On Wed, Jan 11, 2012 at 7:01 PM, Mike Meyer wrote:
> On Wed, 4 Jan 2012 00:07:27 -0500
> PJ Eby wrote:
> > On Tue, Jan 3, 2012 at 7:40 PM, Mike Meyer wrote:
> > > For
> > > instance, combining STM with explicit locking would allow explicit
> > > locking when IO was required,
> > I don't think
Hm... I started out as a big fan of the randomized hash, but thinking more
about it, I actually believe that the chances of some legitimate app having
>1000 collisions are way smaller than the chances that somebody's code will
break due to the variable hashing. In fact we know for a fact that the
l
Many people proposed their own idea to fix the vulnerability, but only
3 wrote a patch:
- Glenn Linderman proposes to fix the vulnerability by adding a new
"safe" dict type (only accepting string keys). His proof-of-concept
(SafeDict.py) uses a secret of 64 random bits and uses it to compute
the h
On Thu, Jan 12, 2012 at 12:54 AM, Antoine Pitrou wrote:
> On Wed, 11 Jan 2012 12:25:46 +1000
> Nick Coghlan wrote:
>> If it's the latter... could we change it for 3.3, or is that too
>> significant a breach of backwards compatibility?
>
> I think we could change it.
For the benefit of those not
