Martin v. Löwis added the comment:
On 14.06.2012 14:26, Antoine Pitrou wrote:
>
> Antoine Pitrou added the comment:
>
>> It's either secure or it's not.
>
> I don't think that's true. By that reasoning, Python is not secure so
> there's no point in fixing crashes or providing a hashlib modul
Martin v. Löwis added the comment:
> Being able to tell people "using hmac.total_compare will make you
> less vulnerable to timing attacks than using ordinary short
> circuiting comparisons" is a *good thing*.
No, it's not. It's a *bad thing*. The two issues that have been
opened since the func
Martin v. Löwis added the comment:
> Why not write a C function which can be more secure than Python code?
For Unicode strings, it's impossible to write a time-independent
comparison function even in C
> I would argue that would be an general asset for the stdlib
I would argue that it's not.
Serhiy Storchaka added the comment:
xml.sax.saxutils.XMLGenerator constructor has a parameter short_empty_elements
(False by default). For consistency new ElementTree.write parameter must have
the same name (True by default for compatibility).
--
_
101 - 104 of 104 matches
Mail list logo
