[issue37596] Reproducible pyc: frozenset is not serialized in a deterministic order
Raymond Hettinger
report at bugs.python.org
Tue May 25 23:47:49 EDT 2021
Raymond Hettinger <raymond.hettinger at gmail.com> added the comment:
Is it possible to defer hash randomization until after pycs are generated? The underlying problem here is an intentional scrambling of data. If determinism is what is desired then deferring that action addresses the action cause of non-determinism rather than a downstream manifestation.
Scrambling hashes provides a somewhat limited (and bypassable) security value. What it protects against is maliciously chosen user keys. That can only occur after modules are loaded. The risk isn't intrinsic to the module itself.
Really, I don't think we should be rewriting sets to achieve this very limited goal that benefits very few users. That seems like the tail wagging the dog.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue37596>
_______________________________________
More information about the Python-bugs-list
mailing list