Message357040
David, in terms of documentation changes and the emitted deprecation warning itself, I think it would be appropriate to instruct that please set the parameter explicitly to True or False to silence the warning AND point out that setting it to True has significant security and previously incorrectly documented functional implications.
Now your updated docs and warning read more like we are working around a Linux security bug which is not really the case - this behavior was intentionally added to the kernels and some of the code I do for a living relies on it to work properly. Admittedly the restriction of having the same UID wouldn't hurt.
And browsing again through the hits to my github searches, it makes me cringe how many people are already explicitly setting reuse_address=True in their code because the current documentation mistakenly makes it seem harmless and desirable. Makes me wonder if we need to put out a CVE? At the very least, I will be putting in PRs to the asyncio packages that I myself use and understand. |
|
Date |
User |
Action |
Args |
2019-11-20 08:59:03 | vaizki | set | recipients:
+ vaizki, gvanrossum, njs, asvetlov, yselivanov, dacut |
2019-11-20 08:59:03 | vaizki | set | messageid: <1574240343.54.0.689889801982.issue37228@roundup.psfhosted.org> |
2019-11-20 08:59:03 | vaizki | link | issue37228 messages |
2019-11-20 08:59:02 | vaizki | create | |
|