[python-committers] My cavalier and aggressive manner, API change and bugs introduced for basically zero benefit

Victor Stinner victor.stinner at gmail.com
Fri Jan 20 19:03:28 EST 2017 

2017-01-21 0:14 GMT+01:00 Andrew Dalke <dalke at dalkescientific.com>:
> For this one bug, I agree with the interpretation that it was handled with a cavalier attitude. I don't feel like it's being treated with the seriousness it should.

The regression was introduced by http://bugs.python.org/issue27776
which was reviewed by Nick Coghlan. The discussion is about the lack
of reviews. The patch was reviewed, but the review didn't spot the
bug.

The bug was reported at 2016-12-27, it was fixed and closed 2 days
later by Benjamin Peterson: http://bugs.python.org/issue29085

The issue was fixed so fast that I didn't even noticed it. I only a
few days later that I get notified indirectly, I don't recall how.

Note: Benjamin didn't attach a patch to the issue nor waited for a review.

What did we wrong for this specific issue, and how can we prevent
similar failure next time?


I don't understand why you are saying that I (I or we?) didn't handle
the issue seriously. And can you please also elaborate why you
consider that my attitude was cavalier on this issue?


If you consider that the bug is serious enough, maybe we should
schedule a quick 3.6.1 bugfix release?


About testing, I wrote a minimum test for os.urandom() checking that
calling os.urandom(16) twice produces two different random sequences.
Lib/test/test_os.py:

    def test_urandom_value(self):
        data1 = os.urandom(16)
        self.assertIsInstance(data1, bytes)
        data2 = os.urandom(16)
        self.assertNotEqual(data1, data2)

Note: the test was added by Georg Brandl in the issue #13703, but I
wrote an initial patch adding the test. So it's not like I don't care
of the quality of Python RNG ;-)

Would such minimum test be enough to detect the weak RNG seed bug?


I know well RNG issues. I spent a lot of time writing my own RNG
library and studying RNG bugs in various libraries and languages. Bugs
are common, it's hard to write tests to detect non trivial bugs on
RNG. The question is how we can enhance Python on this point.

Victor

More information about the python-committers mailing list