touch-packages team mailing list archive

[Matthias Klose <doko@xxxxxxxxxx>]

On 14.10.2015 21:50, Steve Langasek wrote:
> This upload includes a change to add a new configuration file for
> setting the site policy for whether to enforce signature signing.
>
> I objected privately to the addition of this configuration file when
> Matthias proposed it.

> This adds complexity to the system both on
> upgrade and in 14.04 itself; the patch was proposed upstream and
> rejected;

The patch was not rejected upstream, because it wasn't seen as relevant.  It was 
somehow acknowledged that something like this is needed.  Other options 
discussed seemd to be worse.  See http://bugs.python.org/issue23857

> and the configuration file will cause the behavior of programs
> to be inconsistent across installations of Ubuntu.

This claim seems to be wrong.  The default is the same as in the
released trusty.

> Furthermore, the
> claim in the changelog that this config file will be removed on upgrade
> to 15.04 is *false*; there is no code in the 15.04 version of python3.4
> which implements this, and there is no python3.4 package in the SRU
> queue for vivid.

This is in progress, just started with wily.

> Users who upgraded to 3.4.3 previously in trusty-updates are currently
> stuck on an upgrade island as a result of the previous SRU having been
> backed out due to regressions.  We need to resolve this problem quickly.
> The SRU that has been uploaded is not appropriate as a quick fix, it has
> longer-term consequences that need to be thought through carefully.
 >
> I am going to upload a new SRU that reverts the addition of this config
> file.  The code patch can stay in place, it should implement the correct
> behavior with or without the config file actually being present (and I
> don't have an alternative implementation of this policy change to hand
> that we could quickly release).  But if we're going to release this SRU
> with that code path, we should not be advising users to use a global
> config file to configure the site policy until this has been discussed
> more broadly.

sure we can do that.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python3-defaults in
Ubuntu.
https://bugs.launchpad.net/bugs/1348954

Title:
  update Python3 for trusty

Status in python3-defaults package in Ubuntu:
  New
Status in python3-stdlib-extensions source package in Trusty:
  Fix Released
Status in python3.4 source package in Trusty:
  Fix Committed

Bug description:
  update Python3 for trusty.

  Rationale: the LTS was released with 3.4.0, the first 3.4 release
  which certainly had some issues. The idea is to update the python3.4
  packages to the version found in 15.04 (vivid), which currently
  doesn't have any outstanding issues.  A test rebuild of the trusty
  main component was done without showing any regressions during the
  package builds.

  http://people.ubuntuwire.org/~wgrant/rebuild-ftbfs-test/test-rebuild-20150317-trusty.html
  http://people.ubuntuwire.org/~wgrant/rebuild-ftbfs-test/test-rebuild-20150501-updates-trusty.html

  To validate this SRU, I'm proposing to use the results from the test
  rebuild, plus evaluating the testsuite results of the python3.4
  package itself.

  To test the python3 behaviour for certificate verification, use
  urllib.request.urlopen. requests does it's own certificate
  verification.

  import urllib.request
  sites = [
      'https://expired.badssl.com/',
      'https://wrong.host.badssl.com/',
      'https://self-signed.badssl.com/'
  ]

  for site in sites:
      try:
          urllib.request.urlopen(site)
          print("OK", site)
      except:
          print("FAIL", site)

  Edit /etc/python3.4/cert-verification.conf to test both behaviours

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python3-defaults/+bug/1348954/+subscriptions