[Python-Dev] Status of the fix for the hash collision vulnerability

Terry Reedy tjreedy at udel.edu
Sat Jan 14 06:43:04 CET 2012

On 1/13/2012 8:58 PM, Gregory P. Smith wrote:

> It is perfectly okay to break existing users who had anything depending
> on ordering of internal hash tables. Their code was already broken.

Given that the doc says "Return the hash value of the object", I do not 
think we should be so hard-nosed. The above clearly implies that there 
is such a thing as *the* Python hash value for an object. And indeed, 
that has been true across many versions. If we had written "Return a 
hash value for the object, which can vary from run to run", the case 
would be different.

Terry Jan Reedy

More information about the Python-Dev mailing list