This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author barry
Recipients alex, barry, vila, vstinner
Date 2017-02-20.15:13:59
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
In-reply-to <>
On Feb 20, 2017, at 02:21 PM, STINNER Victor wrote:

>What am I supposed to do with an UUID with safe=False? Should I loop on the
>function until I get safe==True?

It would be an application dependent response.  It might be that you would
check some other attributes of your platform (e.g. are the OS packages that
should be installed to give you safe UUIDs?).  Or your application may not
care that much, or your application may refuse to continue to run on platforms
without safe UUIDs, or you might use some application-level synchronization
methods to guarantee safe UUIDs (e.g. store the unsafe or unknown ones in a
database and check that new ones are not already used).

The point of this change is that it provides information to the application
creating UUIDs that wasn't previously available.

>"safe for multiprocessing applications"
>Does it mean unique on the whole system?
>I looked at uuid_generate_time_safe(3) manual page which mention
>"synchronization mechanisms (see above)" but they are not documented.

I believe some systems at least use interprocess communication with a daemon
to provide the synchronization.  Yes, it would be system-wide.

>> I'm classifying this as a security issue, (...)  
>This issue was only fixed in Python 3.7. Does it mean that it's no more
>considered as as security vulnerability?

I should remove that tag.  While this could have an impact on application
security, it's not a security issue *in Python* itself.
Date User Action Args
2017-02-20 15:14:00barrysetrecipients: + barry, vstinner, vila, alex
2017-02-20 15:14:00barrylinkissue22807 messages
2017-02-20 15:13:59barrycreate