Author vaizki
Recipients asvetlov, dacut, gvanrossum, njs, vaizki, yselivanov
Date 2019-11-20.08:59:02
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1574240343.54.0.689889801982.issue37228@roundup.psfhosted.org>
In-reply-to
Content
David, in terms of documentation changes and the emitted deprecation warning itself, I think it would be appropriate to instruct that please set the parameter explicitly to True or False to silence the warning AND point out that setting it to True has significant security and previously incorrectly documented functional implications.

Now your updated docs and warning read more like we are working around a Linux security bug which is not really the case - this behavior was intentionally added to the kernels and some of the code I do for a living relies on it to work properly. Admittedly the restriction of having the same UID wouldn't hurt.

And browsing again through the hits to my github searches, it makes me cringe how many people are already explicitly setting reuse_address=True in their code because the current documentation mistakenly makes it seem harmless and desirable. Makes me wonder if we need to put out a CVE? At the very least, I will be putting in PRs to the asyncio packages that I myself use and understand.
History
Date User Action Args
2019-11-20 08:59:03vaizkisetrecipients: + vaizki, gvanrossum, njs, asvetlov, yselivanov, dacut
2019-11-20 08:59:03vaizkisetmessageid: <1574240343.54.0.689889801982.issue37228@roundup.psfhosted.org>
2019-11-20 08:59:03vaizkilinkissue37228 messages
2019-11-20 08:59:02vaizkicreate