I've just spotted this email from Guido, sorry about the delay in responding.
Further comments below.
On Thu, Jan 14, 2016 at 10:47:09AM -0800, Guido van Rossum wrote:
I think the discussion petered out and nobody asked me to approve it yet (or I lost track of it). I'm almost happy to approve it in the current state. My only quibble is with some naming -- I'm not sure that a super-generic name like 'equal' is better than the original ('compare_digest'),
and I would have picked a different name for token_url -- probably token_urlsafe. But maybe Steven can convince me that the names currently in the PEP are better.
(I also don't like the wishy-washy position of the PEP on the actual specs of the proposed functions. But I'm fine with the actual implementation shown as the spec.)
I'm not really sure what you want me to do to improve that. Can you be more concrete about what you would like the PEP to say?
I haven't updated the PEP yet, but the newest version of the secrets module with the changes requested is here: