[Twisted-Python] Twisted 14.0.0-pre2 Announcement
Just in time for PyCon, the second prerelease is hot off the presses.
Tarballs for this prerelease can be found at http://twistedmatrix.com/Releases/pre/14.0.0pre2, with the changelog at http://twistedmatrix.com/Releases/pre/14.0.0pre2/NEWS.txt.
Changes from the previous prerelease include:
- Dropping support for Windows XP, due to XP being EOL.
- Dropping support for PyOpenSSL older than 0.10.
- Support for TLS Service Identity, in conjunction with the service_identity library on PyPI.
For more information and a full list of changes, check the NEWS.txt file.
Please download the tarballs and test them with your applications, so we can make sure we’re all ready for release!
-hawkowl
On 07:34 am, hawkowl@atleastfornow.net wrote:
Just in time for PyCon, the second prerelease is hot off the presses.
Tarballs for this prerelease can be found at http://twistedmatrix.com/Releases/pre/14.0.0pre2, with the changelog at http://twistedmatrix.com/Releases/pre/14.0.0pre2/NEWS.txt.
Changes from the previous prerelease include:
- Dropping support for Windows XP, due to XP being EOL. - Dropping support for PyOpenSSL older than 0.10. - Support for TLS Service Identity, in conjunction with theservice_identity library on PyPI.
Thanks!
I haven't yet done any serious testing of this prerelease but I did import some modules from it and I think this is pretty embarassing:
import twisted.internet.ssl
/home/exarkun/Projects/Twisted/trunk/twisted/internet/_sslverify.py:119: UserWarning: You do not have the service_identity module installed. Please install it from https://pypi.python.org/pypi/service_identity. Without the service_identity module and a recent enough pyOpenSSL tosupport it, Twisted can perform only rudimentary TLS client hostnameverification. Many valid certificate/hostname mappings may be rejected. verifyHostname, VerificationError = _selectVerifyImplementation()
This is a warning that just about every Twisted user is going to see and it's confusing (_sslverify.py? what?) and poorly formatted.
Jean-Paul
For more information and a full list of changes, check the NEWS.txt file.
Please download the tarballs and test them with your applications, so we can make sure we’re all ready for release!
-hawkowl
On Apr 9, 2014, at 9:42 AM, exarkun@twistedmatrix.com wrote:
This is a warning that just about every Twisted user is going to see and it's confusing (_sslverify.py? what?) and poorly formatted.
I can definitely fix the formatting (and maybe a few other things in this area...) for a new prerelease.
But how would you recommend we make the warning come from a more sensible location that doesn't mention _sslverify.py? I'd really like this to look specific, comprehensible, and actionable to users. Should it not be using the warnings module?
-glyph
On Apr 9, 2014, at 1:47 PM, Glyph glyph@twistedmatrix.com wrote:
On Apr 9, 2014, at 9:42 AM, exarkun@twistedmatrix.com wrote:
This is a warning that just about every Twisted user is going to see and it's confusing (_sslverify.py? what?) and poorly formatted.
I can definitely fix the formatting (and maybe a few other things in this area...) for a new prerelease.
But how would you recommend we make the warning come from a more sensible location that doesn't mention _sslverify.py? I'd really like this to look specific, comprehensible, and actionable to users. Should it not be using the warnings module?
-glyph _______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
You can use the level kwarg to warnings to make it look like the warning is coming from high up in the stack if that’s useful at all.
----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
On 09/04/14 18:47, Glyph wrote:
On Apr 9, 2014, at 9:42 AM, exarkun@twistedmatrix.com mailto:exarkun@twistedmatrix.com wrote:
This is a warning that just about every Twisted user is going to see and it's confusing (_sslverify.py? what?) and poorly formatted.
I can definitely fix the formatting (and maybe a few other things in this area...) for a new prerelease.
But how would you recommend we make the warning come from a more
How is the library used?
If it's used under new APIs, then just fail if it's not installed.
If it's used under old APIs, then don't warn at all; either deprecate those APIs because you think they're unsafe, or keep quiet ;o)
If you must warn, warn at runtime not import time.
Just my £0.03 (inflation).
On 06:19 pm, p.mayers@imperial.ac.uk wrote:
On 09/04/14 18:47, Glyph wrote:
On Apr 9, 2014, at 9:42 AM, exarkun@twistedmatrix.com mailto:exarkun@twistedmatrix.com wrote:
This is a warning that just about every Twisted user is going to see and it's confusing (_sslverify.py? what?) and poorly formatted.
I can definitely fix the formatting (and maybe a few other things in this area...) for a new prerelease.
But how would you recommend we make the warning come from a more
How is the library used?
If it's used under new APIs, then just fail if it's not installed.
If it's used under old APIs, then don't warn at all; either deprecate those APIs because you think they're unsafe, or keep quiet ;o)
If you must warn, warn at runtime not import time.
This may be a good idea. If you warn at runtime then there actually *may* be something above you on the stack, somewhere, which you can blame the warning on.
I think in this case that's possible (if you emitted the warning from `simpleVerifyHostname`).
The trade-off of this approach is that users might not notice a warning that only shows up later after the program has been running for a while. Of course they might not notice a warning that shows up early either - who even says the program is running in a terminal or that anyone is reading stdio? But those are general problems with the warnings module...
And that shortcoming could be mitigated by documenting (or even formally declaring) this dependency more prominently (I see it's in the NEWS file and the SSL howto but not, for example, in the INSTALL file).
Jean-Paul
On 04/09/2014 03:48 PM, exarkun@twistedmatrix.com wrote:
And that shortcoming could be mitigated by documenting (or even formally declaring) this dependency more prominently (I see it's in the NEWS file and the SSL howto but not, for example, in the INSTALL file).
A ssl-requirements.txt file seems like a good idea; we're going to be adding the pem package as well, it looks like, and having one thing people can install automatically is a lot better than having all our users manually type stuff in.
On Apr 9, 2014, at 6:55 PM, Itamar Turner-Trauring itamar@itamarst.org wrote:
On 04/09/2014 03:48 PM, exarkun@twistedmatrix.com wrote:
And that shortcoming could be mitigated by documenting (or even formally declaring) this dependency more prominently (I see it's in the NEWS file and the SSL howto but not, for example, in the INSTALL file).
A ssl-requirements.txt file seems like a good idea; we're going to be adding the pem package as well, it looks like, and having one thing people can install automatically is a lot better than having all our users manually type stuff in.
Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
extras!
Then people can do:
install_requires=[“Twisted[ssl]”]
----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
On 9 Apr, 10:59 pm, donald@stufft.io wrote:
On Apr 9, 2014, at 6:55 PM, Itamar Turner-Trauring itamar@itamarst.org wrote:
On 04/09/2014 03:48 PM, exarkun@twistedmatrix.com wrote:
And that shortcoming could be mitigated by documenting (or even formally declaring) this dependency more prominently (I see it's in the NEWS file and the SSL howto but not, for example, in the INSTALL file).
A ssl-requirements.txt file seems like a good idea; we're going to be adding the pem package as well, it looks like, and having one thing people can install automatically is a lot better than having all our users manually type stuff in.
Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
extras!
Then people can do:
install_requires=[“Twisted[ssl]”]
This would be great. What do people who want to use pip to set up a Twisted development environment do?
Jean-Paul
On Apr 10, 2014, at 6:56 AM, exarkun@twistedmatrix.com wrote:
On 9 Apr, 10:59 pm, donald@stufft.io wrote:
On Apr 9, 2014, at 6:55 PM, Itamar Turner-Trauring itamar@itamarst.org wrote:
On 04/09/2014 03:48 PM, exarkun@twistedmatrix.com wrote:
And that shortcoming could be mitigated by documenting (or even formally declaring) this dependency more prominently (I see it's in the NEWS file and the SSL howto but not, for example, in the INSTALL file).
A ssl-requirements.txt file seems like a good idea; we're going to be adding the pem package as well, it looks like, and having one thing people can install automatically is a lot better than having all our users manually type stuff in.
Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
extras!
Then people can do:
install_requires=[“Twisted[ssl]”]
This would be great. What do people who want to use pip to set up a Twisted development environment do?
Jean-Paul
Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
Well you can do ``pip install Twisted[ssl]`` too. I don’t have a better solution that that up my sleeve though :(
----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
Use
pip install -e .[ssl]
in the dir with the twisted setup.py. Works like a charm.
Dustin
On Thu, Apr 10, 2014 at 7:06 AM, Donald Stufft donald@stufft.io wrote:
On Apr 10, 2014, at 6:56 AM, exarkun@twistedmatrix.com wrote:
On 9 Apr, 10:59 pm, donald@stufft.io wrote:
On Apr 9, 2014, at 6:55 PM, Itamar Turner-Trauring itamar@itamarst.org wrote:
On 04/09/2014 03:48 PM, exarkun@twistedmatrix.com wrote:
And that shortcoming could be mitigated by documenting (or even formally declaring) this dependency more prominently (I see it's in the NEWS file and the SSL howto but not, for example, in the INSTALL file).
A ssl-requirements.txt file seems like a good idea; we're going to be adding the pem package as well, it looks like, and having one thing people can install automatically is a lot better than having all our users manually type stuff in.
Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
extras!
Then people can do:
install_requires=[“Twisted[ssl]”]
This would be great. What do people who want to use pip to set up a Twisted development environment do?
Jean-Paul
Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
Well you can do ``pip install Twisted[ssl]`` too. I don’t have a better solution that that up my sleeve though :(
Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
Oh whoops, I misread what Jean-Paul said. Yes you can do that, either directly or in a requirements file.
On Apr 10, 2014, at 8:35 AM, Dustin J. Mitchell dustin@v.igoro.us wrote:
Use
pip install -e .[ssl]
in the dir with the twisted setup.py. Works like a charm.
Dustin
On Thu, Apr 10, 2014 at 7:06 AM, Donald Stufft donald@stufft.io wrote:
On Apr 10, 2014, at 6:56 AM, exarkun@twistedmatrix.com wrote:
On 9 Apr, 10:59 pm, donald@stufft.io wrote:
On Apr 9, 2014, at 6:55 PM, Itamar Turner-Trauring itamar@itamarst.org wrote:
On 04/09/2014 03:48 PM, exarkun@twistedmatrix.com wrote:
And that shortcoming could be mitigated by documenting (or even formally declaring) this dependency more prominently (I see it's in the NEWS file and the SSL howto but not, for example, in the INSTALL file).
A ssl-requirements.txt file seems like a good idea; we're going to be adding the pem package as well, it looks like, and having one thing people can install automatically is a lot better than having all our users manually type stuff in.
Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
extras!
Then people can do:
install_requires=[“Twisted[ssl]”]
This would be great. What do people who want to use pip to set up a Twisted development environment do?
Jean-Paul
Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
Well you can do ``pip install Twisted[ssl]`` too. I don’t have a better solution that that up my sleeve though :(
Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
On 10 Apr, 12:35 pm, dustin@v.igoro.us wrote:
Use
pip install -e .[ssl]
in the dir with the twisted setup.py. Works like a charm.
It seems like this would completely replace the need for any kind of requirements.txt files. Is there a compelling reason to make both of these work?
Jean-Paul
On 05:47 pm, glyph@twistedmatrix.com wrote:
On Apr 9, 2014, at 9:42 AM, exarkun@twistedmatrix.com wrote:
This is a warning that just about every Twisted user is going to see and it's confusing (_sslverify.py? what?) and poorly formatted.
I can definitely fix the formatting (and maybe a few other things in this area...) for a new prerelease.
But how would you recommend we make the warning come from a more sensible location that doesn't mention _sslverify.py? I'd really like this to look specific, comprehensible, and actionable to users. Should it not be using the warnings module?
I added one suggestion to the ticket https://tm.tl/7097: `warnings.showwarning(..., "", "")` will produce a message like ":: UserWarning: ..." (at least one the one version of Python I tested on, who knows if it's the same across all the versions we care about) which is still weird but less so.
Off the top of my head I don't have any better suggestions than that. I guess there is the other obvious approach of just writing some bytes to stderr...
Considering my various experiences with the warnings module I'm even a little tempted to go that way. It does seem like the choice is between really bad and only sort of bad, though.
(Oops, didn't click send fast enough, now I'm imagining other things like passing some other string to `showwarning` as the file name - like "Twisted TLS Support" or whatever else you want to make the resulting message look pretty.)
Jean-Paul
participants (7)
-
Donald Stufft -
Dustin J. Mitchell -
exarkun@twistedmatrix.com -
Glyph -
HawkOwl -
Itamar Turner-Trauring -
Phil Mayers