#36572: Deprecation of constant_time_compare broke usage with mixed-type
arguments.
-------------------------------+--------------------------------------
Reporter: Sage Abdullah | Owner: (none)
Type: Bug | Status: new
Component: Utilities | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Changes (by Jake Howard):
* cc: Jake Howard (added)
Comment:
I agree with reverting #36546 and reviewing each case more closely. An
alternative would be to explicitly state using `force_bytes` in the
deprecation message, but that ends up quite verbose)
Given the complexities around using `compare_digest` with the correct
types, I'd be in favour of keeping `constant_time_compare` around to hide
those from users, even if we slowly port Django's internal uses to
`compare_digest` separately.
--
Ticket URL: <https://code.djangoproject.com/ticket/36572#comment:5>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/01070198e6113867-a1e9f881-c280-4d34-8cd7-0ff6ea272d65-000000%40eu-central-1.amazonses.com.
