On Thu, Feb 21, 2013 at 6:35 AM, Tres Seaver <tsea...@palladion.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 02/20/2013 09:08 PM, Barry Warsaw wrote: >> On Feb 21, 2013, at 10:38 AM, Nick Coghlan wrote: >> >>> - make it possible to enable safer behaviour globally in at least >>> 2.7 and 3.3 (and perhaps in 2.6 and 3.2 security releases as well) >> >> I want to be fairly conservative with 2.6.9. > > I believe that the same rationale should apply as that for adding hash > randomization in 2.6.8: this is at least as bad a vulnerability, with > many more vectors of attack.
FYI the hash randomization is broken (it only allows 256 really different hashes) _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com