pip install requests[security] 与 pip install requests:区别
pip install requests[security] vs pip install requests: Difference
我正在使用 Ubuntu 14.04 (Trusty Tahr) 和 Python 版本 2.7.6。今天,当我创建一个新的 virtualenv 并尝试执行 pip install requests 时,我得到了错误 InsecurePlatformWarning。
我按照
中的说明解决了这个问题
但我想了解这两个命令之间的实际区别是什么:
pip install requests[security] 和 pip install requests.
为什么前者要多安装三个包?
将代码推送到生产环境时,有什么需要注意的地方吗?
它们的行为通常相同吗?
Why does the former install 3 additional packages?
使用 requests[security] 而不是 requests 将安装 three additional packages:
- pyOpenSSL
- 密码学
- idna
这些在 extras_requires 中定义为 optional features with additional dependencies。
Are there any things that I need to take care about when I push the code to production?
您需要确保能够毫无问题地安装这些附加包,并且对 SSL 连接工作方式的任何更改都不会影响您的使用。
Do they both behave the same generally?
使用这些包而不是默认的标准库选项将允许更安全的 SSL 连接。
更多信息,here's the pull request where it was merged in and here is the issue where it was discussed。
(来自评论,当 GitHub 消失时):
So right now the SSL connections when you use pyOpenSSL, ndg-httspclient, and pyasn1 are more secure than if you just use the stdlib options. However it's hard to actually remember those three things. It would be cool if requests would add an extra to it's setup.py so that people can install requests with betterssl (Donald Stufft)
Also by default requests can't connect to some sites on OS X because of ancient OpenSSL. Using the above 3 packages makes it possible. (Donald Stufft)
我正在使用 Ubuntu 14.04 (Trusty Tahr) 和 Python 版本 2.7.6。今天,当我创建一个新的 virtualenv 并尝试执行 pip install requests 时,我得到了错误 InsecurePlatformWarning。
我按照
但我想了解这两个命令之间的实际区别是什么:
pip install requests[security] 和 pip install requests.
为什么前者要多安装三个包?
将代码推送到生产环境时,有什么需要注意的地方吗?
它们的行为通常相同吗?
Why does the former install 3 additional packages?
使用 requests[security] 而不是 requests 将安装 three additional packages:
- pyOpenSSL
- 密码学
- idna
这些在 extras_requires 中定义为 optional features with additional dependencies。
Are there any things that I need to take care about when I push the code to production?
您需要确保能够毫无问题地安装这些附加包,并且对 SSL 连接工作方式的任何更改都不会影响您的使用。
Do they both behave the same generally?
使用这些包而不是默认的标准库选项将允许更安全的 SSL 连接。
更多信息,here's the pull request where it was merged in and here is the issue where it was discussed。
(来自评论,当 GitHub 消失时):
So right now the SSL connections when you use pyOpenSSL, ndg-httspclient, and pyasn1 are more secure than if you just use the stdlib options. However it's hard to actually remember those three things. It would be cool if requests would add an extra to it's setup.py so that people can install requests with betterssl (Donald Stufft)
Also by default requests can't connect to some sites on OS X because of ancient OpenSSL. Using the above 3 packages makes it possible. (Donald Stufft)