Author icordasc
Recipients Rosuav, christian.heimes, demian.brecht, icordasc, mcepl, ncoghlan, orsenthil, pitrou, r.david.murray, terry.reedy
Date 2014-09-01.14:40:35
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1409582436.22.0.580807017915.issue19494@psf.upfronthosting.co.za>
In-reply-to
Content
> However, one sticking point is whether that optimization may also have adverse effects in terms of security (since we would always be sending auth headers, even when the server doesn't ask for it...).

Antoine's concern has always been a concern of mine. There's an important part of this discussion that seems to have been left off. Even security conscious websites like GitHub do not return 404s for all endpoints that require you to authenticate. That fact aside, I think seeing how popular the package Matej added to PyPI will be a good way to decide how essential this is to add to Python 2.7. I am of course biased as a requests core developer and a large-scale GitHub API consumer, but I think this is a fairer way to make a decision.

The patch for Python 3.5, however, looks great.
History
Date User Action Args
2014-09-01 14:40:36icordascsetrecipients: + icordasc, terry.reedy, ncoghlan, orsenthil, pitrou, christian.heimes, mcepl, r.david.murray, Rosuav, demian.brecht
2014-09-01 14:40:36icordascsetmessageid: <1409582436.22.0.580807017915.issue19494@psf.upfronthosting.co.za>
2014-09-01 14:40:36icordasclinkissue19494 messages
2014-09-01 14:40:35icordasccreate