Author lemburg
Recipients Theodore Tso, christian.heimes, dstufft, larry, lemburg, martin.panter, ncoghlan, vstinner
Date 2016-06-09.07:56:01
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <57592109.5060805@egenix.com>
In-reply-to <1465430695.0.0.555300487063.issue27266@psf.upfronthosting.co.za>
Content
I propose to deprecate os.urandom() altogether due to all the
issues we've discussed on all those recent tickets.

See #27279 for details.

On 09.06.2016 02:04, Nick Coghlan wrote:
> I'd also *STRONGLY* request that we avoid adding any new APIs in relation to this that mean "Use os.urandom" is no longer the preferred option to obtain cryptographically strong random numbers in Python. Any such APIs can't be used in single source Python 2/3 code, they invalidate existing third party documentation like https://cryptography.io/en/latest/random-numbers/ and they invalidate answers on Q&A sites like http://stackoverflow.com/questions/20936993/how-can-i-create-a-random-number-that-is-cryptographically-secure-in-python

It's easy enough to write Python2/3 code to use the new
APIs for Python3, so I don't really buy that argument.

As for answers on SO: it's not a definite source for anything
anyway and life moves on, so eventually people will up the
new changes and update older answers to the new ones. The
deprecation notice will get people aware of the change.
History
Date User Action Args
2016-06-09 07:56:01lemburgsetrecipients: + lemburg, ncoghlan, vstinner, larry, christian.heimes, martin.panter, dstufft, Theodore Tso
2016-06-09 07:56:01lemburglinkissue27266 messages
2016-06-09 07:56:01lemburgcreate