[Python-Dev] Counting collisions for the win
Tres Seaver
tseaver at palladion.com
Fri Jan 20 20:36:56 CET 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/20/2012 02:04 PM, Donald Stufft wrote:
> Even if a MemoryException is raised I believe that is still a
> fundamental change in the documented contract of dictionary API.
How so? Dictionary inserts can *already* raise that error.
> I don't believe there is a way to fix this without breaking someones
> application. The major differences I see between the two solutions is
> that counting will break people's applications who are otherwise
> following the documented api contract of dictionaries,
Do you have a case in mind where legitimate user data (not crafted as
part of a DoS attack) would trip the 1000-collision limit? How likely is
it that such cases exist in already-deployed applications, compared to
the known breakage in existing applications due to hash randomization?
> and randomization will break people's applications who are violating
> the documented api contract of dictionaries.
>
> Personally I feel that the lesser of two evils is to reward those who
> followed the documentation, and not reward those who didn't.
Except that I think your set is purely hypothetical, while the second set
is *lots* of deployed applications.
Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk8ZwlgACgkQ+gerLs4ltQ4KOACglAHDgn5wUb+cye99JbeW0rZo
5oAAn2ja7K4moFLN/aD4ZP7m+8WnwhcA
=u7Mt
-----END PGP SIGNATURE-----
More information about the Python-Dev
mailing list