[Python-ideas] Python's Source of Randomness and the random.py module Redux

Nathaniel Smith njs at pobox.com
Thu Sep 10 22:33:05 CEST 2015

On Sep 10, 2015 5:29 AM, "Paul Moore" <p.f.moore at gmail.com> wrote:
> You're claiming that the random
> module is security related. I'm claiming it's not, it's documented as
> not being, and that's clear to the people who use it for its intended
> purpose. Telling those people that you want to make a module designed
> for their use harder to use because people for whom it's not intended
> can't read the documentation which explicitly states that it's not
> suitable for them, is doing a disservice to those people who are
> already using the module correctly for its stated purpose.

Regarding the "harder to use" point (which is obviously just one of many
considerations in this while debate):

I trained myself a few years ago to stop using the global random functions
and instead always pass around an explicit RNG object, and my experience is
that once I got into the habit it gave me a strict improvement in code
quality. Suddenly many more of my functions are deterministic ... well ...
functions ... of their inputs, and suddenly it's clearly marked in the
source which ones have randomness in their semantics, and suddenly it's
much easier to do things like refactor the code while preserving the output
for a given seed. (This is tricky because just changing the order in which
you do things can break your code. I wince in sympathy at people who have
to maintain code like your map-generation-from-a-seed example and *aren't*
using RNG objects explicitly.) The implicit global RNG is a piece of global
state, like global variables, and causes similar unpleasantness. Now that I
don't use it, I look back and it's like "huh, why did I always used to hit
myself in the face like that? That wasn't very pleasant." So this is what I
teach my collaborators and students now. Most of them just use the global
state by default because they don't even know about the OO option.

YMMV but that's my experience FWIW.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ideas/attachments/20150910/074d981c/attachment.html>

More information about the Python-ideas mailing list