[issue37218] Default hmac.new() digestmod has not been removed from documentation

2020-05-28 Thread Cheryl Sabella 


Cheryl Sabella  added the comment:

The wording for this was fixed with the PR for #33604.

--
nosy: +cheryl.sabella
resolution:  -> duplicate
stage: patch review -> resolved
status: open -> closed
superseder:  -> HMAC default to MD5 marked as to be removed in 3.6

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue37218] Default hmac.new() digestmod has not been removed from documentation

2019-12-18 Thread Gregory P. Smith 


Change by Gregory P. Smith :


--
nosy: +christian.heimes

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue37218] Default hmac.new() digestmod has not been removed from documentation

2019-11-26 Thread Leandro Lima 


Leandro Lima  added the comment:

In my view, this function signature changed too silently. Even using static 
type checkers, I could only find about this compatibility breaking change when 
actually running the code.

If I understand well the reason it was done this way, digestmod needed to 
become a mandatory argument, but this couldn't be done without changing the 
order between msg and digestmod in the function's signature.

In my view, the two other ways this could be solved were:
1. hmac.new(key: Union[bytes, bytearray],
digestmod: str,
msg: Union[bytes, bytearray, None] = None)
2. hmac.new(key: Union[bytes, bytearray],
*,
digestmod: str,
msg: Union[bytes, bytearray] = None)

If the signature of the function changed to reflect digestmod becoming 
mandatory, then static code checkers could catch a misuse of the function.

Now, suppose that we're dealing with someone that doesn't use static code 
analysis and a legacy signature used in some code:

hmac.new(b"key", b"msg")

- In option (1), we'd be passing b"msg" as the digestmod argument when the 
original intention was to pass it as the msg argument. But since both have 
disjoint expected types, this mistake would be rejected because passing the 
wrong type would lead to a TypeError
- In option (2) we'd be making clear that from now on, both msg and digestmod 
would only be specifiable as keyword arguments and an inadvertent use of the 
old signature would also lead to a TypeError.

Given that it seems a rather safe signature change (that is: there's no chance 
someone would be able to use the old signature with the new definition) and 
that actually changing the signature would allow for static code analysis tools 
to actually catch the error without needing to run the code, I think that we 
should consider further changing this function and making sure that the change 
doesn't go so easily unnoticed like today.

--
nosy: +Leandro Lima

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue37218] Default hmac.new() digestmod has not been removed from documentation

2019-06-10 Thread Alex Willmer 


Change by Alex Willmer :


--
keywords: +patch
pull_requests: +13814
stage:  -> patch review
pull_request: https://github.com/python/cpython/pull/13947

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue37218] Default hmac.new() digestmod has not been removed from documentation

2019-06-10 Thread Alex Willmer 


Alex Willmer  added the comment:

Scratch the part about documented signature, it's still `hmac.new(... 
digestmod=None)`, the check happens in the body of the function

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue37218] Default hmac.new() digestmod has not been removed from documentation

2019-06-10 Thread Alex Willmer 


New submission from Alex Willmer :

Until Python 3.8 hmc.new() defaulted the digestmod argument to 'hmac-md5'. This 
was deperecated, to be removed in Python 3.8. In Python 3.8.0b1 it is gone, e.g.

Python 3.8.0b1 (default, Jun  6 2019, 03:44:52) 
[GCC 7.4.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import hmac
>>> hmac.new(b'qwertyuiop').name
Traceback (most recent call last):
  File "", line 1, in 
  File "/usr/lib/python3.8/hmac.py", line 146, in new
return HMAC(key, msg, digestmod)
  File "/usr/lib/python3.8/hmac.py", line 49, in __init__
raise ValueError('`digestmod` is required.')
ValueError: `digestmod` is required.

but the deprecation note, and the documented signature haven't been updated.

PR incoming

--
assignee: docs@python
components: Documentation
messages: 345144
nosy: Alex.Willmer, docs@python
priority: normal
severity: normal
status: open
title: Default hmac.new() digestmod has not been removed from documentation
versions: Python 3.8, Python 3.9

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com