This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients bkabrda, christian.heimes, dholth, dmalcolm, doughellmann, icordasc, jpokorny, lukecarrier, pitrou, rbcollins, rpetrov, yolanda.robla
Date 2017-01-20.10:14:43
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1484907283.72.0.421884906004.issue9216@psf.upfronthosting.co.za>
In-reply-to
Content 
Objection from hashlib maintainer: I will reject a used_for_security flag with default of False. I'm slowly moving Python to a secure-by-default policy. Therefore used_for_security must be an explicit opt-out.

I'm aware that the policy will require modifications to all software that uses MD5. To be honest that's my goal. If you care about FIPS, then any use of MD5 must be a concious and careful decision. I want developers to move away from MD5 and replace it with SipHash24, Blake2 or SHA-2. MD5 should *only* remain when backwards incompatibility prevent migration.
History
Date User Action Args
2017-01-20 10:14:43christian.heimessetrecipients: + christian.heimes, pitrou, rbcollins, rpetrov, doughellmann, dmalcolm, dholth, jpokorny, bkabrda, lukecarrier, icordasc, yolanda.robla
2017-01-20 10:14:43christian.heimessetmessageid: <1484907283.72.0.421884906004.issue9216@psf.upfronthosting.co.za>
2017-01-20 10:14:43christian.heimeslinkissue9216 messages
2017-01-20 10:14:43christian.heimescreate