Mailman 3 [Twisted-Python] Twisted 14.0.0-pre2 Announcement - Twisted

newer
[Twisted-Python] Twisted at PyCon...

[Twisted-Python] Twisted 14.0.0-pre2 Announcement

HawkOwl

9 Apr 2014 9 Apr '14

12:34 a.m.

Just in time for PyCon, the second prerelease is hot off the presses. Tarballs for this prerelease can be found at http://twistedmatrix.com/Releases/pre/14.0.0pre2, with the changelog at http://twistedmatrix.com/Releases/pre/14.0.0pre2/NEWS.txt. Changes from the previous prerelease include: - Dropping support for Windows XP, due to XP being EOL. - Dropping support for PyOpenSSL older than 0.10. - Support for TLS Service Identity, in conjunction with the service_identity library on PyPI. For more information and a full list of changes, check the NEWS.txt file. Please download the tarballs and test them with your applications, so we can make sure we’re all ready for release! -hawkowl

Attachments:

signature.asc (application/pgp-signature — 455 bytes)

Show replies by date

exarkun＠twistedmatrix.com

9 Apr 9 Apr

6:42 a.m.

On 07:34 am, hawkowl@atleastfornow.net wrote:

...

Just in time for PyCon, the second prerelease is hot off the presses.

Tarballs for this prerelease can be found at http://twistedmatrix.com/Releases/pre/14.0.0pre2, with the changelog at http://twistedmatrix.com/Releases/pre/14.0.0pre2/NEWS.txt.

Changes from the previous prerelease include:

- Dropping support for Windows XP, due to XP being EOL.

- Dropping support for PyOpenSSL older than 0.10.

- Support for TLS Service Identity, in conjunction with the service_identity library on PyPI.

Thanks! I haven't yet done any serious testing of this prerelease but I did import some modules from it and I think this is pretty embarassing:

...

...
...
import twisted.internet.ssl /home/exarkun/Projects/Twisted/trunk/twisted/internet/_sslverify.py:119: UserWarning: You do not have the service_identity module installed. Please install it from https://pypi.python.org/pypi/service_identity. Without the service_identity module and a recent enough pyOpenSSL tosupport it, Twisted can perform only rudimentary TLS client hostnameverification. Many valid certificate/hostname mappings may be rejected. verifyHostname, VerificationError = _selectVerifyImplementation()

This is a warning that just about every Twisted user is going to see and it's confusing (_sslverify.py? what?) and poorly formatted. Jean-Paul

...

For more information and a full list of changes, check the NEWS.txt file.

Please download the tarballs and test them with your applications, so we can make sure we’re all ready for release!

-hawkowl

Glyph

10:47 a.m.

On Apr 9, 2014, at 9:42 AM, exarkun@twistedmatrix.com wrote:

...

This is a warning that just about every Twisted user is going to see and it's confusing (_sslverify.py? what?) and poorly formatted.

I can definitely fix the formatting (and maybe a few other things in this area...) for a new prerelease. But how would you recommend we make the warning come from a more sensible location that doesn't mention _sslverify.py? I'd really like this to look specific, comprehensible, and actionable to users. Should it not be using the warnings module? -glyph

Donald Stufft

11:10 a.m.

On Apr 9, 2014, at 1:47 PM, Glyph wrote:

...

On Apr 9, 2014, at 9:42 AM, exarkun@twistedmatrix.com wrote:

...
This is a warning that just about every Twisted user is going to see and it's confusing (_sslverify.py? what?) and poorly formatted.

I can definitely fix the formatting (and maybe a few other things in this area...) for a new prerelease.

But how would you recommend we make the warning come from a more sensible location that doesn't mention _sslverify.py? I'd really like this to look specific, comprehensible, and actionable to users. Should it not be using the warnings module?

-glyph _______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

You can use the level kwarg to warnings to make it look like the warning is coming from high up in the stack if that’s useful at all. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

Phil Mayers

11:19 a.m.

On 09/04/14 18:47, Glyph wrote:

...

On Apr 9, 2014, at 9:42 AM, exarkun@twistedmatrix.com mailto:exarkun@twistedmatrix.com wrote:

...
This is a warning that just about every Twisted user is going to see and it's confusing (_sslverify.py? what?) and poorly formatted.

I can definitely fix the formatting (and maybe a few other things in this area...) for a new prerelease.

But how would you recommend we make the warning come from a more

How is the library used? If it's used under new APIs, then just fail if it's not installed. If it's used under old APIs, then don't warn at all; either deprecate those APIs because you think they're unsafe, or keep quiet ;o) If you must warn, warn at runtime not import time. Just my £0.03 (inflation).

exarkun＠twistedmatrix.com

12:48 p.m.

On 06:19 pm, p.mayers@imperial.ac.uk wrote:

...

On 09/04/14 18:47, Glyph wrote:

...
On Apr 9, 2014, at 9:42 AM, exarkun@twistedmatrix.com mailto:exarkun@twistedmatrix.com wrote:

...
This is a warning that just about every Twisted user is going to see and it's confusing (_sslverify.py? what?) and poorly formatted.

I can definitely fix the formatting (and maybe a few other things in this area...) for a new prerelease.

But how would you recommend we make the warning come from a more

How is the library used?

If it's used under new APIs, then just fail if it's not installed.

If it's used under old APIs, then don't warn at all; either deprecate those APIs because you think they're unsafe, or keep quiet ;o)

If you must warn, warn at runtime not import time.

This may be a good idea. If you warn at runtime then there actually *may* be something above you on the stack, somewhere, which you can blame the warning on. I think in this case that's possible (if you emitted the warning from `simpleVerifyHostname`). The trade-off of this approach is that users might not notice a warning that only shows up later after the program has been running for a while. Of course they might not notice a warning that shows up early either - who even says the program is running in a terminal or that anyone is reading stdio? But those are general problems with the warnings module... And that shortcoming could be mitigated by documenting (or even formally declaring) this dependency more prominently (I see it's in the NEWS file and the SSL howto but not, for example, in the INSTALL file). Jean-Paul

Itamar Turner-Trauring

3:55 p.m.

On 04/09/2014 03:48 PM, exarkun@twistedmatrix.com wrote:

...

And that shortcoming could be mitigated by documenting (or even formally declaring) this dependency more prominently (I see it's in the NEWS file and the SSL howto but not, for example, in the INSTALL file).

A ssl-requirements.txt file seems like a good idea; we're going to be adding the pem package as well, it looks like, and having one thing people can install automatically is a lot better than having all our users manually type stuff in.

Donald Stufft

3:59 p.m.

On Apr 9, 2014, at 6:55 PM, Itamar Turner-Trauring wrote:

...

On 04/09/2014 03:48 PM, exarkun@twistedmatrix.com wrote:

...
And that shortcoming could be mitigated by documenting (or even formally declaring) this dependency more prominently (I see it's in the NEWS file and the SSL howto but not, for example, in the INSTALL file).

A ssl-requirements.txt file seems like a good idea; we're going to be adding the pem package as well, it looks like, and having one thing people can install automatically is a lot better than having all our users manually type stuff in.

_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

extras! Then people can do: install_requires=[“Twisted[ssl]”] ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

exarkun＠twistedmatrix.com

10 Apr 10 Apr

3:56 a.m.

On 9 Apr, 10:59 pm, donald@stufft.io wrote:

...

On Apr 9, 2014, at 6:55 PM, Itamar Turner-Trauring wrote:

...
On 04/09/2014 03:48 PM, exarkun@twistedmatrix.com wrote:

...
And that shortcoming could be mitigated by documenting (or even formally declaring) this dependency more prominently (I see it's in the NEWS file and the SSL howto but not, for example, in the INSTALL file).

A ssl-requirements.txt file seems like a good idea; we're going to be adding the pem package as well, it looks like, and having one thing people can install automatically is a lot better than having all our users manually type stuff in.

_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

extras!

Then people can do:

install_requires=[“Twisted[ssl]”]

This would be great. What do people who want to use pip to set up a Twisted development environment do? Jean-Paul

Donald Stufft

4:06 a.m.

On Apr 10, 2014, at 6:56 AM, exarkun@twistedmatrix.com wrote:

...

On 9 Apr, 10:59 pm, donald@stufft.io wrote:

...
On Apr 9, 2014, at 6:55 PM, Itamar Turner-Trauring wrote:

...
On 04/09/2014 03:48 PM, exarkun@twistedmatrix.com wrote:

...
And that shortcoming could be mitigated by documenting (or even formally declaring) this dependency more prominently (I see it's in the NEWS file and the SSL howto but not, for example, in the INSTALL file).

A ssl-requirements.txt file seems like a good idea; we're going to be adding the pem package as well, it looks like, and having one thing people can install automatically is a lot better than having all our users manually type stuff in.

_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

extras!

Then people can do:

install_requires=[“Twisted[ssl]”]

This would be great. What do people who want to use pip to set up a Twisted development environment do?

Jean-Paul

_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

Well you can do ``pip install Twisted[ssl]`` too. I don’t have a better solution that that up my sleeve though :( ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

Dustin J. Mitchell

5:35 a.m.

Use pip install -e .[ssl] in the dir with the twisted setup.py. Works like a charm. Dustin On Thu, Apr 10, 2014 at 7:06 AM, Donald Stufft wrote:

...

On Apr 10, 2014, at 6:56 AM, exarkun@twistedmatrix.com wrote:

...
On 9 Apr, 10:59 pm, donald@stufft.io wrote:

...
On Apr 9, 2014, at 6:55 PM, Itamar Turner-Trauring wrote:

...
On 04/09/2014 03:48 PM, exarkun@twistedmatrix.com wrote:

...
And that shortcoming could be mitigated by documenting (or even formally declaring) this dependency more prominently (I see it's in the NEWS file and the SSL howto but not, for example, in the INSTALL file).

A ssl-requirements.txt file seems like a good idea; we're going to be adding the pem package as well, it looks like, and having one thing people can install automatically is a lot better than having all our users manually type stuff in.

_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

extras!

Then people can do:

install_requires=[“Twisted[ssl]”]

This would be great. What do people who want to use pip to set up a Twisted development environment do?

Jean-Paul

_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

Well you can do ``pip install Twisted[ssl]`` too. I don’t have a better solution that that up my sleeve though :(

----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

Donald Stufft

10:02 a.m.

Oh whoops, I misread what Jean-Paul said. Yes you can do that, either directly or in a requirements file. On Apr 10, 2014, at 8:35 AM, Dustin J. Mitchell wrote:

...

Use

pip install -e .[ssl]

in the dir with the twisted setup.py. Works like a charm.

Dustin

On Thu, Apr 10, 2014 at 7:06 AM, Donald Stufft wrote:

...
On Apr 10, 2014, at 6:56 AM, exarkun@twistedmatrix.com wrote:

...
On 9 Apr, 10:59 pm, donald@stufft.io wrote:

...
On Apr 9, 2014, at 6:55 PM, Itamar Turner-Trauring wrote:

...
On 04/09/2014 03:48 PM, exarkun@twistedmatrix.com wrote:

...
And that shortcoming could be mitigated by documenting (or even formally declaring) this dependency more prominently (I see it's in the NEWS file and the SSL howto but not, for example, in the INSTALL file).

A ssl-requirements.txt file seems like a good idea; we're going to be adding the pem package as well, it looks like, and having one thing people can install automatically is a lot better than having all our users manually type stuff in.

_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

extras!

Then people can do:

install_requires=[“Twisted[ssl]”]

This would be great. What do people who want to use pip to set up a Twisted development environment do?

Jean-Paul

_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

Well you can do ``pip install Twisted[ssl]`` too. I don’t have a better solution that that up my sleeve though :(

----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

exarkun＠twistedmatrix.com

11 Apr 11 Apr

7:41 p.m.

On 10 Apr, 12:35 pm, dustin@v.igoro.us wrote:

...

Use

pip install -e .[ssl]

in the dir with the twisted setup.py. Works like a charm.

It seems like this would completely replace the need for any kind of requirements.txt files. Is there a compelling reason to make both of these work? Jean-Paul

exarkun＠twistedmatrix.com

9 Apr 9 Apr

12:34 p.m.

On 05:47 pm, glyph@twistedmatrix.com wrote:

...

On Apr 9, 2014, at 9:42 AM, exarkun@twistedmatrix.com wrote:

...
This is a warning that just about every Twisted user is going to see and it's confusing (_sslverify.py? what?) and poorly formatted.

I can definitely fix the formatting (and maybe a few other things in this area...) for a new prerelease.

But how would you recommend we make the warning come from a more sensible location that doesn't mention _sslverify.py? I'd really like this to look specific, comprehensible, and actionable to users. Should it not be using the warnings module?

I added one suggestion to the ticket https://tm.tl/7097: `warnings.showwarning(..., "", "")` will produce a message like ":: UserWarning: ..." (at least one the one version of Python I tested on, who knows if it's the same across all the versions we care about) which is still weird but less so. Off the top of my head I don't have any better suggestions than that. I guess there is the other obvious approach of just writing some bytes to stderr... Considering my various experiences with the warnings module I'm even a little tempted to go that way. It does seem like the choice is between really bad and only sort of bad, though. (Oops, didn't click send fast enough, now I'm imagining other things like passing some other string to `showwarning` as the file name - like "Twisted TLS Support" or whatever else you want to make the resulting message look pretty.) Jean-Paul

3660

Age (days ago)

3663

Last active (days ago)

List overview

Download

13 comments

7 participants

participants (7)

Donald Stufft
Dustin J. Mitchell
exarkun＠twistedmatrix.com
Glyph
HawkOwl
Itamar Turner-Trauring
Phil Mayers

[Twisted-Python] Twisted 14.0.0-pre2 Announcement

Phil Mayers

tags

participants (7)