[Python-Dev] plugging the hash attack (original) (raw)
martin at v.loewis.de martin at v.loewis.de
Sat Jan 28 02:49:26 CET 2012
- Previous message: [Python-Dev] plugging the hash attack
- Next message: [Python-Dev] plugging the hash attack
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
1. Simple hash randomization is the way to go. We think this has the best chance of actually fixing the problem while being fairly straightforward such that we're comfortable putting it in a stable release. 2. It will be off by default in stable releases and enabled by an envar at runtime. This will prevent code breakage from dictionary order changing as well as people depending on the hash stability.
I think this is a good compromise given the widely varying assessments of the issue.
Regards, Martin
- Previous message: [Python-Dev] plugging the hash attack
- Next message: [Python-Dev] plugging the hash attack
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]