[Python-Dev] Status of the fix for the hash collision vulnerability
"Martin v. Löwis"
martin at v.loewis.de
Wed Jan 18 08:15:35 CET 2012
Am 18.01.2012 07:06, schrieb Gregory P. Smith:
>
> On Tue, Jan 17, 2012 at 12:52 PM, "Martin v. Löwis" <martin at v.loewis.de
> <mailto:martin at v.loewis.de>> wrote:
>
> > I plan to commit my fix to Python 3.3 if it is accepted. Then write a
> > simplified version to Python 3.2 and backport it to 3.1.
>
> I'm opposed to any change to the hash values of strings in maintenance
> releases, so I guess I'm opposed to your patch in principle.
>
>
> Please at least consider his patch for 3.3 onwards then. Changing the
> hash seed per interpreter instance / process is the right thing to do
> going forward.
For 3.3 onwards, I'm skeptical whether all this configuration support is
really necessary. I think a much smaller patch which leaves no choice
would be more appropriate.
Regards,
Martin
More information about the Python-Dev
mailing list