From owner-freebsd-python@freebsd.org Tue Aug 25 20:05:01 2015 Return-Path: Delivered-To: freebsd-python@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 533789C34A3 for ; Tue, 25 Aug 2015 20:05:01 +0000 (UTC) (envelope-from lwhsu@FreeBSD.cs.nctu.edu.tw) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 37F02E23 for ; Tue, 25 Aug 2015 20:05:01 +0000 (UTC) (envelope-from lwhsu@FreeBSD.cs.nctu.edu.tw) Received: by mailman.ysv.freebsd.org (Postfix) id 352849C34A2; Tue, 25 Aug 2015 20:05:01 +0000 (UTC) Delivered-To: python@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1AE469C34A1 for ; Tue, 25 Aug 2015 20:05:01 +0000 (UTC) (envelope-from lwhsu@FreeBSD.cs.nctu.edu.tw) Received: from FreeBSD.cs.nctu.edu.tw (FreeBSD.cs.nctu.edu.tw [140.113.17.209]) by mx1.freebsd.org (Postfix) with ESMTP id B2D32E22; Tue, 25 Aug 2015 20:05:00 +0000 (UTC) (envelope-from lwhsu@FreeBSD.cs.nctu.edu.tw) Received: by FreeBSD.cs.nctu.edu.tw (Postfix, from userid 1058) id 384E328EA; Wed, 26 Aug 2015 04:05:00 +0800 (CST) Date: Wed, 26 Aug 2015 04:05:00 +0800 From: Li-Wen Hsu To: Mark Felder Cc: python Subject: Re: py-django vulnerabilities Message-ID: <20150825200500.GA32726@FreeBSD.cs.nctu.edu.tw> References: <1439923130.1067596.359551361.446BF03F@webmail.messagingengine.com> <1439997826.2721336.360395769.5671C796@webmail.messagingengine.com> <1439998219.2722781.360401857.46FCCBD9@webmail.messagingengine.com> <1439998614.2724165.360407393.5F130D70@webmail.messagingengine.com> <20150820121552.GA10322@FreeBSD.cs.nctu.edu.tw> <1440094241.908772.361540473.611AC2DA@webmail.messagingengine.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="ew6BAiZeqk4r7MaW" Content-Disposition: inline In-Reply-To: <1440094241.908772.361540473.611AC2DA@webmail.messagingengine.com> User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-python@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FreeBSD-specific Python issues List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Aug 2015 20:05:01 -0000 --ew6BAiZeqk4r7MaW Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Aug 20, 2015 at 13:10:41 -0500, Mark Felder wrote: > On Thu, Aug 20, 2015, at 07:15, Li-Wen Hsu wrote: > > On Wed, Aug 19, 2015 at 10:36:54 -0500, Mark Felder wrote: > > > On Wed, Aug 19, 2015, at 10:30, Mark Felder wrote: > > > > On Wed, Aug 19, 2015, at 10:27, Li-Wen Hsu wrote: > > > > > Thanks for the update. I have the same patch with you. But I ha= ven't > > > > > had www/py-django-devel pass the poudriere test. Are you working= on > > > > > that too? > > > >=20 > > > > I have not yet touched www/py-django-devel. I figure fewer users are > > > > affected by it, so I wanted to get the stable releases pushed out f= irst. > > >=20 > > > Setting the snapshot date to 20150819 seems to fetch and build fine. = Is > > > that OK? Do you follow django development and prefer to carefully cho= ose > > > a different snapshot date to avoid any recent bugs/issues that could > > > affect users? > >=20 > > GH_TAGNAME should also be updated, or you will get the old code. > >=20 > > I got following error from poudriere. > >=20 > > https://gist.github.com/anonymous/7fdf1a8d9645ef324e82 > >=20 > > I am a bit not sure if this is due to our python port infrastructure or > > django itself. Haven't looked into it, but `python setup.py install` on > > Mac also failed. > >=20 >=20 >=20 > I just had a chat with a django developer and he told me those things > are not supposed to be byte-compiled >=20 > https://github.com/django/django/blob/master/setup.py#L26-L28 >=20 > They're listed right there in the setup.py >=20 > So the question is: is this a bug on their side if you also saw it on > OSX? Sorry for late reply, I was busy at $work recently. I think so, but I wanted to check how does it work on Linux. Maybe it's my Python setup issue on both FreeBSD and OSX. Can anybody help to verify this? Li-Wen --=20 Li-Wen Hsu http://lwhsu.org --ew6BAiZeqk4r7MaW Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJV3MprXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxMDdENTNGNjUyMTUzMzVCNzA5NDNGODQ2 NzI3RTc3Qzg4NjJCNjU2AAoJEGcn53yIYrZWEXgP/0YSZopoh1ue7dVLgaY+46DN 6Yp//VswKPR1dXZo/2Zm4kHktk+CLaF91FmujhGqrMhzU+KLbad2v0t9VFvNCH8Y dPOVpMgu3ukgscirk+XKIpog5PPuuUKpBVxV6oQxV0ZnAa9tUN2UWzXaju1vaD6c MewoEIz0j/aB32/VPOjJoxEtrK0Y2x9l+ENChIksUDVKqsAGeFIWhzQkacb0xVe8 4VcHNRPIKALBNnrqH14UPTn9K0hPo7FhkdGTAo+L3QyiC8vXLa9kFDBQHO3wWQnY nUP5NORKxaAL5CF+Y6zSC5j4K/D+/F4lWkheWLGpwXoyaTmLGokPmpydmiKuF/QZ U2MOGc9v9lwtCrud23U2/dsrEGqmBjJZpX1/jU1KrrS9TItqC6UKQAAjsaBeLaWt DMe0vEWTY8glG16dAjvVKE9yQHgo4DWKW5NCdcr5W57NEixlIWS0NmBvdxeFjN4e bxNigVr8jA6qqBF2cIXYWWdIqJIuGCEp8ibMrejDKlKA0hIO9wQLTYpw9ENwTwTU wnxCALAKEwqT8iHYxCfdRMHUiY/YEkNoEZMmbw/uNBqh7eyMPBjxWNT8+v8W/69u /Fl4XFY6hzQ2frQ49izrxrY5GDok1rIG+yo67scNdm08iAHsBzolv/T1ZhADn8iN oCeZy2qE0GXdnvcQoRpx =R8ev -----END PGP SIGNATURE----- --ew6BAiZeqk4r7MaW--