On Sep 15, 2015 7:23 PM, "Stephen J. Turnbull"
A pseudo-randomly selected recent quote:
It would never occur to me to reach for the random module if I want to do cryptography.
That doesn't mean that security has to be #1 always and everywhere in designing Python, but I find it pretty distressing that apparently a lot of people either don't understand or don't care about what's at stake in these kinds of decisions *for the rest of the world*. The reality is that security that is not on by default is not secure. Any break in a dike can flood a whole town.
This feels somewhere between disingenuous and dishonest. Just like I don't use the random module for cryptography, I also don't use the socket module or the threading module for cryptography. Could a program dealing with sockets have security issues?! Very likely! Could a multithreaded one expose vulnerabilities? Certainly! Should we try to "secure" these modules for users who don't need to our don't know to think about security? Absolutely not!