On Tue, Mar 13, 2012 at 12:58:13PM +0100, Paolo Donadeo wrote:
In my humble opinion, here we have two different vision of what
computer programming is, or should be. Your statement maybe it's
better to assume that the programmer will not be aware of attacks may
be true for the average Java
Hi,
Basically I like the idea of teaching users this way. The typical user
will understand the impact, and act accordingly. Nevertheless, I would
like it if it would be made as easy as possible to provide good seeds if
required. The Random module is definitely not good enough (e.g. if you
Dario Teixeira wrote:
Hi,
Basically I like the idea of teaching users this way. The typical
user
will understand the impact, and act accordingly. Nevertheless, I would
like it if it would be made as easy as possible to provide good seeds
if required. The Random module is definitely
On 03/13/2012 07:27 PM, David Allsopp wrote:
+1. Surely in projects where repeatability is important, the change in
behaviour to randomly seeded tables would be quickly noticed
The problem is that the randomization might go unnoticed if the
high-level outputs of the program does not depend
On 03/10/2012 08:31 AM, Richard W.M. Jones wrote:
Rather than changing every app that uses Hashtbl, I'd prefer to fix
this upstream by choosing a random seed for hash tables unless the
caller explicitly sets one or sets an environment variable to disable
this.
In Perl, the seed is a random
On Tue, Feb 07, 2012 at 08:34:12AM +, Richard W.M. Jones wrote:
On Mon, Feb 06, 2012 at 06:10:15PM -0700, Kurt Seifried wrote:
On 02/06/2012 06:05 PM, Kurt Seifried wrote:
So going through various things looks like Ocaml is vulnerable and
has
not had a CVE # assigned for this issue
On Tue, Feb 07, 2012 at 08:34:12AM +, Richard W.M. Jones wrote:
On Mon, Feb 06, 2012 at 06:10:15PM -0700, Kurt Seifried wrote:
On 02/06/2012 06:05 PM, Kurt Seifried wrote:
So going through various things looks like Ocaml is vulnerable and has
not had a CVE # assigned for this issue
On Mon, Feb 06, 2012 at 06:10:15PM -0700, Kurt Seifried wrote:
On 02/06/2012 06:05 PM, Kurt Seifried wrote:
So going through various things looks like Ocaml is vulnerable and has
not had a CVE # assigned for this issue yet.
Discussion of the issue takes place on the mailing list, here is
