[issue22807] uuid.uuid1() should use uuid_generate_time_safe() if available

2018-09-10 Thread Tal Einat
Tal Einat added the comment: The fix for issue30977 did fix the unpickling in older versions. It was only applied to the master (i.e. 3.8) branch, though. I've created issue34621 to deal with this separately. -- ___ Python tracker

[issue22807] uuid.uuid1() should use uuid_generate_time_safe() if available

2018-09-08 Thread Serhiy Storchaka
Serhiy Storchaka added the comment: This breaks pickle compatibility. UUIDs pickled in 3.7 can't be unpickled in older Python versions because they do not have the SafeUUID class. See issue30977 for possible solution. -- nosy: +serhiy.storchaka, taleinat

[issue22807] uuid.uuid1() should use uuid_generate_time_safe() if available

2017-03-31 Thread Donald Stufft
Changes by Donald Stufft : -- pull_requests: +1010 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail

[issue22807] uuid.uuid1() should use uuid_generate_time_safe() if available

2017-03-17 Thread Larry Hastings
Changes by Larry Hastings : -- pull_requests: +606 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail

[issue22807] uuid.uuid1() should use uuid_generate_time_safe() if available

2017-02-20 Thread Barry A. Warsaw
Barry A. Warsaw added the comment: On Feb 20, 2017, at 03:45 PM, STINNER Victor wrote: >Can't we consider that UUID4 is always safe? It's not a guarantee made by the underlying platform, so I chose to use the default SafeUUID.unknown value there. -- ___

[issue22807] uuid.uuid1() should use uuid_generate_time_safe() if available

2017-02-20 Thread STINNER Victor
STINNER Victor added the comment: >>> import uuid >>> u=uuid.uuid4() >>> u.is_safe Can't we consider that UUID4 is always safe? -- ___ Python tracker ___ __

[issue22807] uuid.uuid1() should use uuid_generate_time_safe() if available

2017-02-20 Thread Barry A. Warsaw
Barry A. Warsaw added the comment: Oh, and because the fix is an API change, I don't believe it should be applied to earlier versions. So I think adding the API in 3.7 is all the fix needed here. -- ___ Python tracker

[issue22807] uuid.uuid1() should use uuid_generate_time_safe() if available

2017-02-20 Thread Barry A. Warsaw
Changes by Barry A. Warsaw : -- resolution: -> fixed status: open -> closed ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue22807] uuid.uuid1() should use uuid_generate_time_safe() if available

2017-02-20 Thread Barry A. Warsaw
Changes by Barry A. Warsaw : -- keywords: -security_issue ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http

[issue22807] uuid.uuid1() should use uuid_generate_time_safe() if available

2017-02-20 Thread Barry A. Warsaw
Barry A. Warsaw added the comment: On Feb 20, 2017, at 02:21 PM, STINNER Victor wrote: >What am I supposed to do with an UUID with safe=False? Should I loop on the >function until I get safe==True? It would be an application dependent response. It might be that you would check some other attri

[issue22807] uuid.uuid1() should use uuid_generate_time_safe() if available

2017-02-20 Thread STINNER Victor
STINNER Victor added the comment: I don't understand well this change. What am I supposed to do with an UUID with safe=False? Should I loop on the function until I get safe==True? "safe for multiprocessing applications" Does it mean unique on the whole system? I looked at uuid_generate_time

[issue22807] uuid.uuid1() should use uuid_generate_time_safe() if available

2017-02-19 Thread Barry A. Warsaw
Changes by Barry A. Warsaw : -- stage: -> resolved status: open -> closed ___ Python tracker ___ ___ Python-bugs-list mailing list Un

[issue22807] uuid.uuid1() should use uuid_generate_time_safe() if available

2017-02-19 Thread Barry A. Warsaw
Changes by Barry A. Warsaw : -- resolution: -> fixed ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://m

[issue22807] uuid.uuid1() should use uuid_generate_time_safe() if available

2017-02-18 Thread Barry A. Warsaw
Barry A. Warsaw added the comment: New changeset 8c130d7f8114158f5b94749032ec0c17dba96f83 by GitHub in branch 'master': bpo-22807: Expose platform UUID generation safety information. (#138) https://github.com/python/cpython/commit/8c130d7f8114158f5b94749032ec0c17dba96f83 -- _

[issue22807] uuid.uuid1() should use uuid_generate_time_safe() if available

2017-02-16 Thread Barry A. Warsaw
Changes by Barry A. Warsaw : -- pull_requests: +98 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail

[issue22807] uuid.uuid1() should use uuid_generate_time_safe() if available

2017-02-16 Thread Barry A. Warsaw
Barry A. Warsaw added the comment: I changed my mind on whether this should affect older versions of Python. I have a branch which adds an UUID.is_safe attribute that relays the platform information about whether the UUID was generated safely or not, if available. It's an enum named SafeUUID

[issue22807] uuid.uuid1() should use uuid_generate_time_safe() if available

2017-02-15 Thread Barry A. Warsaw
Changes by Barry A. Warsaw : -- assignee: -> barry ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mai

[issue22807] uuid.uuid1() should use uuid_generate_time_safe() if available

2017-02-11 Thread Barry A. Warsaw
Changes by Barry A. Warsaw : -- versions: +Python 3.3, Python 3.6, Python 3.7 ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue22807] uuid.uuid1() should use uuid_generate_time_safe() if available

2014-11-07 Thread vila
Changes by vila : -- nosy: +vila ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailma

[issue22807] uuid.uuid1() should use uuid_generate_time_safe() if available

2014-11-06 Thread Antoine Pitrou
Changes by Antoine Pitrou : -- nosy: +haypo ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python

[issue22807] uuid.uuid1() should use uuid_generate_time_safe() if available

2014-11-06 Thread Barry A. Warsaw
Barry A. Warsaw added the comment: On Nov 06, 2014, at 08:10 PM, Alex Gaynor wrote: >FWIW, I'm not convinced the pure python fallback code is sufficient either; >time.time() doesn't have the necessary resolution AFAIK? Also clock_seq is >generated using the random module's messerne twister, not

[issue22807] uuid.uuid1() should use uuid_generate_time_safe() if available

2014-11-06 Thread Alex Gaynor
Alex Gaynor added the comment: FWIW, I'm not convinced the pure python fallback code is sufficient either; time.time() doesn't have the necessary resolution AFAIK? Also clock_seq is generated using the random module's messerne twister, not SystemRandom(). -- nosy: +alex __

[issue22807] uuid.uuid1() should use uuid_generate_time_safe() if available

2014-11-06 Thread Barry A. Warsaw
New submission from Barry A. Warsaw: I'm classifying this as a security issue, since using uuid_generate_time() -- i.e. the not _safe() variety -- does return collisions in real world cases that we've seen, and those could have security implications. However, I don't know that this can be expl