Message285593
A few thoughts;
usedforsecurity=xxx seems awkward: I wouldn't want, as a user of hashlib, to have to put that in literally every use I make of it.
If I understand the situation correctly, the goal is for both linters, and at runtime, identification of the intended purpose of a call to md5 - e.g. whether there are security implications in its use (as far as FIPS is concerned).
Perhaps having two separate implementations of the interfaces, one general purpose and one FIPS would be decent.
e.g. from hashlib.fips import sha1
etc
etc
and hashlib.fips simply wouldn't contain md5.
Then the md5 thats in hashlib is by definition not FIPS ready and any code using it should be fixed. |
|
Date |
User |
Action |
Args |
2017-01-17 00:01:34 | rbcollins | set | recipients:
+ rbcollins, pitrou, christian.heimes, rpetrov, doughellmann, dmalcolm, dholth, jpokorny, bkabrda, lukecarrier |
2017-01-17 00:01:34 | rbcollins | set | messageid: <1484611294.43.0.117287266512.issue9216@psf.upfronthosting.co.za> |
2017-01-17 00:01:34 | rbcollins | link | issue9216 messages |
2017-01-17 00:01:33 | rbcollins | create | |
|