On Jun 16, 2016, at 07:34 AM, Donald Stufft wrote:
Well, I don’t think that for os.urandom someone using it for security is running “counter to it’s original intent”, given that in general urandom’s purpose is for cryptographic random. Someone *may* be using it for something other than that, but it’s pretty explicitly there for security sensitive applications.
Except that I disagree. I think os.urandom's original intent, as documented in Python 3.4, is to provide a thin layer over /dev/urandom, with all that implies, and with the documented quality caveats. I know as a Linux developer that if I need to know the details of that, I can `man urandom` and read the gory details. In Python 3.5, I can't do that any more.
Right. I personally often fall towards securing the *existing* APIs and adding new, insecure APIs that are obviously so in cases where we can reasonably do that.
Sure, and I personally fall on the side of maintaining stable, backward compatible APIs, adding new, better, more secure APIs to address deficiencies in real-world use cases. That's because when we break APIs, even with the best of intentions, it breaks people's code in ways and places that we can't predict, and which are very often very difficult to discover. I guess it all comes down to who's yelling at you. ;) Cheers, -Barry P.S. These discussions do not always end in despair. Witness PEP 493.