    /arry
   ">

(original) (raw)

On 06/15/2016 11:45 PM, Barry Warsaw wrote:

So we very clearly provided platform-dependent caveats on the cryptographic quality of os.urandom(). We also made a strong claim that there's a direct connection between os.urandom() and /dev/urandom on "Unix-like system(s)".

We broke that particular promise in 3.5. and semi-fixed it 3.5.2.

Well, 3.5.2 hasn't happened yet.� So if you see it as still being
broken, please speak up now.

Why do you call it only "semi-fixed"?� As far as I understand it,
the semantics of os.urandom() in 3.5.2rc1 are indistinguishable from
reading from /dev/urandom directly, except it may not need to use a
file handle.

/arry