Gregory P. Smith <g...@krypto.org> added the comment:
Thanks for the feedback. Better late than never. :) A default algorithm is a bad thing when it comes to authentication. Explicit is better than implicit. A default regularly becomes obsolete as math and cryptanalysis methods move forward and need to be changed every unpredictable N years. MD5 was _already_ a bad choice of default when hmac was added in 2.2. That said, we managed this deprecation and API evolution poorly. As it has shipped this way in 3.8, I'm first going to fix the documentation and the exception type (both suitable for 3.8). First PR sent. In 3.9 we could introduce a better named keyword only digest parameter, leaving digestmod supported as a legacy positional & alternate name for backwards incompatibility. (minor code gymnastics required to do that, but within reason) i wouldn't want to remove the digestmod positional/name support until after 3.8 is no longer relevant in the world. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue33604> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com