On 23/02/2016 02:27, Paul Rubin wrote:
Steven D'Aprano <st...@pearwood.info> writes:
https://www.python.org/dev/peps/pep-0506/
I didn't know about this! The discussion was all on mailing lists?
https://mail.python.org/pipermail/python-ideas/2015-September/036333.html then
http://www.gossamer-threads.com/lists/python/dev/1223780
A few things I suggest changing:
1) the default system RNG for Linux should be getrandom(2) on kernels
that support it (3.17 and later).
2) Some effort should be directed at simulating getrandom's behaviour
on kernels that don't have it, using the /dev/random entropy estimator
and the /dev/urandom interface. I.e. it should block if the system
hasn't seen enough entropy to get the CSPRNG started securely, and
never block after that.
3) The default token length should be long enough to not have to "change
in the future". If the user wants a shorter token, they ask for that,
or can truncate a longer one that they receive from the default.
There are a few other choices in the PEP whose benefit is unclear to me,
but they aren't harmful, and I guess the decisions have already been
made.
The PEP status is draft so is subject to change.
--
My fellow Pythonistas, ask not what our language can do for you, ask
what you can do for our language.
Mark Lawrence
--
https://mail.python.org/mailman/listinfo/python-list
