Author gregory.p.smith
Recipients christian.heimes, gregory.p.smith, mbussonn, miss-islington, rhettinger
Date 2019-10-15.16:43:49
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1571157830.02.0.572682656765.issue33604@roundup.psfhosted.org>
In-reply-to
Content
Thanks for the feedback.  Better late than never. :)

A default algorithm is a bad thing when it comes to authentication.  Explicit is better than implicit.  A default regularly becomes obsolete as math and cryptanalysis methods move forward and need to be changed every unpredictable N years.  MD5 was _already_ a bad choice of default when hmac was added in 2.2.

That said, we managed this deprecation and API evolution poorly.

As it has shipped this way in 3.8, I'm first going to fix the documentation and the exception type (both suitable for 3.8).  First PR sent.

In 3.9 we could introduce a better named keyword only digest parameter, leaving digestmod supported as a legacy positional & alternate name for backwards incompatibility.  (minor code gymnastics required to do that, but within reason)

i wouldn't want to remove the digestmod positional/name support until after 3.8 is no longer relevant in the world.
History
Date User Action Args
2019-10-15 16:43:50gregory.p.smithsetrecipients: + gregory.p.smith, rhettinger, christian.heimes, mbussonn, miss-islington
2019-10-15 16:43:50gregory.p.smithsetmessageid: <1571157830.02.0.572682656765.issue33604@roundup.psfhosted.org>
2019-10-15 16:43:50gregory.p.smithlinkissue33604 messages
2019-10-15 16:43:49gregory.p.smithcreate