David Malcolm wrote:
> When backporting the fix to ancient python versions, I'm inclined to
> turn the change *off* by default, requiring the change to be enabled via
> an environment variable: I want to avoid breaking existing code, even if
> such code is technically relying on non-guaranteed behavior. But we
> could potentially tweak mod_python/mod_wsgi so that it defaults to *on*.
> That way /usr/bin/python would default to the old behavior, but web apps
> would have some protection. Any such logic here also suggests the need
> for an attribute in the sys module so that you can verify the behavior.
Surely the way to verify the behaviour is to run this from the shell:
python -c print(hash("abcde"))
twice, and see that the calls return different values. (Or have I
misunderstood the way the fix is going to work?)
In any case, I wouldn't want to rely on the presence of a flag in the sys
module to verify the behaviour, I'd want to see for myself that hash
collisions are no longer predictable.
--
Steven
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4