[Python-Dev] Hash collision security issue (now public) (original) (raw)
Antoine Pitrou solipsis at pitrou.net
Thu Jan 5 22:59:59 CET 2012
- Previous message: [Python-Dev] Hash collision security issue (now public)
- Next message: [Python-Dev] Hash collision security issue (now public)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, 05 Jan 2012 22:40:58 +0100 Christian Heimes <lists at cheimes.de> wrote:
Am 05.01.2012 21:45, schrieb Barry Warsaw: > This sounds like a reasonable compromise for all stable Python releases. It > can be turned on by default for Python 3.3. If you also make the default > setting easy to change (i.e. parameterized in one place), then distros can > make their own decision about the default, although I'd argue for the above > default approach for Debian/Ubuntu.
Hey Barry, stop stealing my ideas! :) I've argued for these default settings for days. ver delivery randomized hashing ========================================== 2.3 patch disabled by default 2.4 patch disabled 2.5 patch disabled 2.6 release disabled 2.7 release disabled 3.0 ignore? disabled 3.1 release disabled 3.2 release disabled 3.3 n/a yet enabled by default
I don't think we (python-dev) are really concerned with 2.3, 2.4, 2.5 and 3.0. They're all unsupported, and people do what they want with their local source trees.
Regards
Antoine.
- Previous message: [Python-Dev] Hash collision security issue (now public)
- Next message: [Python-Dev] Hash collision security issue (now public)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]