John Rouillard <rouilj+...@cs.umb.edu> added the comment: Hello Berker:
In message <1510376704.3.0.213398074469.issue...@psf.upfronthosting.co.za>, Berker Peksag writes: >Thank you for your quick response and for your detailed analysis, John. > >I will attach a patch to implement your suggestions. > >> My thought was that the random function wasn't so random. The new 1.5.1+ >> (what will be 1.6) roundup uses more random data than 1.4.20. Addition >> of nonces to protect against csrf etc. consumes random data. > >Should I open an upstream issue to document this at > http://roundup.sourceforge.net/docs/upgrading.html ? Can you try my patch with and without the random.seed() call and see if it makes a difference on bugs.python.org. If the patch without random.seed() works then there is something different happening on the b.p.o tracker and my test tracker. As I said the code I got from your tracker wouldn't run at all in my installation (context was always None, _klass wasn't a valid property etc.). Given that I had to do surgery to even make it not crash I wonder if there is something else in the code base that I am missing. How the b.p.o tracker executed? I run roundup as a stand alone daemon with a web server front end proxying to the roundup instance. How is b.p.o configured? CGI, stand alone daemon, wsgi, mod_python, zope? I wonder if that makes a difference. _______________________________________________________ PSF Meta Tracker <metatrac...@psf.upfronthosting.co.za> <http://psf.upfronthosting.co.za/roundup/meta/issue644> _______________________________________________________ _______________________________________________ Tracker-discuss mailing list Tracker-discuss@python.org https://mail.python.org/mailman/listinfo/tracker-discuss Code of Conduct: https://www.python.org/psf/codeofconduct/
