Message151071
Mark Dickinson wrote:
>
> Mark Dickinson <dickinsm@gmail.com> added the comment:
>
> [Antoine]
>> Also, how about false positives? Having legitimate programs break
>> because of legitimate data would be a disaster.
>
> This worries me, too.
>
> [MAL]
>> Yes, which is why the patch should be disabled by default (using
>> an env var) in dot-releases.
>
> Are you proposing having it enabled by default in Python 3.3?
Possibly, yes. Depends on whether anyone comes up with a problem in
the alpha, beta, RC release cycle.
It would be great to have the universal hash method approach for
Python 3.3. That way Python could self-heal itself in case it
finds too many collisions. My guess is that it's still better
to raise an exception, though, since it would uncover either
attacks or programming errors. |
|
Date |
User |
Action |
Args |
2012-01-11 17:38:10 | lemburg | set | recipients:
+ lemburg, gvanrossum, tim.peters, barry, georg.brandl, terry.reedy, jcea, mark.dickinson, pitrou, vstinner, christian.heimes, benjamin.peterson, eric.araujo, Arfrever, v+python, alex, zbysz, skrah, dmalcolm, gz, Arach, Mark.Shannon, Zhiping.Deng, Huzaifa.Sidhpurwala, PaulMcMillan |
2012-01-11 17:38:10 | lemburg | link | issue13703 messages |
2012-01-11 17:38:09 | lemburg | create | |
|