2016-06-23 14:48 GMT+02:00 Barry Warsaw <[email protected]>: > Once Python 3.6 is widely available, and/or secrets is backported and > available on PyPI, why would you ever do that rather than just get the best > source of randomness out of the secrets module?
Once we modified Python 3.6 to handle correctly "the bug" and we consider that the implementation is tested enough, I suggest to backport it to Python 2.7 as well. Moreover, I would also suggest to backport the change to Python 3.5, I would be sad if Python 2 is more secure than the latest Python 3 release :-) Victor _______________________________________________ Security-SIG mailing list [email protected] https://mail.python.org/mailman/listinfo/security-sig
