limit to Python <= 3.12 - for now - until all our required deps support Python 3.13 free-threaded ABI #1653
Comments
0xDEADFED5
changed the title
|
thanks for your notes, and for the information contained, such as: reason of cryptography not working (yet) on python 3.13 is CFFI "not thread-safe", the free-threaded issue. I see - wasn't aware, seems tricky, but I'm sure they will fix it .. at some point .. now, rgd making cryptography optional in autobahn: that is of course a question/wish, lets discuss and share opinions. my opinion: security is essential / non-negotiable, in general (IT), and in WAMP, and cryptography is used directly/indirectly in many places in autobahn, so making cryptography optional effectively means: make security optional The alternative is not only fine, but desirable in my eyes: If a user can not or does not want to deploy cryptography (the Python package), that means the user can not use autobahn. A system turned off is still secure, thus preferable to an insecure, online system. |
|
Note that free-threaded Python is still "experimental" and I personally wouldn't expect that to change until extremely-vital projects like "cryptography" are also supported. There's also an approximately 40% overhead for single-threaded programs, so I wouldn't expect any (positive) impact on autobahn / crossbar performance quite yet. Related: |
|
thanks @meejah for the explanations and the links! I guess it's obvious this runs deeper (e.g. curl Python package and what), and it'll take time and proper effort on multiple fronts - and I totally agree - only gut feeling, but - that the implications on performance will be a big unknown, time will tell, but .. |
|
consequently, until that happens, and since cryptography is required for autobahn, we should limit Python <= 3.12 (for now) Line 265 in 7bc85b3 |
oberstet
changed the title
|
cryptography is absolutely not required for autobahn. i'm using autobahn right now in a free-threaded program without cryptography, hence the suggestion =) Every user of Evennia (https://www.evennia.com/) falls into the cryptography-optional camp. Is there a simple way to make cryptography install by default, but have a package option that deselects it? |
yes, it is: Line 236 in 7bc85b3 if you mean, "required" in the hard technical sense beyond
the no, I agree, not required in that sense: Autobahn is OSS, so you can take the code and do what you want (roughly) - if that means "no cryptography" for you, that is totally fine and you will have reasons or requirements or what for doing so! all good & cool! sidenote 1: historically, our official Autobahn Python package could be installed without TLS, encryption and cryptography as one Python package dist option. This resulted in massive amounts of work on our side (keeping up that usage option), and hence we started to reduce the crazy amount of combinations of options and target environments Autobahn supports. sidenote 2: personally, my stance is: full, state-of-the-art encryption, cryptography (in the general sense, and in the Python package sense) and TLS v1.3+ is absolutely prio 1 for Autobahn, and making it optional is additional work for no gain. |
Right now the only thing stopping autobahn from working in Python 3.13 free-threaded is the hard requirement on cryptography (which currently doesn't work in free-threaded due to CFFI not being thread-safe).
after making that package optional autobahn works great in Python 3.13t
The text was updated successfully, but these errors were encountered: