pip安装请求[安全性]与pip安装请求的区别 [英] pip install requests[security] vs pip install requests: Difference

问题描述

我正在将Ubuntu 14.04(Trusty Tahr)与Python版本2.7.6一起使用.今天，当我创建一个新的virtualenv并尝试执行pip install requests时，出现了错误InsecurePlatformWarning.

I am using Ubuntu 14.04 (Trusty Tahr) with Python version 2.7.6. Today, when I created a new virtualenv and tried doing pip install requests, I got the error InsecurePlatformWarning.

我按照 SSL InsecurePlatform错误中的说明解决了此问题使用请求包时 .

但是我想了解这两个命令之间的实际区别是什么: pip install requests[security]和pip install requests.

But I want to understand what is the actual difference between these two commands: pip install requests[security] and pip install requests.

1. 为什么前者要另外安装三个软件包?

1. Why does the former install three additional packages?

将代码推送到生产环境时，我需要注意什么吗?

Are there any things that I need to take care about when I push the code to production?

它们的行为通常一样吗?

Do they both behave the same generally?

推荐答案

为什么前者要另外安装3个软件包?

Why does the former install 3 additional packages?

使用requests[security]而不是requests将安装另外三个软件包:

• pyOpenSSL
• 密码学
• idna

这些在extras_requires中定义为

将代码推送到生产环境时，我需要注意什么吗?

Are there any things that I need to take care about when I push the code to production?

您希望确保能够安装这些附加软件包而不会出现任何问题，并且对SSL连接的工作方式进行任何更改都不会影响您的使用.

You'd want to make sure that you are able to install those additional packages without any issues and that any changes to the way SSL connections work don't affect your usage.

它们的行为通常一样吗?

Do they both behave the same generally?

使用这些软件包而不是默认的标准库选项将允许更安全的SSL连接.

Using these packages as opposed to the default standard library options will allow for more secure SSL connections.

有关更多信息，请此处是合并在其中的拉取请求和这里是讨论该问题的地方.

(从注释中查看GitHub何时消失):

(From the comments, for when GitHub goes away):

因此，与使用stdlib选项相比，现在使用pyOpenSSL，ndg-httspclient和pyasn1时的SSL连接更加安全.但是，实际上很难记住这三件事.如果请求可以在setup.py中添加额外内容，这样人们就可以使用Betterssl(Donald Stufft)来安装请求，那就太酷了

So right now the SSL connections when you use pyOpenSSL, ndg-httspclient, and pyasn1 are more secure than if you just use the stdlib options. However it's hard to actually remember those three things. It would be cool if requests would add an extra to it's setup.py so that people can install requests with betterssl (Donald Stufft)

由于默认的OpenSSL，默认情况下，请求也无法连接到OS X上的某些站点.使用以上3个软件包可以实现. (唐纳德·斯塔夫特)

Also by default requests can't connect to some sites on OS X because of ancient OpenSSL. Using the above 3 packages makes it possible. (Donald Stufft)

这篇关于pip安装请求[安全性]与pip安装请求的区别的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！