[issue27292] Warn users that os.urandom() prior to 3.6 can return insecure values
Martin Panter
report at bugs.python.org
Fri Sep 9 01:13:01 EDT 2016
Martin Panter added the comment:
Do you want to do an alternative patch Victor? Or point out all the specific bits of my patch you don’t like?
I haven’t really been keeping up to date with the getrandom() changes. Though I imagine even Python 3.6’s os.urandom() will still fall back to /dev/urandom (with potential entropy problem) on older Linux versions. Is the consensus that we want to warn about insecure results on Linux >= 3.17, but don’t want to warn about older Linux versions?
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue27292>
_______________________________________
More information about the Python-bugs-list
mailing list