Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
126 views
in Technique[技术] by (71.8m points)

python - pip install requests[security] vs pip install requests: Difference

I am using Ubuntu 14.04 (Trusty Tahr) with Python version 2.7.6. Today, when I created a new virtualenv and tried doing pip install requests, I got the error InsecurePlatformWarning.

I resolved this issue by following the instructions in SSL InsecurePlatform error when using Requests package.

But I want to understand what is the actual difference between these two commands: pip install requests[security] and pip install requests.

  1. Why does the former install three additional packages?

  2. Are there any things that I need to take care about when I push the code to production?

  3. Do they both behave the same generally?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Why does the former install 3 additional packages?

Using requests[security] instead of requests will install three additional packages:

  • pyOpenSSL
  • cryptography
  • idna

These are defined in extras_requires, as optional features with additional dependencies.

Are there any things that I need to take care about when I push the code to production?

You'd want to make sure that you are able to install those additional packages without any issues and that any changes to the way SSL connections work don't affect your usage.

Do they both behave the same generally?

Using these packages as opposed to the default standard library options will allow for more secure SSL connections.

For more information, here's the pull request where it was merged in and here is the issue where it was discussed.

(From the comments, for when GitHub goes away):

So right now the SSL connections when you use pyOpenSSL, ndg-httspclient, and pyasn1 are more secure than if you just use the stdlib options. However it's hard to actually remember those three things. It would be cool if requests would add an extra to it's setup.py so that people can install requests with betterssl (Donald Stufft)


Also by default requests can't connect to some sites on OS X because of ancient OpenSSL. Using the above 3 packages makes it possible. (Donald Stufft)


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...