On 16 September 2015 at 14:12, Guido van Rossum
Security isn't served well by panicky over-reaction.
Proposing a change in 2015 that wouldn't be released to the public until early 2017 or so isn't exactly panicking. (And the thing that changed for me that prompted me to write the PEP was finally figuring out a remotely plausible migration plan to address the backwards compatibility concerns, rather than anything on the security side) As I wrote in the PEP, this kind of problem is a chronic one, not an acute one, where security engineers currently waste a *lot* of their (and other people's) time on remedial firefighting - a security audit (or a breach investigation) detects a vulnerability, high priority issues get filed with affected projects, nobody goes home happy. Accordingly, my proposal is aimed as much at eliminating the perennial "But *why* can't I use the random module for security sensitive tasks?" argument as it is at anything else. I'd like the answer to that question to eventually be "Sure, you can use the random module for security sensitive tasks, so let's talk about something more important, like why you're collecting and storing all this sensitive personally identifiable information in the first place". Regards, Nick. -- Nick Coghlan | ncoghlan@gmail.com | Brisbane, Australia