Message152760
On Mon, 2012-02-06 at 10:20 +0000, Marc-Andre Lemburg wrote:
> Marc-Andre Lemburg <mal@egenix.com> added the comment:
>
> STINNER Victor wrote:
> >
> > STINNER Victor <victor.stinner@haypocalc.com> added the comment:
> >
> >> In a security fix release, we shouldn't change the linkage procedures,
> >> so I recommend that the LoadLibrary dance remains.
> >
> > So the overhead in startup time is not an issue?
>
> It is an issue. Not only in terms of startup time, but also
msg152362 indicated that there was negligible impact on startup time
when randomization is disabled. The impact when it *is* enabled is
unclear, but reported there as "isn't crippling".
> because randomization per default makes Python behave in
> non-deterministc ways - which is not what you want from a
> programming language or interpreter (unless you explicitly
> tell it to behave like that).
The release managers have pronounced:
http://mail.python.org/pipermail/python-dev/2012-January/115892.html
Quoting that email:
> 1. Simple hash randomization is the way to go. We think this has the
> best chance of actually fixing the problem while being fairly
> straightforward such that we're comfortable putting it in a stable
> release.
> 2. It will be off by default in stable releases and enabled by an
> envar at runtime. This will prevent code breakage from dictionary
> order changing as well as people depending on the hash stability. |
|
Date |
User |
Action |
Args |
2012-02-06 19:11:43 | dmalcolm | set | recipients:
+ dmalcolm, lemburg, gvanrossum, tim.peters, loewis, barry, georg.brandl, terry.reedy, gregory.p.smith, jcea, mark.dickinson, pitrou, vstinner, christian.heimes, benjamin.peterson, eric.araujo, grahamd, Arfrever, v+python, alex, zbysz, skrah, gz, neologix, Arach, Mark.Shannon, eric.snow, Zhiping.Deng, Huzaifa.Sidhpurwala, Jim.Jewett, PaulMcMillan, fx5, skorgu |
2012-02-06 19:11:43 | dmalcolm | link | issue13703 messages |
2012-02-06 19:11:42 | dmalcolm | create | |
|