[Python-Dev] plugging the hash attack
Steven D'Aprano
steve at pearwood.info
Sat Jan 28 03:28:21 CET 2012
Benjamin Peterson wrote:
> Hello everyone,
> In effort to get a fix out before Perl 6 goes mainstream, Barry and I
> have decided to pronounce on what we want for our stable releases.
> What we have decided is that
> 1. Simple hash randomization is the way to go. We think this has the
> best chance of actually fixing the problem while being fairly
> straightforward such that we're comfortable putting it in a stable
> release.
> 2. It will be off by default in stable releases and enabled by an
> envar at runtime. This will prevent code breakage from dictionary
> order changing as well as people depending on the hash stability.
Do you have the expectation that it will become on by default in some future
release?
--
Steven
More information about the Python-Dev
mailing list