[Security-sig] PEP 524: Make os.urandom() blocking on Linux (version 3)
Nick Coghlan
ncoghlan at gmail.com
Fri Jul 29 07:35:33 EDT 2016
On 29 July 2016 at 02:56, Victor Stinner <victor.stinner at gmail.com> wrote:
> Hi,
>
> I moved my os.urandom PEP to the regular GitHub repository so it gets
> available on python.org:
> https://www.python.org/dev/peps/pep-0524/
>
> Changes since version 2:
>
> * add os.getrandom()
I'm wondering if we should take os.getrandom() out of the PEPs, and
just agree that adding it as a platform-dependent optional interface
in the OS module is a good idea.
The reason I've started thinking that way is that one of the
capabilities we've long supported is to let people write platform
specific "C'ish" code in Python, that then later gets translated to
actual C code, either manually, or automatically via Cython (or one of
its predecessors). Adding os.getrandom() would make sense in that
context, just as it's the reason we keep "getopt" around as a standard
library module.
The aspect of Larry's original proposal to add os.getrandom that I
objected to was adding it *instead of* fixing os.urandom's default
behaviour, but I think we've moved past that point of contention now.
The competing PEPs would then just be about where we put the
cross-platform blocking behaviour: either doing it implicitly in
os.urandom, or letting that sometimes throw BlockingIOError, and
offering an explicit cross-platform blocking API in the secrets
module.
Regards,
Nick.
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
More information about the Security-SIG
mailing list