[Python-Dev] Our responsibilities (was Re: BDFL ruling request: should we block forever waiting for high-quality random bits?)

[Barry Warsaw]

On Jun 16, 2016, at 07:34 AM, Donald Stufft wrote:

>Well, I don’t think that for os.urandom someone using it for security is
>running “counter to it’s original intent”, given that in general urandom’s
>purpose is for cryptographic random. Someone *may* be using it for something
>other than that, but it’s pretty explicitly there for security sensitive
>applications.

Except that I disagree.  I think os.urandom's original intent, as documented
in Python 3.4, is to provide a thin layer over /dev/urandom, with all that
implies, and with the documented quality caveats.  I know as a Linux developer
that if I need to know the details of that, I can `man urandom` and read the
gory details.  In Python 3.5, I can't do that any more.

>Right. I personally often fall towards securing the *existing* APIs and
>adding new, insecure APIs that are obviously so in cases where we can
>reasonably do that.

Sure, and I personally fall on the side of maintaining stable, backward
compatible APIs, adding new, better, more secure APIs to address deficiencies
in real-world use cases.  That's because when we break APIs, even with the
best of intentions, it breaks people's code in ways and places that we can't
predict, and which are very often very difficult to discover.

I guess it all comes down to who's yelling at you. ;)

Cheers,
-Barry

P.S. These discussions do not always end in despair.  Witness PEP 493.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/python-dev/attachments/20160616/bd5a175a/attachment.sig>