pip install requests[security] vs pip install requests:区别 [英] pip install requests[security] vs pip install requests: Difference

问题描述

我使用 Ubuntu 14.04 (Trusty Tahr) 和 Python 版本 2.7.6.今天，当我创建一个新的 virtualenv 并尝试执行 pip install requests 时，我收到了错误 InsecurePlatformWarning.

我按照SSL InsecurePlatform错误中的说明解决了这个问题使用请求包时.

但我想了解这两个命令之间的实际区别是什么:pip install requests[security] 和 pip install requests.

1. 为什么前者要安装三个额外的包?

2. 在将代码推送到生产环境时，有什么需要注意的地方吗?

3. 他们的行为一般都一样吗?

解决方案

为什么前者要安装 3 个额外的包?

使用 requests[security] 而不是 requests 将安装 三个附加包:

• pyOpenSSL
• 密码学
• idna

这些在 extras_requires 中定义，如 具有附加依赖项的可选功能.

<块引用>

在将代码推送到生产环境时，有什么需要注意的地方吗?

您希望确保能够毫无问题地安装这些附加软件包，并且 SSL 连接工作方式的任何更改都不会影响您的使用.

<块引用>

他们的行为一般都一样吗?

使用这些包而不是默认的标准库选项将允许更安全的 SSL 连接.

有关更多信息，这里是合并的拉取请求和这里是讨论的问题.

(来自评论，当 GitHub 消失时):

<块引用>

因此，现在使用 pyOpenSSL、ndg-httspclient 和 pyasn1 时的 SSL 连接比仅使用 stdlib 选项更安全.然而，很难真正记住这三件事.如果请求可以在 setup.py 中添加额外内容，以便人们可以使用 Betterssl (Donald Stufft) 安装请求，那就太好了

<块引用>

此外，由于古老的 OpenSSL，默认情况下请求无法连接到 OS X 上的某些站点.使用上面的3个包就可以了.(唐纳德·斯塔夫特)

I am using Ubuntu 14.04 (Trusty Tahr) with Python version 2.7.6. Today, when I created a new virtualenv and tried doing pip install requests, I got the error InsecurePlatformWarning.

I resolved this issue by following the instructions in SSL InsecurePlatform error when using Requests package.

But I want to understand what is the actual difference between these two commands: pip install requests[security] and pip install requests.

1. Why does the former install three additional packages?

2. Are there any things that I need to take care about when I push the code to production?

3. Do they both behave the same generally?

解决方案

Why does the former install 3 additional packages?

Using requests[security] instead of requests will install three additional packages:

• pyOpenSSL
• cryptography
• idna

These are defined in extras_requires, as optional features with additional dependencies.

Are there any things that I need to take care about when I push the code to production?

You'd want to make sure that you are able to install those additional packages without any issues and that any changes to the way SSL connections work don't affect your usage.

Do they both behave the same generally?

Using these packages as opposed to the default standard library options will allow for more secure SSL connections.

For more information, here's the pull request where it was merged in and here is the issue where it was discussed.

(From the comments, for when GitHub goes away):

So right now the SSL connections when you use pyOpenSSL, ndg-httspclient, and pyasn1 are more secure than if you just use the stdlib options. However it's hard to actually remember those three things. It would be cool if requests would add an extra to it's setup.py so that people can install requests with betterssl (Donald Stufft)

Also by default requests can't connect to some sites on OS X because of ancient OpenSSL. Using the above 3 packages makes it possible. (Donald Stufft)

这篇关于pip install requests[security] vs pip install requests:区别的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！