2016-06-23 14:48 GMT+02:00 Barry Warsaw <ba...@python.org>: > Once Python 3.6 is widely available, and/or secrets is backported and > available on PyPI, why would you ever do that rather than just get the best > source of randomness out of the secrets module?
Once we modified Python 3.6 to handle correctly "the bug" and we consider that the implementation is tested enough, I suggest to backport it to Python 2.7 as well. Moreover, I would also suggest to backport the change to Python 3.5, I would be sad if Python 2 is more secure than the latest Python 3 release :-) Victor _______________________________________________ Security-SIG mailing list Security-SIG@python.org https://mail.python.org/mailman/listinfo/security-sig
