On Tue, 25 Feb 2014 20:38:46 +0200 Maciej Fijalkowski <fij...@gmail.com> wrote: > > My impression is that a lot of discussion went into hash > randomization, because it was a high profile issue. It got "fixed", > then later someone discovered that the fix is completely broken and > was left at that without much discussion because it's no longer "high > visibility". I would really *like* to perceive this process as a lot > of discussion going into because of ramification of changes.
Most of the discussion, AFAIR, was about the potential backwards compatibility issues (which led to the decision of adding hash randomization in 2.7, but disabled by default). But you're right that for some reason it suddenly became a "high profile issue" while the general attack mechanism had apparently been known for years. (and AFAIK there's no proof of actual attacks in the wild) Regards Antoine. _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
