On Sun, 13 Jan 2013 23:49:32 +1000 Nick Coghlan <ncogh...@gmail.com> wrote: > > > (it's not even just a security issue: letting a bound socket open and > > therefore being unable to re-use the same port is a bug even when > > security is not a concern) > > Agreed, but it's the security implications that let us even > contemplate the backwards compatibility break. We either let > inexperienced users continue to write insecure software by default, or > we close the loophole and tell experienced users "hey, to upgrade to > Python 3.4, you will need to address this change in behaviour". > > The nice thing is that with enough advance warning, they should be > able to update their code to forcibly clear the flag in a way that > works even on earlier Python versions. > > A more conservative approach, based on the steps taken in introducing > hash randomisation, would be to expose the setting as an environment > variable in 3.4, and then switch the default behaviour in 3.5.
The "more conservative approach" sounds good to me :-) Regards Antoine. _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
