This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients Ramchandra Apte, alex, asvetlov, christian.heimes, docs@python, ezio.melotti, giampaolo.rodola, hynek, r.david.murray, rhettinger, vstinner, yating.huang
Date 2014-03-14.14:50:53
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1394808653.58.0.187244335443.issue17006@psf.upfronthosting.co.za>
In-reply-to
Content 
Raymond makes a good point. We mustn't clutter the docs with warnings. People are going to skip warning boxes if they occur too often. The documentation of the hashlib module contains three "note" boxes and one "warning box". That's far too many.

The first "note" box could be moved to "see also". The other two "note" could be removed and their content added to the documentation of update(). The warning box should follow the example of the ssl module and all further security considerations should be moved into a new section.

The Python stdlib documentation is the wrong place to teach users about crypto and security stuff. But in my opinion good documentation should point out that something is dangerous or may lure a user into false sense of security.

Perhaps I should start a howto with common security-related issues in Python software for 3.5.
History
Date User Action Args
2014-03-14 14:50:53christian.heimessetrecipients: + christian.heimes, rhettinger, vstinner, giampaolo.rodola, ezio.melotti, alex, r.david.murray, asvetlov, docs@python, Ramchandra Apte, hynek, yating.huang
2014-03-14 14:50:53christian.heimessetmessageid: <1394808653.58.0.187244335443.issue17006@psf.upfronthosting.co.za>
2014-03-14 14:50:53christian.heimeslinkissue17006 messages
2014-03-14 14:50:53christian.heimescreate