Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bpo-29535: Not all datetime objects are using hashing randomization #1937

Closed
wants to merge 1 commit into from

Conversation

@arigo
Copy link
Contributor

commented Jun 4, 2017

Security concern: pending feedback on issue bpo-29535, here is an update of the documentation. It should make it clear that not all datetime objects come with randomized hashes.

https://bugs.python.org/issue29535

@mention-bot

This comment has been minimized.

Copy link

commented Jun 4, 2017

@arigo, thanks for your PR! By analyzing the history of the files in this pull request, we identified @tiran, @birkenfeld and @ncoghlan to be potential reviewers.

@serhiy-storchaka serhiy-storchaka changed the title Not all datetime objects are using hashing randomization (issue29535) bpo-29535: Not all datetime objects are using hashing randomization Mar 26, 2018

@serhiy-storchaka serhiy-storchaka requested a review from abalkin Mar 26, 2018

@abalkin
Copy link
Member

left a comment

It is not clear what "some datetime objects" include. Is it some subset of date, time, datetime, timezone types or some instances of these types get randomized hash and some don't? If we are going to document the current implementation we should explain precisely which objects have deterministic hash and which don't.

@bedevere-bot

This comment has been minimized.

Copy link

commented May 4, 2018

A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.

Once you have made the requested changes, please leave a comment on this pull request containing the phrase I have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.

And if you don't make the requested changes, you will be put in the comfy chair!

@arigo

This comment has been minimized.

Copy link
Contributor Author

commented May 6, 2018

Closing. I tried to get an important security detail into the docs quickly, because bpo-29535 was not going to be fixed soon. I was right about that, but wrong about this doc fix---it was also not going to be accepted quickly. There is no point then.

@arigo arigo closed this May 6, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
7 participants
You can’t perform that action at this time.