On Tue, Feb 25, 2014 at 5:22 PM, Barry Warsaw <barry at python.org> wrote: > On Feb 25, 2014, at 03:03 PM, Maciej Fijalkowski wrote: > >>Oh, I thought security fixes go to all python releases. > > Well, not the EOL'd ones of course. yes of course sorry. > > Where's the analysis on backporting SIPHash to older Python versions? Would > such a backport break backward compatibility? What other impacts would > backporting have? Would it break pickles, marshals, or other serialization > protocols? Are there performance penalties? > > While security should be a top priority, it isn't the only consideration in > such cases. A *lot* of discussion went into how to effect the hash > randomization in Python 2.7, because of questions like these. The same > analysis would have to be done for backporting this change to active older > Python versions. My impression is that a lot of discussion went into hash randomization, because it was a high profile issue. It got "fixed", then later someone discovered that the fix is completely broken and was left at that without much discussion because it's no longer "high visibility". I would really *like* to perceive this process as a lot of discussion going into because of ramification of changes. Cheers, fijal
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4