[Python-Dev] Python startup time
Chris Barker
chris.barker at noaa.gov
Mon May 14 12:38:21 EDT 2018
On Mon, May 14, 2018 at 12:33 PM, INADA Naoki <songofacandy at gmail.com>
wrote:
> It will broke hash randomization.
>
> See also: https://www.cvedetails.com/cve/CVE-2017-11499/
I'm not enough of a security expert to know how much that matters in this
case, but I suppose one could do a bit of post-proccessing on the image to
randomize the hashes? or is that just insane?
Also -- I wasn't thinking it would be a pre-build binary blob that everyone
used -- but one built on the fly on an individual system, maybe once per
reboot, or once per shell instance even. So if you are running, e.g. hg a
bunch of times in a shell, does it matter that the instances are all
identical?
-CHB
--
Christopher Barker, Ph.D.
Oceanographer
Emergency Response Division
NOAA/NOS/OR&R (206) 526-6959 voice
7600 Sand Point Way NE (206) 526-6329 fax
Seattle, WA 98115 (206) 526-6317 main reception
Chris.Barker at noaa.gov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20180514/bd564c27/attachment.html>
More information about the Python-Dev
mailing list