Message 285034 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	vstinner
Recipients	benjamin.peterson, christian.heimes, python-dev, rhettinger, vstinner
Date	2017-01-09.10:26:37
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1483957597.6.0.19653376891.issue29188@psf.upfronthosting.co.za>
In-reply-to

Content
> This is VERY far from our historical policy for backports. Python 2.7 is supposed to be getting more stable over time (that is one of its chief virtues). We don't want to risk the kind of mini-catastrophe that got published in 3.6 (issue29085). I don't consider that the issue #29085 is a catastrophe and it's just a bug which was already fixed. Moreover, Python 2.7 and 3.5 don't have _PyOS_URandomNonblock() function and so the _random module is not impacted by this issue. > If you want to push for this, there needs to be a thorough discussion on python-dev (there are tons of possible backports that could be made if the rationale was "I would prefer to use the same code on all maintained versions"). Sorry, I suffered from the previous discussion about random numbers. I don't want to reopen a new discussion, people would become crazy again. I just fixed Python/random.c in support glibc 2.24 that's all. If someone wants the cool getrandom() function/syscall on Python 2.7, please open a new issue. It doesn't really enhance the security, it's just a matter of avoid a file descriptor.

> This is VERY far from our historical policy for backports.  Python 2.7 is supposed to be getting more stable over time (that is one of its chief virtues).  We don't want to risk the kind of mini-catastrophe that got published in 3.6 (issue29085).

I don't consider that the issue #29085 is a catastrophe and it's just a bug which was already fixed.

Moreover, Python 2.7 and 3.5 don't have _PyOS_URandomNonblock() function and so the _random module is not impacted by this issue.


> If you want to push for this, there needs to be a thorough discussion on python-dev (there are tons of possible backports that could be made if the rationale was "I would prefer to use the same code on all maintained versions").

Sorry, I suffered from the previous discussion about random numbers. I don't want to reopen a new discussion, people would become crazy again.

I just fixed Python/random.c in support glibc 2.24 that's all.

If someone wants the cool getrandom() function/syscall on Python 2.7, please open a new issue. It doesn't really enhance the security, it's just a matter of avoid a file descriptor.

History
Date	User	Action	Args
2017-01-09 10:26:37	vstinner	set	recipients: + vstinner, rhettinger, christian.heimes, benjamin.peterson, python-dev
2017-01-09 10:26:37	vstinner	set	messageid: <1483957597.6.0.19653376891.issue29188@psf.upfronthosting.co.za>
2017-01-09 10:26:37	vstinner	link	issue29188 messages
2017-01-09 10:26:37	vstinner	create