PEP 594: Update with discussion items by tiran · Pull Request #1063 · python/peps (original) (raw)
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Conversation11 Commits7 Checks0 Files changed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
[ Show hidden characters]({{ revealButtonHref }})
Updates from discussions on python-dev and Twitter.
- socketserver
- wave's dependency on audioop can be removed
- clarify crypt
- elaborate problems with NNTP tests
- smtpd is documented as deprecated since 3.4.7, 3.5.4, and 3.6.1.
- ask Pablo about pgen2 / lib2to3.
- @gvanrossum wants to deprecated the
parsermodule. Maybe add it to the PEP, too? - keep fileinput
- mention that Twisted plans to remove NNTP support (thx Nathaniel)
@gvanrossum @pablogsal I'm going to add the parser module to the PEP. The parser and grammar part of the Python interpreter is not my area of expertise. I'd appreciate a better wording from you.
Thanks! I'll update the PR with your feedback tomorrow.
Some points you might or might not want to incorporate somehow:
- Twisted is also looking at removing their NNTP support, b/c they've been totally unable to find anyone interested in porting it to python 3: https://twistedmatrix.com/trac/ticket/9405
- The password hashing algorithms exposed by the
cryptmodule are considered pretty lousy these days. They're sufficiently bad that the glibc itself is working on getting out of the business of maintainingcryptentirely, in favor of third party libraries that can do a better job keeping up with things: See: 1, 2
It's possible someone out there is usingcryptto hash passwords in their database or something, but there are much better options on PyPI: passlib, argon2, etc.
I'm a little sad to see crypt go -- it would be useful for checking passwords against /etc/passwd as long as crypt(3) exists. TBH I liked it better when it just wrapped crypt(3) -- maybe it could be deprecated in two stages, leaving the original crypt(3) wrapper undeprecated until it's actually gone from libc on most platforms?
I'm a little sad to see
cryptgo -- it would be useful for checking passwords against/etc/passwdas long as crypt(3) exists. TBH I liked it better when it just wrapped crypt(3) -- maybe it could be deprecated in two stages, leaving the original crypt(3) wrapper undeprecated until it's actually gone from libc on most platforms?
This works only under some circumstances and does not verify that account fully:
- script runs as root and unrestricted execution context (otherwise SELinux and AppArmor don't allow access to
/etc/shadow) - user is actually stored in a file and not provided through other APIs like LDAP, SSSD, SQL database, NIS/YP, ...
- account restrictions (HBAC, session, ...) aren't checked
You can always install it from PyPI. I have added a ctypes-based interface to https://github.com/tiran/legacylib/tree/master/crypt/src, so you don't need a C compiler to install it.
* Twisted is also looking at removing their NNTP support, b/c they've been totally unable to find anyone interested in porting it to python 3: https://twistedmatrix.com/trac/ticket/9405
And that means what? I hope you meant to say we should keep nttplib included, because we are the only ones to keep the support, right?
* Twisted is also looking at removing their NNTP support, b/c they've been totally unable to find anyone interested in porting it to python 3: https://twistedmatrix.com/trac/ticket/9405And that means what? I hope you meant to say we should keep
nttplibincluded, because we are the only ones to keep the support, right?
For me, it means nobody cares enough about NNTP to maintain NNTP code.
And that means what?
It's a piece of information. It can support multiple arguments. I'm not pushing some predetermined agenda.
Also, I deleted one of your comments, because it was some kind of vague, passive aggressive insinuation. That's not appropriate here; if your want to make an argument, just say it and provide supporting evidence.