[Python-Dev] Our responsibilities (was Re: BDFL ruling request: should we block forever waiting for high-quality random bits?) (original) (raw)

Barry Warsaw barry at python.org
Thu Jun 16 08:24:33 EDT 2016

On Jun 16, 2016, at 07:34 AM, Donald Stufft wrote:

Well, I don’t think that for os.urandom someone using it for security is running “counter to it’s original intent”, given that in general urandom’s purpose is for cryptographic random. Someone may be using it for something other than that, but it’s pretty explicitly there for security sensitive applications.

Except that I disagree. I think os.urandom's original intent, as documented in Python 3.4, is to provide a thin layer over /dev/urandom, with all that implies, and with the documented quality caveats. I know as a Linux developer that if I need to know the details of that, I can man urandom and read the gory details. In Python 3.5, I can't do that any more.

Right. I personally often fall towards securing the existing APIs and adding new, insecure APIs that are obviously so in cases where we can reasonably do that.

Sure, and I personally fall on the side of maintaining stable, backward compatible APIs, adding new, better, more secure APIs to address deficiencies in real-world use cases. That's because when we break APIs, even with the best of intentions, it breaks people's code in ways and places that we can't predict, and which are very often very difficult to discover.

I guess it all comes down to who's yelling at you. ;)

Cheers, -Barry

P.S. These discussions do not always end in despair. Witness PEP 493. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: <http://mail.python.org/pipermail/python-dev/attachments/20160616/bd5a175a/attachment.sig>

More information about the Python-Dev mailing list