On Fri, Jan 6, 2012 at 8:15 AM, Serhiy Storchaka <storch...@gmail.com> wrote: > 05.01.12 21:14, Glenn Linderman написав(ла): >> >> So, fixing the vulnerable packages could be a sufficient response, >> rather than changing the hash function. How to fix? Each of those >> above allocates and returns a dict. Simply have each of those allocate >> and return and wrapped dict, which has the following behaviors: >> >> i) during __init__, create a local, random, string. >> ii) for all key values, prepend the string, before passing it to the >> internal dict. > > > Good idea.
Not a good idea - a lot of the 3rd party tests that depend on dict ordering are going to be using those modules anyway, so scattering our solution across half the standard library is needlessly creating additional work without really reducing the incompatibility problem. If we're going to change anything, it may as well be the string hashing algorithm itself. Cheers, Nick. -- Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com