Larry Hastings added the comment: > PSRT VETO!
This is an amusing concept, but membership in the PSRT does not empower you with a "veto". On the other hand, being Release Manager does give me some say here. > You wouldn't add a workaround for broken CPU instructions to math.c or > semi-functional network card to socket.c, would you? Well, yes, of course we would, if we had to. Consider the F00F bug. Happily the operating systems handled that one for us. It is unreasonable for Python startup to take 90 seconds, poorly-configured cloud virtual machine or otherwise. And there are many, many uses of the random module and hashlib that don't require CPRNG. On the other hand, people who need cryptographic-strength random bits should be able to get them. And the documentation literally does state that os.urandom() is a source of cryptographically-suitable random bytes. ISTM that the happy middle ground would be: * seed the random module with non-cryptographically-secure random bits * lazily seed hashlib Am I missing something, besides the anxiety of making this sort of change four days before I tag 3.5.2 RC2? ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue26839> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
