uk wrote:
On 09/04/14 18:47, Glyph wrote:
On Apr 9, 2014, at 9:42 AM, exarkun@twistedmatrix.com <mailto:exarkun@twistedmatrix.com> wrote:
This is a warning that just about every Twisted user is going to see and it's confusing (_sslverify.py? what?) and poorly formatted.
I can definitely fix the formatting (and maybe a few other things in this area...) for a new prerelease.
But how would you recommend we make the warning come from a more
How is the library used?
If it's used under new APIs, then just fail if it's not installed.
If it's used under old APIs, then don't warn at all; either deprecate those APIs because you think they're unsafe, or keep quiet ;o)
If you must warn, warn at runtime not import time.
This may be a good idea. If you warn at runtime then there actually *may* be something above you on the stack, somewhere, which you can blame the warning on. I think in this case that's possible (if you emitted the warning from `simpleVerifyHostname`). The trade-off of this approach is that users might not notice a warning that only shows up later after the program has been running for a while. Of course they might not notice a warning that shows up early either - who even says the program is running in a terminal or that anyone is reading stdio? But those are general problems with the warnings module... And that shortcoming could be mitigated by documenting (or even formally declaring) this dependency more prominently (I see it's in the NEWS file and the SSL howto but not, for example, in the INSTALL file). Jean-Paul