[Security-sig] Take a decision for os.urandom() in Python 3.6
Nick Coghlan
ncoghlan at gmail.com
Mon Aug 8 08:40:04 EDT 2016
On 8 August 2016 at 19:59, Victor Stinner <victor.stinner at gmail.com> wrote:
> os.urandom() is already blocking in Python 3.5.0 and 3.5.1 :-)
>
> For example on Fedora, no need for rawhide: Fedora 24 provides Python
> 3.5.1 with a blocking os.urandom() :-)
>
Surprisingly, it doesn't, as due to the way the Fedora buildroots are set
up in Koji the "HAVE_GETRANDOM_SYSCALL" configure check ends up returning
False when the system Python RPM gets built:
https://mail.python.org/pipermail/security-sig/2016-June/000060.html
With 3.5.2 reverting to the old behaviour anyway, there's no compelling
reason to address that build environment discrepancy for 3.5, but we
(Fedora) are going to have to do something about it for Python 3.6 in F26
so that os.getrandom() gets defined properly and os.urandom() can be made
blocking (with a warning when it does).
Cheers,
Nick.
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/security-sig/attachments/20160808/abe89074/attachment.html>
More information about the Security-SIG
mailing list