[Python-Dev] Status of the fix for the hash collision vulnerability
victor.stinner at haypocalc.com
Wed Jan 18 10:54:26 CET 2012
2012/1/18 "Martin v. Löwis" <martin at v.loewis.de>:
> For 3.3 onwards, I'm skeptical whether all this configuration support is
> really necessary. I think a much smaller patch which leaves no choice
> would be more appropriate.
The configuration helps unit testing: see changes on Lib/test/*.py in
my last patch. I hesitate to say that the configuration is required
for tests. Anyway, users upgrading from Python 3.2 to 3.3 may need to
keep the same hash function and don't care of security (e.g. programs
running locally with trusted data).
More information about the Python-Dev