Message267699
| Author | Colm Buckley |
|---|---|
| Recipients | Colm Buckley, Lukasa, alex, christian.heimes, doko, dstufft, larry, lemburg, martin.panter, matejcik, ned.deily, python-dev, rhettinger, skrah, thomas-petazzoni, vstinner, ztane |
| Date | 2016-06-07.16:04:21 |
| SpamBayes Score | -1.0 |
| Marked as misclassified | Yes |
| Message-id | <1465315461.98.0.174674237919.issue26839@psf.upfronthosting.co.za> |
| In-reply-to |
| Content | |
|---|---|
Donald - To be clear - no import of random or of hashlib is required to trigger this issue. The null script alone triggers the issue; the Python hash secret is initialized at startup regardless of script contents. Yes, there is a race condition at system boot which we can probably resolve with userspace manipulations. I still feel that having Python hang indefinitely under certain circumstances, even when the application does not require any entropy, is a violation of the principle of least surprise. At the very least, there should be a command-line flag to disable "secure" initialization of the hash secret. |
|
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2016-06-07 16:04:22 | Colm Buckley | set | recipients: + Colm Buckley, lemburg, rhettinger, doko, vstinner, larry, christian.heimes, matejcik, ned.deily, alex, skrah, python-dev, martin.panter, ztane, dstufft, Lukasa, thomas-petazzoni |
| 2016-06-07 16:04:21 | Colm Buckley | set | messageid: <1465315461.98.0.174674237919.issue26839@psf.upfronthosting.co.za> |
| 2016-06-07 16:04:21 | Colm Buckley | link | issue26839 messages |
| 2016-06-07 16:04:21 | Colm Buckley | create | |