On Thu, Jan 12, 2012 at 12:54 AM, Antoine Pitrou solip...@pitrou.net wrote:
On Wed, 11 Jan 2012 12:25:46 +1000
Nick Coghlan ncogh...@gmail.com wrote:
If it's the latter... could we change it for 3.3, or is that too
significant a breach of backwards compatibility?
I think we could change it.
Many people proposed their own idea to fix the vulnerability, but only
3 wrote a patch:
- Glenn Linderman proposes to fix the vulnerability by adding a new
safe dict type (only accepting string keys). His proof-of-concept
(SafeDict.py) uses a secret of 64 random bits and uses it to compute
the
Hm... I started out as a big fan of the randomized hash, but thinking more
about it, I actually believe that the chances of some legitimate app having
1000 collisions are way smaller than the chances that somebody's code will
break due to the variable hashing. In fact we know for a fact that the
On Wed, Jan 11, 2012 at 7:01 PM, Mike Meyer m...@mired.org wrote:
On Wed, 4 Jan 2012 00:07:27 -0500
PJ Eby p...@telecommunity.com wrote:
On Tue, Jan 3, 2012 at 7:40 PM, Mike Meyer m...@mired.org wrote:
For
instance, combining STM with explicit locking would allow explicit
locking