On 23 June 2016 at 14:27, Victor Stinner <victor.stinner@gmail.com> wrote:
Raise BlockingIOError in os.urandom() -------------------------------------
This idea was proposed as a compromise to let developers decide themself how to handle the case:
* catch the exception and uses another weaker entropy source: read ``/dev/urandom`` on Linux, the Python ``random`` module (which is not secure at all), time, process identifier, etc. * don't catch the error, the whole program fails with this fatal exception
First of all, no user complained yet that ``os.urandom()`` blocks. This point is currently theorical. The Python issues #25420 and #26839 were restricted to the Python startup: users complained that Python was blocked at startup.
Even if reading /dev/urandom block on OpenBSD, FreeBSD, Mac OS X, etc. until urandom is initialized, no user complained yet because Python is not used in the process initializing the system and /dev/urandom is quickly initialized. It looks like only Linux users hit the problem on virtual machines or embedded devices, and only in some short Python scripts used to initialize the the system. Again, ``os.urandom()`` is not used in such script (at least, not yet).
As `Leave os.urandom() unchanged, add os.getrandom()`_, the problem is that it makes the API more complex and so more error-prone.
I have to admit, this is a pretty solid argument, especially if you supplement it with Donald's point that affected scripts and applications will likely split into "doesn't even notice that implicit delay" and "hangs the world after switching to Python 3.6, but the developer/integrator sees 'calling os.urandom() may hang the world on Linux system boot' in the Python 3.6 porting notes". I'll still keep iterating on PEP 522, but I'm to the point of being +0 on this approach if Guido decides he prefers it :) Cheers, Nick. P.S. DevNation/Red Hat Summit are on next week, so I'll try to get one more version of PEP 522 done before I leave, but will likely be busy for most of that time. -- Nick Coghlan | ncoghlan@gmail.com | Brisbane, Australia