2016-06-24 16:01 GMT+02:00 Barry Warsaw <[email protected]>: > One thing I think such an informational PEP must require is a rationale as to > why the issue is being classified as a security bug, a backporting rationale > and plan, and a "Backwards Compatibility Impact Assessment", which I'm very > glad to see in PEP 522.
Sorry, I didn't have time yet to think about Python 2.7 and Python 3.5. But it looks like my PEP (make os.urandom() blocking) and Nick's PEP 522 (os.urandom() can raises BlockingIOError) introduce a backward incompatible change. Applications which worked well on Python 3.5 may block/fail with these changes. I'm not sure that it's worth it to enhance Python 2.7 or 3.5. IMO discussed changes make Python more secure, but they don't really fix a critical vulnerability. I don't think that it's a security vulnerability. I prefer to qualify it as an enhancement, security "hardening" if you pefer. Victor _______________________________________________ Security-SIG mailing list [email protected] https://mail.python.org/mailman/listinfo/security-sig
