[Python-Dev] Counting collisions for the win (original) (raw)

Tres Seaver tseaver at palladion.com
Fri Jan 20 20:36:56 CET 2012

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

On 01/20/2012 02:04 PM, Donald Stufft wrote:

Even if a MemoryException is raised I believe that is still a fundamental change in the documented contract of dictionary API.

How so? Dictionary inserts can already raise that error.

I don't believe there is a way to fix this without breaking someones application. The major differences I see between the two solutions is that counting will break people's applications who are otherwise following the documented api contract of dictionaries,

Do you have a case in mind where legitimate user data (not crafted as part of a DoS attack) would trip the 1000-collision limit? How likely is it that such cases exist in already-deployed applications, compared to the known breakage in existing applications due to hash randomization?

and randomization will break people's applications who are violating the documented api contract of dictionaries.

Personally I feel that the lesser of two evils is to reward those who followed the documentation, and not reward those who didn't.

Except that I think your set is purely hypothetical, while the second set is lots of deployed applications.

Tres. - --

Tres Seaver +1 540-429-0999 tseaver at palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8ZwlgACgkQ+gerLs4ltQ4KOACglAHDgn5wUb+cye99JbeW0rZo 5oAAn2ja7K4moFLN/aD4ZP7m+8WnwhcA =u7Mt -----END PGP SIGNATURE-----

More information about the Python-Dev mailing list