Re: [Django] #27635: django.utils.crypto should use secrets on Python 3.6+

2019-05-20 Thread Django 
#27635: django.utils.crypto should use secrets on Python 3.6+
-+-
 Reporter:  Adam (Chainz)|Owner:  Nick Pope
  Johnson|
 Type:   |   Status:  closed
  Cleanup/optimization   |
Component:  Utilities|  Version:  master
 Severity:  Normal   |   Resolution:  fixed
 Keywords:   | Triage Stage:  Accepted
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Mariusz Felisiak ):

 * status:  assigned => closed
 * resolution:   => fixed


Comment:

 In [changeset:"1d0bab0bfd77edcf1228d45bf654457a8ff1890d" 1d0bab0]:
 {{{
 #!CommitTicketReference repository=""
 revision="1d0bab0bfd77edcf1228d45bf654457a8ff1890d"
 Fixed #27635 -- Used secrets module in django.utils.crypto.
 }}}

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/068.4dccbb161f0c8723b79e262fa5b729ad%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #27635: django.utils.crypto should use secrets on Python 3.6+

2019-05-20 Thread Django 
#27635: django.utils.crypto should use secrets on Python 3.6+
-+-
 Reporter:  Adam (Chainz)|Owner:  Nick Pope
  Johnson|
 Type:   |   Status:  assigned
  Cleanup/optimization   |
Component:  Utilities|  Version:  master
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Accepted
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-

Comment (by Mariusz Felisiak ):

 In [changeset:"068005a349f80b3c6c724cc7a2d0b0c44413f463" 068005a3]:
 {{{
 #!CommitTicketReference repository=""
 revision="068005a349f80b3c6c724cc7a2d0b0c44413f463"
 Refs #27635 -- Removed fallback when SystemRandom() isn't available that
 doesn't work.

 Fallback was untested and likely never triggered.
 }}}

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/068.69b61c6fc175c4a25f0872d6bdcd7fbc%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #27635: django.utils.crypto should use secrets on Python 3.6+

2019-05-15 Thread Django 
#27635: django.utils.crypto should use secrets on Python 3.6+
-+-
 Reporter:  Adam (Chainz)|Owner:  Nick Pope
  Johnson|
 Type:   |   Status:  assigned
  Cleanup/optimization   |
Component:  Utilities|  Version:  master
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Accepted
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Nick Pope):

 * owner:  nobody => Nick Pope
 * status:  new => assigned
 * stage:  Someday/Maybe => Accepted


Comment:

 Alternate [https://github.com/django/django/pull/11368 PR] addressing the
 non-working fallback and optionally stripping it out based on
 [https://github.com/django/django/pull/11357#issuecomment-492839409 my
 comment].

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/068.1a816f6c5bde03e8a1ddd3b706ed0f87%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #27635: django.utils.crypto should use secrets on Python 3.6+

2019-05-12 Thread Django 
#27635: django.utils.crypto should use secrets on Python 3.6+
-+-
 Reporter:  Adam (Chainz)|Owner:  nobody
  Johnson|
 Type:   |   Status:  new
  Cleanup/optimization   |
Component:  Utilities|  Version:  master
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:
 |  Someday/Maybe
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Claude Paroz):

 * has_patch:  0 => 1


Comment:

 New [https://github.com/django/django/pull/11357 PR] now we are on 3.6+.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/068.a861138cd07664a4af70ea4d921e679c%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #27635: django.utils.crypto should use secrets on Python 3.6+

2017-01-03 Thread Django 
#27635: django.utils.crypto should use secrets on Python 3.6+
-+-
 Reporter:  Adam Chainz  |Owner:  nobody
 Type:   |   Status:  new
  Cleanup/optimization   |
Component:  Utilities|  Version:  master
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:
 |  Someday/Maybe
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-

Comment (by Emett Speer):

 Replying to [comment:3 Tim Graham]:
 > Python's `secrets.py` does `from random import SystemRandom` so this
 doesn't change any behavior or add security for now. Adam said,
 "Presumably the intention is that secrets might one day use a different
 PRNG's on some OS's." Let's make the change if the benefits become more
 than theoretical or when only Python 3.6+ is supported.
 >
 > Another possibility Aymeric mentioned, "In the long run I think we
 should deprecate get_random_string in favor of similar functions provided
 by the secrets module. I didn't check whether there was a sensible
 transition plan to make use of secrets on Python 3.6 while still
 supporting older versions."

 I'm with you on this. The vast majority of people are not going to use
 this for a long time and it will add an extra bit of overhead just to
 support an update in a single version of Python none of the big distros
 ship. Once more of the Django community has migrated to Python3.6+ it
 would be worth looking into.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/068.55ed8bd43e516849876df5378cba223a%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #27635: django.utils.crypto should use secrets on Python 3.6+

2016-12-29 Thread Django 
#27635: django.utils.crypto should use secrets on Python 3.6+
-+-
 Reporter:  Adam Chainz  |Owner:  nobody
 Type:   |   Status:  new
  Cleanup/optimization   |
Component:  Utilities|  Version:  master
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:
 |  Someday/Maybe
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Tim Graham):

 * has_patch:  1 => 0
 * stage:  Accepted => Someday/Maybe


Comment:

 Python's `secrets.py` does `from random import SystemRandom` so this
 doesn't change any behavior or add security for now. Adam said,
 "Presumably the intention is that secrets might one day use a different
 PRNG's on some OS's." Let's make the change if the benefits become more
 than theoretical or when only Python 3.6+ is supported.

 Another possibility Aymeric mentioned, "In the long run I think we should
 deprecate get_random_string in favor of similar functions provided by the
 secrets module. I didn't check whether there was a sensible transition
 plan to make use of secrets on Python 3.6 while still supporting older
 versions."

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/068.eb190b50dbeef013c434c108131a7292%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #27635: django.utils.crypto should use secrets on Python 3.6+

2016-12-28 Thread Django 
#27635: django.utils.crypto should use secrets on Python 3.6+
--+
 Reporter:  Adam Chainz   |Owner:  nobody
 Type:  Cleanup/optimization  |   Status:  new
Component:  Utilities |  Version:  master
 Severity:  Normal|   Resolution:
 Keywords:| Triage Stage:  Accepted
Has patch:  1 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  0
Easy pickings:  0 |UI/UX:  0
--+
Changes (by Anton Samarchyan):

 * cc: desecho@… (added)
 * has_patch:  0 => 1
 * version:  1.10 => master


Comment:

 Added [https://github.com/django/django/pull/7756 PR]

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/068.e6afb9198e2b97ca6c4506f28c3a4c04%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #27635: django.utils.crypto should use secrets on Python 3.6+

2016-12-26 Thread Django 
#27635: django.utils.crypto should use secrets on Python 3.6+
--+
 Reporter:  Adam Chainz   |Owner:  nobody
 Type:  Cleanup/optimization  |   Status:  new
Component:  Utilities |  Version:  1.10
 Severity:  Normal|   Resolution:
 Keywords:| Triage Stage:  Accepted
Has patch:  0 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  0
Easy pickings:  0 |UI/UX:  0
--+
Changes (by Tim Graham):

 * type:  New feature => Cleanup/optimization
 * stage:  Unreviewed => Accepted


Comment:

 Specifically, it looks like that means in place of `random.SystemRandom`.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/068.2db49d5c1b3a61581fe86af5f465bcdf%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.