[Python-Dev] Status of the fix for the hash collision vulnerability
tjreedy at udel.edu
Sat Jan 14 06:43:04 CET 2012
On 1/13/2012 8:58 PM, Gregory P. Smith wrote:
> It is perfectly okay to break existing users who had anything depending
> on ordering of internal hash tables. Their code was already broken.
Given that the doc says "Return the hash value of the object", I do not
think we should be so hard-nosed. The above clearly implies that there
is such a thing as *the* Python hash value for an object. And indeed,
that has been true across many versions. If we had written "Return a
hash value for the object, which can vary from run to run", the case
would be different.
Terry Jan Reedy
More information about the Python-Dev