schedule for 8.7 rc and final release

[Vincent Delecroix]

Dear Volker,

Do you have a rough schedule for the next Sage release?

I am interested because Vincent K is putting a lot of effort
towards having a new release of gmpy2 [1] that would be great
to have in 8.7.

[1] https://github.com/aleaxit/gmpy/issues/199

Cheers
Vincent

[Volker Braun]

Next develop release will be rc0

IMHO changes to gmpy2 should wait until the next version to give it some time to test out.

[E. Madison Bray]

Hi Volker,

I don't think there should be a release candidate at least until most
of the blocker issues [1] are resolved; in particular the four that
are already either positively reviewed or are in-progress.

Thanks


[1] https://trac.sagemath.org/query?priority=blocker&status=needs_info&status=needs_review&status=needs_work&status=new&status=positive_review&milestone=sage-8.7&group=status&col=id&col=summary&col=priority&col=owner&col=type&col=component&col=time&order=priority

On Thu, Mar 14, 2019 at 2:25 PM Volker Braun <vbrau...@gmail.com> wrote:
>
> Next develop release will be rc0
>
> IMHO changes to gmpy2 should wait until the next version to give it some time to test out.
>

> --
> You received this message because you are subscribed to the Google Groups "sage-devel" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+...@googlegroups.com.
> To post to this group, send email to sage-...@googlegroups.com.
> Visit this group at https://groups.google.com/group/sage-devel.
> For more options, visit https://groups.google.com/d/optout.

[Volker Braun]

Feel free to fix the Cygwin-related bugs, but some of these are longstanding issues that should be discussed with upstream first; Realistically thats not going to make it to the next Sage version.

[Dima Pasechnik]

It appears that Sage's openssl package is broken on MacOS nowadays.
Should this be a blocker?

[Volker Braun]

We don't build it by default, so imho the answer is no. Not every optional package works on every supported platform, even if we strive for that.

[Dima Pasechnik]

On Fri, Mar 15, 2019 at 2:53 PM Volker Braun <vbrau...@gmail.com> wrote:
>
> We don't build it by default, so imho the answer is no. Not every optional package works on every supported platform, even if we strive for that.

Are we going to ship broken MacOS binaries then?

[Volker Braun]

Is openssl compiled into the macos binary? Technically we wouldn't be allowed to distribute that....

[E. Madison Bray]

On Fri, Mar 15, 2019 at 3:31 PM Dima Pasechnik <dim...@gmail.com> wrote:
>
> It appears that Sage's openssl package is broken on MacOS nowadays.
> Should this be a blocker?

How is SSL support currently handled in MacOS? I have not kept up
with that issue. Are OSX users still not able to do something as
simple as pip install?

[Dima Pasechnik]

On Fri, Mar 15, 2019 at 3:35 PM E. Madison Bray <erik....@gmail.com> wrote:
>
> On Fri, Mar 15, 2019 at 3:31 PM Dima Pasechnik <dim...@gmail.com> wrote:
> >
> > It appears that Sage's openssl package is broken on MacOS nowadays.
> > Should this be a blocker?
>
> How is SSL support currently handled in MacOS? I have not kept up
> with that issue. Are OSX users still not able to do something as
> simple as pip install?
>

current Sage 8.6 MacOS binary installer comes with urllib that cannot
work with https.
I presume this is precisely what we see reported here, as it's exactly
what oeis() function of Sage needs.

However, 2.7.16 binary installer of Python from python.org comes with a script
Install\ Certificates.command , which says inside

# install_certifi.py
# sample script to install or update a set of default Root Certificates
# for the ssl module. Uses the certificates provided by the certifi package:
# https://pypi.python.org/pypi/certifi

and which, after you run it, allows urllib to function properly.
(but not before - perhaps it's launched automatically if you open some
Python GUI that comes in that installer)

Perhaps we should do something like this...

[E. Madison Bray]

On Fri, Mar 15, 2019 at 4:47 PM Dima Pasechnik <dim...@gmail.com> wrote:
>
> On Fri, Mar 15, 2019 at 3:35 PM E. Madison Bray <erik....@gmail.com> wrote:
> >
> > On Fri, Mar 15, 2019 at 3:31 PM Dima Pasechnik <dim...@gmail.com> wrote:
> > >
> > > It appears that Sage's openssl package is broken on MacOS nowadays.
> > > Should this be a blocker?
> >
> > How is SSL support currently handled in MacOS? I have not kept up
> > with that issue. Are OSX users still not able to do something as
> > simple as pip install?
> >
>
> current Sage 8.6 MacOS binary installer comes with urllib that cannot
> work with https.
> I presume this is precisely what we see reported here, as it's exactly
> what oeis() function of Sage needs.
>
> However, 2.7.16 binary installer of Python from python.org comes with a script
> Install\ Certificates.command , which says inside
>
> # install_certifi.py
> # sample script to install or update a set of default Root Certificates
> # for the ssl module. Uses the certificates provided by the certifi package:
> # https://pypi.python.org/pypi/certifi
>
> and which, after you run it, allows urllib to function properly.
> (but not before - perhaps it's launched automatically if you open some
> Python GUI that comes in that installer)
>
> Perhaps we should do something like this...

That appears to be a separate issue. What do you mean by "binary
installer comes with urllib that cannot work with https"?

Because if there is no _ssl module included in Python then it can't
use HTTPS anyways. But if `import _ssl` works then there is a working
SSL library included, whatever it may be.

The other issue is just a question of whether or not the SSL library
has up-to-date root certificates to verify connections with. If it
doesn't, then HTTPS connections will fail with some
SSL_CERTIFICATE_VERIFY_FAILED which can be worked around in a number
of different ways (including installing up-to-date root CA certs from
a presumed "trusted" source into a location that Python's urllib knows
where to look).

[Dima Pasechnik]

Indeed, it's one of the two issues we saw recently here. And this one,
with binary 8.6 it is indeed that
"import ssl" fails. But even if people install Sage's optional openssl
package on MacOS, it won't be enough, still.

>
> Because if there is no _ssl module included in Python then it can't
> use HTTPS anyways. But if `import _ssl` works then there is a working
> SSL library included, whatever it may be.
>
> The other issue is just a question of whether or not the SSL library
> has up-to-date root certificates to verify connections with. If it
> doesn't, then HTTPS connections will fail with some
> SSL_CERTIFICATE_VERIFY_FAILED

Yes, this is exactly what I saw when I tried Python.org's 2.7.16
without running that script:

>>> from urllib import urlopen
>>> f=urlopen("https://oeis.org/")

Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib.py",
line 87, in urlopen
return opener.open(url)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib.py",
line 213, in open
return getattr(self, name)(url)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib.py",
line 443, in open_https
h.endheaders(data)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py",
line 1038, in endheaders
self._send_output(message_body)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py",
line 882, in _send_output
self.send(msg)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py",
line 844, in send
self.connect()
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py",
line 1263, in connect
server_hostname=server_hostname)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py",
line 369, in wrap_socket
_context=self)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py",
line 599, in __init__
self.do_handshake()
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py",
line 828, in do_handshake
self._sslobj.do_handshake()
IOError: [Errno socket error] [SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed (_ssl.c:727)

> which can be worked around in a number
> of different ways (including installing up-to-date root CA certs from
> a presumed "trusted" source into a location that Python's urllib knows
> where to look).

The bottom line is two-fold:

1) As Python.org now ships 2.7.16 with pre-build openssl, then why
don't we do the same?
(IMHO Sage should not try to out-saint the pope, and stick to "we
don't ship openssl orthodoxy")

2) It's not sufficient to have an up to date openssl package, it also
needs some further blessing
with certs on MacOS.

Dima

[Volker Braun]

On Friday, March 15, 2019 at 5:12:59 PM UTC+1, Dima Pasechnik wrote:

1) As Python.org now ships 2.7.16 with pre-build openssl, then why
don't we do the same?

Because Python is not GPL licensed, of course

 

(IMHO Sage should not try to out-saint the pope, and stick to "we
don't ship openssl orthodoxy")

I'm fine with packaging the cert bundle, installing it, switch the osx binary build to include it, and test that on a variety of older macs. It would definitely be a improvement for the mac users. But we shouldn't delay Sage 8.7 for that.

[Volker Braun]

PS: The openssl master branch is already Apache licensed: https://github.com/openssl/openssl/commit/151333164ece49fdba3fe5c4bbdc3333cd9ae66d. Though no release yet.