This issue tracker has been migrated to GitHub ,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2011年03月01日 03:06 by kelsey.hightower, last changed 2022年04月11日 14:57 by admin. This issue is now closed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| mirror-authenticity.patch | kelsey.hightower, 2011年03月01日 03:28 | Adding support for PEP 381 Mirror Authenticity | ||
| mirror-authenticity-updated.patch | kelsey.hightower, 2011年03月04日 04:06 | Fixes based on feedback from Alexis and Antoine Pitrou | ||
| Messages (7) | |||
|---|---|---|---|
| msg129736 - (view) | Author: Kelsey (kelsey.hightower) | Date: 2011年03月01日 03:06 | |
Distutils2 should provide support for verifying a mirrors authenticity as described in PEP 381 -- Mirror Authenticity. |
|||
| msg129737 - (view) | Author: Kelsey (kelsey.hightower) | Date: 2011年03月01日 03:13 | |
I have started on an implementation in my distutil2 patch-queue on bitbucket. Link to code, tests, and documentation: https://bitbucket.org/khightower/distutils2-patch-queue/qseries?apply=t&qs_apply=mirror-authenticity Outstanding items include back porting the SSL module for python < 2.6 support and making sure all test pass on python >= 2.4 |
|||
| msg129783 - (view) | Author: Alexis Metaireau (alexis) * (Python triager) | Date: 2011年03月01日 15:12 | |
Some nitpicks: In mirrors.get_server_key, the documentation is not up to date with your last changes (raises an error if there is a problem instead of returning None) You do use the name 'package' while talking about distributions or projects. Please be sure to use the right one on the right place (in your case, that's a project). A project (Django) contains releases (Django 1.1, 1.2, 1.3?) which contains distributions (sdist, bdist). The "verify_package" name could probably be changed in "is_trustable" or something like that, or raise an error (Otherwise, one can use verify_package thinking that it will actually check for something, without looking at the return value). In the documentation, you've mainly copy/pasted the PEP and provided examples on how to do the authenticity check with distutils2. While the second part is fine, I think that duplicating the PEP content on the documentation is probably an error: If the PEP changes, then the distutils2 documentation have to change as well. You probably can just refer on the PEP with a link. Adding informations on where did you find the sources of verify.py could be nice as well. Again, thanks for your work ! |
|||
| msg129784 - (view) | Author: Alexis Metaireau (alexis) * (Python triager) | Date: 2011年03月01日 15:44 | |
Antoine Pitrou on #python-dev made interesting remarks about the validation: 16:19 < __ap__> hmm the way the patch does validation is bogus 16:22 < __ap__> because it opens the URL a first time, validates it, then opens it a second time with urlopen() 16:22 < __ap__> without verifying the certificate on the second time 16:23 < __ap__> it should do the validation directly with urlopen() 16:23 < __ap__> (which probably requires defining a custom HTTPSHandler) |
|||
| msg129785 - (view) | Author: Kelsey (kelsey.hightower) | Date: 2011年03月01日 16:19 | |
Thanks for the feedback! I agree with the issues raised and will rework the patch to address them. |
|||
| msg130019 - (view) | Author: Kelsey (kelsey.hightower) | Date: 2011年03月04日 04:06 | |
Based on the feedback I have updated my patch, please review. An updated patch attached. Link to my distutils2 mq below: https://bitbucket.org/khightower/distutils2-patch-queue/qseries?apply=t&qs_apply=mirror-authenticity |
|||
| msg203876 - (view) | Author: Éric Araujo (eric.araujo) * (Python committer) | Date: 2013年11月22日 21:03 | |
Mirroring protocol is deprecated. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022年04月11日 14:57:13 | admin | set | github: 55566 |
| 2013年11月22日 21:03:35 | eric.araujo | set | status: open -> closed messages: + msg203876 assignee: tarek -> resolution: out of date stage: resolved |
| 2011年09月19日 12:49:09 | intgr | set | nosy:
+ intgr |
| 2011年08月08日 13:10:12 | asdfasdfasdfasdfasdfasdfasdf | set | nosy:
+ asdfasdfasdfasdfasdfasdfasdf |
| 2011年06月03日 15:33:52 | eric.araujo | set | title: Add support for PEP 381 -- Mirror Authenticity -> Add support for PEP 381 Mirror Authenticity versions: + Python 3.3, - 3rd party |
| 2011年06月01日 06:25:42 | terry.reedy | set | versions: - Python 2.6, Python 2.5, Python 3.1, Python 2.7, Python 3.2, Python 3.3 |
| 2011年03月04日 04:06:53 | kelsey.hightower | set | files:
+ mirror-authenticity-updated.patch nosy: tarek, eric.araujo, alexis, kelsey.hightower messages: + msg130019 |
| 2011年03月01日 16:19:33 | kelsey.hightower | set | nosy:
tarek, eric.araujo, alexis, kelsey.hightower messages: + msg129785 |
| 2011年03月01日 15:44:58 | alexis | set | nosy:
tarek, eric.araujo, alexis, kelsey.hightower messages: + msg129784 |
| 2011年03月01日 15:12:47 | alexis | set | nosy:
tarek, eric.araujo, alexis, kelsey.hightower messages: + msg129783 |
| 2011年03月01日 03:29:00 | kelsey.hightower | set | files:
+ mirror-authenticity.patch nosy: tarek, eric.araujo, alexis, kelsey.hightower keywords: + patch |
| 2011年03月01日 03:13:13 | kelsey.hightower | set | nosy:
tarek, eric.araujo, alexis, kelsey.hightower messages: + msg129737 |
| 2011年03月01日 03:06:34 | kelsey.hightower | create | |