cryptography default_backend is "hazmat"?

Arthur Darcet arthur.darcet+list at m4x.org
Sat Mar 18 18:42:49 EDT 2017


On Sat, 18 Mar 2017 at 23:29, Ian Pilcher <arequipeno at gmail.com> wrote:

> On 03/18/2017 05:15 PM, Chris Angelico wrote:
> > So the question is: How well do you trust the examples? Are they
> > likely to be instructing you in a safe way to use this
> > potentially-dangerous module?
>
> But as far as I can tell, there's no way to use many of the non-hazmat
> functions (e.g. parsing a certificate) without a backend, and all of the
> backends are "hazmat".
>
> So what's the point of marking something as hazmat, if a large portion
> of the rest of the module can't be used without it?
>

If I'm not mistaken, the hazmat module contains functions that are easy to
misuse, which is why they are hazardous.
Using those same functions through the "safe" part of the library isn't
dangerous




> --
> ========================================================================
> Ian Pilcher                                         arequipeno at gmail.com
> -------- "I grew up before Mark Zuckerberg invented friendship" --------
> ========================================================================
>
> --
> https://mail.python.org/mailman/listinfo/python-list
>


More information about the Python-list mailing list