[Python-Dev] BDFL ruling request: should we block forever waiting for high-quality random bits?
donald at stufft.io
Thu Jun 9 09:57:22 EDT 2016
> On Jun 9, 2016, at 9:48 AM, Doug Hellmann <doug at doughellmann.com> wrote:
> All of which fails to be backwards compatible (new exceptions and hanging behavior), which means you’re breaking apps. Introducing a new API lets the developers who care about strong random values use them without breaking anyone else.
I assert that the vast bulk of users of os.urandom are using it because they
care about strong random values, not because they care about the nuances of
it's behavior on Linux. You're suggesting that almost every  single use of
os.urandom in the wild should switch to this new API. Forcing the multitudes to
adapt for the minority is just pointless churn and pain. Besides, Python has
never held backwards compatibility sacred above all else and regularly breaks
it in X.Y+1 releases when there is good reason to do so. Just yesterday there
was discussion on removing bytes(n) from Python 3.x not because it's dangerous
in any way, but because it's behavior makes it slightly confusing in an
extremely obvious way in a PEP that appears like it has a reasonably good
chance of being accepted.
 I would almost go as far as to call it every single use, but I'm sure
someone can dig up one person somewhere who purposely used this behavior.
More information about the Python-Dev