[Python-Dev] Status of the fix for the hash collision vulnerability (original) (raw)

Gregory P. Smith greg at krypto.org
Wed Jan 18 07:06:33 CET 2012

• Previous message: [Python-Dev] Status of the fix for the hash collision vulnerability
• Next message: [Python-Dev] Status of the fix for the hash collision vulnerability
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jan 17, 2012 at 12:52 PM, "Martin v. Löwis" <martin at v.loewis.de>wrote:

> I plan to commit my fix to Python 3.3 if it is accepted. Then write a > simplified version to Python 3.2 and backport it to 3.1.

I'm opposed to any change to the hash values of strings in maintenance releases, so I guess I'm opposed to your patch in principle.

Please at least consider his patch for 3.3 onwards then. Changing the hash seed per interpreter instance / process is the right thing to do going forward.

What to do on maintenance releases is a separate discussion.

-gps -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20120117/6ee96235/attachment.html>

• Previous message: [Python-Dev] Status of the fix for the hash collision vulnerability
• Next message: [Python-Dev] Status of the fix for the hash collision vulnerability
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list