Message267699
Donald -
To be clear - no import of random or of hashlib is required to trigger this issue. The null script alone triggers the issue; the Python hash secret is initialized at startup regardless of script contents.
Yes, there is a race condition at system boot which we can probably resolve with userspace manipulations. I still feel that having Python hang indefinitely under certain circumstances, even when the application does not require any entropy, is a violation of the principle of least surprise. At the very least, there should be a command-line flag to disable "secure" initialization of the hash secret. |
|
Date |
User |
Action |
Args |
2016-06-07 16:04:22 | Colm Buckley | set | recipients:
+ Colm Buckley, lemburg, rhettinger, doko, vstinner, larry, christian.heimes, matejcik, ned.deily, alex, skrah, python-dev, martin.panter, ztane, dstufft, Lukasa, thomas-petazzoni |
2016-06-07 16:04:21 | Colm Buckley | set | messageid: <1465315461.98.0.174674237919.issue26839@psf.upfronthosting.co.za> |
2016-06-07 16:04:21 | Colm Buckley | link | issue26839 messages |
2016-06-07 16:04:21 | Colm Buckley | create | |
|