← Back to team overview

touch-packages team mailing list archive

Re: [Bug 1348954] Re: update Python3 for trusty

 

On Oct 14, 2015, at 07:50 PM, Steve Langasek wrote:

>I am going to upload a new SRU that reverts the addition of this config
>file.  The code patch can stay in place, it should implement the correct
>behavior with or without the config file actually being present (and I
>don't have an alternative implementation of this policy change to hand
>that we could quickly release).  But if we're going to release this SRU
>with that code path, we should not be advising users to use a global
>config file to configure the site policy until this has been discussed
>more broadly.

I guess given Tyler Hicks' out-of-band feedback, we should just turn off
certificate checking for 14.04.  Let's let the security team and/or bug
reports drive any change in this behavior.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python3-defaults in
Ubuntu.
https://bugs.launchpad.net/bugs/1348954

Title:
  update Python3 for trusty

Status in python3-defaults package in Ubuntu:
  New
Status in python3-stdlib-extensions source package in Trusty:
  Fix Released
Status in python3.4 source package in Trusty:
  Fix Committed

Bug description:
  update Python3 for trusty.

  Rationale: the LTS was released with 3.4.0, the first 3.4 release
  which certainly had some issues. The idea is to update the python3.4
  packages to the version found in 15.04 (vivid), which currently
  doesn't have any outstanding issues.  A test rebuild of the trusty
  main component was done without showing any regressions during the
  package builds.

  http://people.ubuntuwire.org/~wgrant/rebuild-ftbfs-test/test-rebuild-20150317-trusty.html
  http://people.ubuntuwire.org/~wgrant/rebuild-ftbfs-test/test-rebuild-20150501-updates-trusty.html

  To validate this SRU, I'm proposing to use the results from the test
  rebuild, plus evaluating the testsuite results of the python3.4
  package itself.

  To test the python3 behaviour for certificate verification, use
  urllib.request.urlopen. requests does it's own certificate
  verification.

  import urllib.request
  sites = [
      'https://expired.badssl.com/',
      'https://wrong.host.badssl.com/',
      'https://self-signed.badssl.com/'
  ]

  for site in sites:
      try:
          urllib.request.urlopen(site)
          print("OK", site)
      except:
          print("FAIL", site)

  Edit /etc/python3.4/cert-verification.conf to test both behaviours

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python3-defaults/+bug/1348954/+subscriptions


References