[Python-Dev] plugging the hash attack
Benjamin Peterson
benjamin at python.org
Sat Jan 28 02:19:58 CET 2012
Hello everyone,
In effort to get a fix out before Perl 6 goes mainstream, Barry and I
have decided to pronounce on what we want for our stable releases.
What we have decided is that
1. Simple hash randomization is the way to go. We think this has the
best chance of actually fixing the problem while being fairly
straightforward such that we're comfortable putting it in a stable
release.
2. It will be off by default in stable releases and enabled by an
envar at runtime. This will prevent code breakage from dictionary
order changing as well as people depending on the hash stability.
--
Regards,
Benjamin
More information about the Python-Dev
mailing list