[Python-Dev] plugging the hash attack
Georg Brandl
g.brandl at gmx.net
Sat Jan 28 18:54:38 CET 2012
Am 28.01.2012 02:19, schrieb Benjamin Peterson:
> Hello everyone,
> In effort to get a fix out before Perl 6 goes mainstream, Barry and I
> have decided to pronounce on what we want for our stable releases.
> What we have decided is that
> 1. Simple hash randomization is the way to go. We think this has the
> best chance of actually fixing the problem while being fairly
> straightforward such that we're comfortable putting it in a stable
> release.
> 2. It will be off by default in stable releases and enabled by an
> envar at runtime. This will prevent code breakage from dictionary
> order changing as well as people depending on the hash stability.
FWIW, the same will be done for 3.2.
Georg
More information about the Python-Dev
mailing list