2017-01-21 0:14 GMT+01:00 Andrew Dalke <da...@dalkescientific.com>: > For this one bug, I agree with the interpretation that it was handled with a > cavalier attitude. I don't feel like it's being treated with the seriousness > it should.
The regression was introduced by http://bugs.python.org/issue27776 which was reviewed by Nick Coghlan. The discussion is about the lack of reviews. The patch was reviewed, but the review didn't spot the bug. The bug was reported at 2016-12-27, it was fixed and closed 2 days later by Benjamin Peterson: http://bugs.python.org/issue29085 The issue was fixed so fast that I didn't even noticed it. I only a few days later that I get notified indirectly, I don't recall how. Note: Benjamin didn't attach a patch to the issue nor waited for a review. What did we wrong for this specific issue, and how can we prevent similar failure next time? I don't understand why you are saying that I (I or we?) didn't handle the issue seriously. And can you please also elaborate why you consider that my attitude was cavalier on this issue? If you consider that the bug is serious enough, maybe we should schedule a quick 3.6.1 bugfix release? About testing, I wrote a minimum test for os.urandom() checking that calling os.urandom(16) twice produces two different random sequences. Lib/test/test_os.py: def test_urandom_value(self): data1 = os.urandom(16) self.assertIsInstance(data1, bytes) data2 = os.urandom(16) self.assertNotEqual(data1, data2) Note: the test was added by Georg Brandl in the issue #13703, but I wrote an initial patch adding the test. So it's not like I don't care of the quality of Python RNG ;-) Would such minimum test be enough to detect the weak RNG seed bug? I know well RNG issues. I spent a lot of time writing my own RNG library and studying RNG bugs in various libraries and languages. Bugs are common, it's hard to write tests to detect non trivial bugs on RNG. The question is how we can enhance Python on this point. Victor _______________________________________________ python-committers mailing list python-committers@python.org https://mail.python.org/mailman/listinfo/python-committers Code of Conduct: https://www.python.org/psf/codeofconduct/