On 01/20/2017 04:03 PM, Victor Stinner wrote:
2017-01-21 0:14 GMT+01:00 Andrew Dalke dalke@dalkescientific.com:
For this one bug, I agree with the interpretation that it was handled with a cavalier attitude. I don't feel like it's being treated with the seriousness it should.
I don't understand why you are saying that I (I or we?) didn't handle the issue seriously. And can you please also elaborate why you consider that my attitude was cavalier on this issue?
Victor, an excerpt from your original email:
I introduced a regression in random.Random.seed(): a typo in the C code has the consequence that the current time and process identifier is used, instead of os.urandom(16), to initialize the Mersenne Twister RNG.
IMHO the regression is not "catastrophic". Only few developers instanciate random.Random themself, random.Random must not be used for security, etc. I let others decide if this bug was catastrophic or not.
Going by the last paragraph it doesn't seem that the bug is a big deal to you, that you believe very few people even use random.Random and so very few people will get bitten by it. Andrew has given an example where it can be a very big deal (retracted scientific papers, loss of hundreds of hours of work, etc.), and can definitely fall in the catastrophic category.
-- ~Ethan~