[Python-Dev] plugging the hash attack (original) (raw)
Gregory P. Smith greg at krypto.org
Sun Jan 29 22:26:06 CET 2012
- Previous message: [Python-Dev] plugging the hash attack
- Next message: [Python-Dev] plugging the hash attack
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, Jan 27, 2012 at 6:33 PM, Benjamin Peterson <benjamin at python.org> wrote:
2012/1/27 Steven D'Aprano <steve at pearwood.info>:
Benjamin Peterson wrote:
Hello everyone, In effort to get a fix out before Perl 6 goes mainstream, Barry and I have decided to pronounce on what we want for our stable releases. What we have decided is that 1. Simple hash randomization is the way to go. We think this has the best chance of actually fixing the problem while being fairly straightforward such that we're comfortable putting it in a stable release. 2. It will be off by default in stable releases and enabled by an envar at runtime. This will prevent code breakage from dictionary order changing as well as people depending on the hash stability. Do you have the expectation that it will become on by default in some future release? Yes, 3.3. The solution in 3.3 could even be one of the more sophisticated proposals we have today.
Yay! Thanks for the decision Release Managers!
-gps
- Previous message: [Python-Dev] plugging the hash attack
- Next message: [Python-Dev] plugging the hash attack
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]