[issue13703] Hash collision security issue
Mark Shannon
report at bugs.python.org
Sun Jan 29 23:50:20 CET 2012
Mark Shannon <mark at hotpy.org> added the comment:
Barry A. Warsaw wrote:
> Barry A. Warsaw <barry at python.org> added the comment:
>
> On Jan 28, 2012, at 07:26 PM, Dave Malcolm wrote:
>
>> This turns out to pass without PYTHONHASHRANDOMIZATION in the
>> environment, and fail intermittently with it.
>>
>> Note that "make test" invokes the built python with "-E", so that it
>> ignores the setting of PYTHONHASHRANDOMIZATION in the environment.
>>
>> Barry, Benjamin: does fixing this bug require getting the full test
>> suite to pass with randomization enabled (and fixing the intermittent
>> failures due to ordering issues), or is it acceptable to "merely" have
>> full passes without randomizing the hashes?
>
> I think we at least need to identify (to the best of our ability) the tests
> that fail and include them in release notes. If they're easy to fix, we
> should fix them. Maybe also open a bug report for each failure.
http://bugs.python.org/issue13903 causes even more tests to fail,
so I'm submitting bug reports for most of the failing tests already.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13703>
_______________________________________
More information about the Python-bugs-list
mailing list