This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author ncoghlan
Recipients Lukasa, docs@python, georg.brandl, larry, martin.panter, ncoghlan, ned.deily, steven.daprano, vstinner
Date 2016-09-21.09:15:14
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1474449314.8.0.505831251145.issue27292@psf.upfronthosting.co.za>
In-reply-to
Content 
With the 3.6 os.urandom() implementation doing the right thing consistently cross-platform, our guidance for folks that care about the quality of the CSPRNG they use should be that they either upgrade to that version, or else ensure that the kernel CSPRNG is properly seeded before they run Python.

That is, I think the tone we're aiming for in the older docs now should be "You're using an older Python version, so if this problem description worries you, you need to either upgrade or else take the necessary steps to satisfy yourself that your host system's CSPRNG is properly configured", rather than the more passive "os.urandom() isn't necessarily secure" (with minimal guidance on what to do about it) that we've previously adopted.
History
Date User Action Args
2016-09-21 09:15:14ncoghlansetrecipients: + ncoghlan, georg.brandl, vstinner, larry, ned.deily, steven.daprano, docs@python, martin.panter, Lukasa
2016-09-21 09:15:14ncoghlansetmessageid: <1474449314.8.0.505831251145.issue27292@psf.upfronthosting.co.za>
2016-09-21 09:15:14ncoghlanlinkissue27292 messages
2016-09-21 09:15:14ncoghlancreate