Yes 'secrets' is one-liners. However, it might grow a few more lines around the blocking in getrandom() on Linux. But still, not more than a few.
But the reason it should be on PyPI is so that programs can have a uniform API across various Python versions. There's no real reason that someone stick on Python 2.7 or 3.3 shouldn't be able to include the future-style: import secrets Answer = secrets.token_bytes(42) On Jun 16, 2016 4:53 PM, "Nick Coghlan" <ncogh...@gmail.com> wrote: > On 16 June 2016 at 13:09, Barry Warsaw <ba...@python.org> wrote: > > On Jun 16, 2016, at 01:01 PM, David Mertz wrote: > > > >>It seems to me that backporting 'secrets' and putting it on Warehouse > would > >>be a lot more productive than complaining about 3.5.2 reverting to > (almost) > >>the behavior of 2.3-3.4. > > > > Very wise suggestion indeed. We have all kinds of stdlib modules > backported > > and released as third party packages. Why not secrets too? If such > were on > > PyPI, I'd happily package it up for the Debian ecosystem. Problem solved > > <wink>. > > The secrets module is just a collection of one liners pulling together > other stdlib components that have been around for years - the main > problem it aims to address is one of discoverability (rather than one > of code complexity), while also eliminating the "simulation is in the > standard library, secrecy requires a third party module" discrepancy > in the long term. > > Once you're aware the problem exists, the easiest way to use it in a > version independent manner is to just copy the relevant snippet into > your own project's utility library - adding an entire new dependency > to your project just for those utility functions would be overkill. > > If you *do* add a dependency, you'd typically be better off with > something more comprehensive and tailored to the particular problem > domain you're dealing with, like passlib or cryptography or > itsdangerous. > > Cheers, > Nick. > > P.S. Having the secrets module available on PyPI wouldn't *hurt*, I > just don't think it would help much. > > -- > Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia > _______________________________________________ > Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > https://mail.python.org/mailman/options/python-dev/mertz%40gnosis.cx >
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
