On 06/23/2016 05:46 PM, Donald Stufft wrote:
On Jun 23, 2016, at 8:33 PM, Nick Coghlan wrote:
The argument chain runs:
- if such software doesn't exist, it doesn't matter which behaviour we choose
- if we're wrong and it does exist, we can choose how it fails:
- blocking (with associated potential for init system deadlock)
- throwing an exception
Given the choice between debugging an apparent system hang and an
unexpected exception when testing against a new version of a platform,
I'll choose the exception every time.
I think the biggest argument to blocking is that there really exist two sort of
situations that blocking can happen in:
* It blocks for a tiny amount (maybe <1s) and nobody ever notices and people
feel like things “just work”.
* It blocks for a long amount of time (possibly forever depending on where in
the boot sequence Python is being used) and it hangs for a long time (or
forever).
In the second case I think it’s pretty obvious that an exception is better than
hanging forever, but in the first case an exception might actually cause people
to go out of their way to do something bad to “stop the pain”. My personal
preference is waffling back and forth between them based on which of the two
above I feel are more likely to occur in practice.
Can we build in a small wait? As in, check every second for ten seconds
and if we still don't have entropy then raise?
--
~Ethan~
_______________________________________________
Security-SIG mailing list
Security-SIG@python.org
https://mail.python.org/mailman/listinfo/security-sig
